Help!Virus!
tazen
Messages postés
7
Statut
Membre
-
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
Bonjour,
gros virus! pop-ups, blockage d'acces au menu, au task manager, bref la cata
rapport Hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47: VIRUS ALERT!, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
D:\program files\SiSWLSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Tablet.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\mqsvc.exe
E:\WINDOWS\system32\mqtgsvc.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\system32\sistray.EXE
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\AVG\AVG8\avgui.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\Keyboard Driver\OEMDriver.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\WINDOWS\system32\rundll32.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
D:\program files\Microsoft Office\Office12\ONENOTEM.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Logitech\Video\FxSvr2.exe
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\program files\firefox.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\Documents and Settings\fiz\Desktop\HiJackThis.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - E:\WINDOWS\system32\pctspk.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - D:\program files\SiSWLSvc.exe
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - E:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - E:\WINDOWS\system32\ZONELABS\vsmon.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///E:\WINDOWS\privacy_danger\index.htm
O24 - Desktop Component 2: (no name) - https://www.lemonde.fr/
--
End of file - 3633 bytes
merci de votre aide
(ps.je suis en train de faire un malwarebytes et avg8.
et rapport malwarebytes
Malwarebytes' Anti-Malware 1.23
Database version: 1008
Windows 5.1.2600 Service Pack 2
15:49:14 30/07/2008
mbam-log-7-30-2008 (15-49-14).txt
Scan type: Quick Scan
Objects scanned: 12176
Time elapsed: 13 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
E:\WINDOWS\system32\ppjmkdrj.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\ljJaAsqo.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\cjckth.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e5d53b0-0a25-4298-82d7-5afac533705f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e5d53b0-0a25-4298-82d7-5afac533705f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b2ce6cb-bb06-42c5-aa5d-1d121f90b853} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8b2ce6cb-bb06-42c5-aa5d-1d121f90b853} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\40070004 (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: e:\windows\system32\ljjaasqo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: e:\windows\system32\ljjaasqo -> Delete on reboot.
Folders Infected:
(No malicious items detected)
Files Infected:
E:\WINDOWS\system32\cjckth.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\ljJaAsqo.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\oqsAaJjl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\oqsAaJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\ppjmkdrj.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\jrdkmjpp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\yayywusR.dll (Trojan.BHO) -> Delete on reboot.
gros virus! pop-ups, blockage d'acces au menu, au task manager, bref la cata
rapport Hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47: VIRUS ALERT!, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
D:\program files\SiSWLSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Tablet.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\mqsvc.exe
E:\WINDOWS\system32\mqtgsvc.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\system32\sistray.EXE
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\AVG\AVG8\avgui.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\Keyboard Driver\OEMDriver.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\WINDOWS\system32\rundll32.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
D:\program files\Microsoft Office\Office12\ONENOTEM.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Logitech\Video\FxSvr2.exe
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\program files\firefox.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\Documents and Settings\fiz\Desktop\HiJackThis.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - E:\WINDOWS\system32\pctspk.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - D:\program files\SiSWLSvc.exe
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - E:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - E:\WINDOWS\system32\ZONELABS\vsmon.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///E:\WINDOWS\privacy_danger\index.htm
O24 - Desktop Component 2: (no name) - https://www.lemonde.fr/
--
End of file - 3633 bytes
merci de votre aide
(ps.je suis en train de faire un malwarebytes et avg8.
Configuration: Windows XP Firefox 3.0.1
et rapport malwarebytes
Malwarebytes' Anti-Malware 1.23
Database version: 1008
Windows 5.1.2600 Service Pack 2
15:49:14 30/07/2008
mbam-log-7-30-2008 (15-49-14).txt
Scan type: Quick Scan
Objects scanned: 12176
Time elapsed: 13 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
E:\WINDOWS\system32\ppjmkdrj.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\ljJaAsqo.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\cjckth.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e5d53b0-0a25-4298-82d7-5afac533705f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e5d53b0-0a25-4298-82d7-5afac533705f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b2ce6cb-bb06-42c5-aa5d-1d121f90b853} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8b2ce6cb-bb06-42c5-aa5d-1d121f90b853} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{28030fa8-2428-4de6-b0f3-ce9494e1a412} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\40070004 (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: e:\windows\system32\ljjaasqo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: e:\windows\system32\ljjaasqo -> Delete on reboot.
Folders Infected:
(No malicious items detected)
Files Infected:
E:\WINDOWS\system32\cjckth.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\ljJaAsqo.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\oqsAaJjl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\oqsAaJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\ppjmkdrj.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\jrdkmjpp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\yayywusR.dll (Trojan.BHO) -> Delete on reboot.
10 réponses
-
Il doit je pense te manquer une partie du rapport, si c'est pas le cas, c'est vraiment un gros virus !
-
- voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10: VIRUS ALERT!, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
D:\program files\SiSWLSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Tablet.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\mqsvc.exe
E:\WINDOWS\system32\mqtgsvc.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\system32\sistray.EXE
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\Keyboard Driver\OEMDriver.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\WINDOWS\system32\ctfmon.exe
D:\program files\Microsoft Office\Office12\ONENOTEM.EXE
E:\Program Files\Logitech\Video\FxSvr2.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Documents and Settings\fiz\Desktop\HiJackThis.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: fdkowvbp - {E82E9D76-F0A8-4286-ADB5-52FFE3E79868} - E:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "E:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] E:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KBDriver] E:\Program Files\Keyboard Driver\OEMDriver.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\program files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Utility Tray.lnk = E:\WINDOWS\system32\sistray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - E:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - E:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BlogJet This! - {A8194303-0DF7-4FB7-8A1D-8EABDC95F88C} - E:\Documents and Settings\yola\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
O9 - Extra 'Tools' menuitem: BlogJet This! - {A8194303-0DF7-4FB7-8A1D-8EABDC95F88C} - E:\Documents and Settings\yola\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: schmap-help - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll,
O21 - SSODL: eqvwamkl - {874C84D3-AB95-4711-82D5-2DD1622C0482} - E:\WINDOWS\eqvwamkl.dll
O21 - SSODL: wnslvxtf - {51470D6A-CA63-4068-ADE4-7EA2CDD4D08C} - E:\WINDOWS\wnslvxtf.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - E:\WINDOWS\system32\pctspk.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - D:\program files\SiSWLSvc.exe
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - E:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - E:\WINDOWS\system32\ZONELABS\vsmon.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///E:\WINDOWS\privacy_danger\index.htm
O24 - Desktop Component 2: (no name) - https://www.lemonde.fr/
-
-
Bonjour,
Ne fais pas tout en même temps (les scans que tu fais doivent être fait en mode sans échec)
Commence par ceci :
Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse stp.
Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php
-
-
razen :
Fais ce que je t'ai indiqué au message 2, c'est à dire ceci :
Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse stp.
Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php
-
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
double post, désolé (le forum déconne aujourd'hui...)
-
-
voila
SmitFraudFix v2.332
Scan done at 16:48:22,71, 30/07/2008
Run from E:\Documents and Settings\fiz\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
D:\program files\SiSWLSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Tablet.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\WINDOWS\system32\mqsvc.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\mqtgsvc.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\system32\sistray.EXE
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\Keyboard Driver\OEMDriver.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
D:\program files\Microsoft Office\Office12\ONENOTEM.EXE
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\Program Files\Logitech\Video\FxSvr2.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\WINDOWS\system32\wscntfy.exe
D:\program files\firefox.exe
E:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» E:\
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\fiz
»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\fiz\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\fiz\FAVORI~1
E:\DOCUME~1\fiz\FAVORI~1\Error Cleaner.url FOUND !
E:\DOCUME~1\fiz\FAVORI~1\Privacy Protector.url FOUND !
E:\DOCUME~1\fiz\FAVORI~1\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
E:\DOCUME~1\fiz\Desktop\Error Cleaner.url FOUND !
E:\DOCUME~1\fiz\Desktop\Privacy Protector.url FOUND !
E:\DOCUME~1\fiz\Desktop\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///E:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="https://www.lemonde.fr/"
"SubscribedURL"="https://www.lemonde.fr/"
"FriendlyName"=""
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: nfavxwdbbfk.dll
BHO: QXK Olive - {2FAD2D0E-8EDC-42D5-99DD-CF65D2D89B22}
TypeLib: {8ACD7E96-7007-4E40-B63D-A940B8870EA0}
Interface: {C6911E56-9377-4586-AEA1-CCAE94ACE0F3}
Interface: {EDC19163-AA7A-4C44-ACF4-A06676DCF9B2}
[!] Suspicious: fdkowvbp.dll
Toolbar: fdkowvbp - {E82E9D76-F0A8-4286-ADB5-52FFE3E79868}
TypeLib: {F7A81A56-A6C9-4BA3-8F41-070C843C2EDE}
Interface: {11D885D0-3D35-4D9A-9BEA-487BAD7A0D2B}
Classe: fdkowvbp.bnlv
Classe: fdkowvbp.ToolBar.1
[!] Suspicious: eqvwamkl.dll
SSODL: eqvwamkl - {874C84D3-AB95-4711-82D5-2DD1622C0482}
[!] Suspicious: wnslvxtf.dll
SSODL: wnslvxtf - {51470D6A-CA63-4068-ADE4-7EA2CDD4D08C}
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="E:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL,avgrsstx.dll,"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="E:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: 802.11g USB 2.0 Wireless LAN Adapter #4 - Packet Scheduler Miniport
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
Description: 802.11g USB 2.0 Wireless LAN Adapter #4 - Packet Scheduler Miniport
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
Description: 802.11g USB 2.0 Wireless LAN Adapter #4 - Packet Scheduler Miniport
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{588020B8-2C10-48E9-B622-FFED7C34660F}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1AEC299-12D1-4CFA-B669-69C283D63D78}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DC7E1188-E953-4C32-869D-B87BDCFFE027}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1C00B563-2F15-4DCA-A473-71E5CE86252B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6C0C4EEE-18ED-4707-AA25-A8534160FCED}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End -
1) Ok, maintenant, démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du PC sans t’arrêter (avant le logo windows)
Un menu va apparaitre, déplace-toi avec les flèches du clavier sur Démarrer en mode sans échec puis tape Entrée.
Une fois sur le bureau, s’il n’y a pas toutes les couleurs et autres, c’est normal !
Relance le programme SmitfraudFix.
Cette fois, choisis l’option 2, répond oui à tous;
A la fin, sauvegarde le rapport, redémarre en mode normal, copie-colle le rapport sauvegardé sur le forum.
2) Pour MalwareByte's, il faut faire le scan en mode sans échec sinon c'est inutile... Je t'envoie la procédure complète :
Lance MalwareBytes et mets le à jour
Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec".
Choisis ta session habituelle
Lance Malwarebyte's Anti-Malware
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> clique sur Supprimer la sélection
- S'il t'es demandé de redémarrer, clique sur Yes
Poste le rapport de scan après la suppression ici
-
hm,il a pas trop envie de se mettre en mode sans echec (listes interminables, bugs etc..)
-
A quelle étape est-ce que ça bloque ?