problèmes de trojan Fermé

Question

Bonjour,

depuis deux jours , j'essaye en vain de résoudre ce problème de trojan 
J'ai vu que vous pouviez aider et j'espère pouvoir trouver une solution ici

voici le rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:20, on 02/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wanadoo.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - HKLM\..\Run: [u3y5uhnu] C:\WINDOWS\TEMP\1178E961.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [bios] C:\WINDOWS\system32\bios.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [2b751640] rundll32.exe "C:\WINDOWS\system32\emtpeoej.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKUS\S-1-5-18\..\Run: [xp_system] C:\WINDOWS\message.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [xp_system] C:\WINDOWS\message.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: https://www.google.be/?gws_rd=ssl
O15 - Trusted Zone: http://*.onemansblog.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O20 - AppInit_DLLs: czxhbv.dll ackfpc.dll epjzkk.dll jroahx.dll lemfyk.dll nxcqav.dll ebztgk.dll osgdcv.dll ailvge.dll vzkjvv.dll kjqnfa.dll nxzrwj.dll asjwsr.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe

chefpunky · Answer

Bonjour,

pour commencer telecharge MBAM
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware

1.1 met le a jour
 1.2 fait une recherche COMPLETE
  1.3 fai afficher les resultats
   1.4 nettoit tout et poste le rapport ici

^^Marie^^ · Answer

Slt

Il aurait fallu "renommer" l'HT... avant de faire MBAM


Fais un clic droit sur hijackthis, choisis "renommer" marque : PROUT.exe 
Puis remet un rapport stp


Pourquoi renommer HT

Parce que qu'il semble que les infections Vundo aient la particularité de se "cacher" à la détection de HJT proprement dite ou à son analyse : la modification du nom de l'exe pallie ce problème...
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

seh75 · Answer

Merci pour vos réponses 

j'ai fait les manip de chefpunky ... 
et voici le rapport  de MBAM

je fais ce que tu m'as demandé Marie  :)

seh75 · Answer

voici  le rapport après avoir renommé 



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:21, on 02/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Administrateur\Bureau\PROUT.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wanadoo.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: {3d92b37a-8e05-f238-9774-c52fe935233e} - {e332539e-f25c-4779-832f-50e8a73b29d3} - C:\WINDOWS\system32\gppjns.dll
O2 - BHO: (no name) - {EB4C937F-875F-42B9-9D67-E5860AAA89E5} - C:\WINDOWS\system32\pmnkHBrs.dll
O2 - BHO: (no name) - {FD74A9C4-8067-4BB2-B976-497DCD6CA816} - C:\WINDOWS\system32\urqRKBSL.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - HKLM\..\Run: [u3y5uhnu] C:\WINDOWS\TEMP\1178E961.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [bios] C:\WINDOWS\system32\bios.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [2b751640] rundll32.exe "C:\WINDOWS\system32\qctyuovw.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [xp_system] C:\WINDOWS\message.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [xp_system] C:\WINDOWS\message.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: https://www.google.be/?gws_rd=ssl
O15 - Trusted Zone: http://*.onemansblog.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O20 - AppInit_DLLs: czxhbv.dll ackfpc.dll epjzkk.dll jroahx.dll lemfyk.dll nxcqav.dll ebztgk.dll osgdcv.dll ailvge.dll vzkjvv.dll kjqnfa.dll nxzrwj.dll asjwsr.dll gppjns.dll
O20 - Winlogon Notify: flballoon - fballoon.dll (file missing)
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll (file missing)
O20 - Winlogon Notify: pmnkHBrs - C:\WINDOWS\SYSTEM32\pmnkHBrs.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe

seh75 · Answer

je suis désolée 
je viens de voir que le rapport de MBAM n'est pas affiché

je vous le remets  et désolée pour les trois posts à la suite ... 


Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1016
Windows 5.1.2600 Service Pack 2

22:22:17 02/08/2008
mbam-log-8-2-2008 (22-22-17).txt

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|)
Eléments examinés: 84534
Temps écoulé: 53 minute(s), 2 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 10
Clé(s) du Registre infectée(s): 34
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 61

Processus mémoire infecté(s):
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\urqRKBSL.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dfbbsltk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\emtpeoej.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnkHBrs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\osgdcv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ailvge.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vzkjvv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kjqnfa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32
xzrwj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\asjwsr.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1659b76d-1caa-46b7-b3a5-dcb99ff3be94} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1659b76d-1caa-46b7-b3a5-dcb99ff3be94} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b6682e5-6f88-450b-be73-e121c4bfd346} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b6682e5-6f88-450b-be73-e121c4bfd346} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb4c937f-875f-42b9-9d67-e5860aaa89e5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4c937f-875f-42b9-9d67-e5860aaa89e5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnkhbrs (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3c0b45a2-b798-49d6-b991-04faf90fc268} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f0b83af-1b37-45f5-9e6d-911bfc41631a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{794c296f-8eb3-4c67-a9f2-c893b09c70b8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fc6edd9f-8cfd-43ba-8858-1cf8ff59f076} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6e21241f-55bc-4d2f-b66c-254673cd5a4e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{014da6cc-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1f1fe7fe-7bbd-4948-860c-3323d9d9dac3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c7ff920c-a7b7-49b9-9b8f-adcf651f8beb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notifypcc (Trojan.Spammer) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{35b74ec7-b026-47ee-996a-bedcdf8bce09} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{782aec75-98f8-4661-8525-e619be2a50e7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{840b3949-74b4-4536-bd61-8334f8bc7e25} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6305a9fc-3efc-43dc-8dfc-0c2a15c762c2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seekmo programs (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\instcat (Worm.Locksky) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
tio256 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pe386 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2b751640 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{eb4c937f-875f-42b9-9d67-e5860aaa89e5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqrkbsl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqrkbsl  -> Delete on reboot.

Dossier(s) infecté(s):
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AVM (Rogue.AntivirusMaster) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\urqRKBSL.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\LSBKRqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LSBKRqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\asjwsr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dpwcgylj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jlygcwpd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfbbsltk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ktlsbbfd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emtpeoej.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jeoeptme.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnkHBrs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\osgdcv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ailvge.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vzkjvv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kjqnfa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32
xzrwj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\erqe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wnslvxtf.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\odhbaesb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vehqmm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bkhtusbf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qmtsqyex.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xrittvng.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pdolvf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fsqdni.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vjtlkywr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yibjoyrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otlcjw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\exejhm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vjgmhjdf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kneokd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jxkbfi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gkshpdyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dqemsl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvkxwwh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
qqiba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUljJax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\swpqspnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eqktiiny.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lgtakyxs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dqbgfwrq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\whxahovq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\uwagkibu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\xpspxjuo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Mes documents\Mes archives de conversations\Temporary Internet Files\Content.IE5\KVDAMX1J\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Mes documents\Mes archives de conversations\Temporary Internet Files\Content.IE5\N8RNXQJP\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Mes documents\Mes archives de conversations\Temporary Internet Files\Content.IE5\CZ1O0IYM\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AVM\avm0.dat (Rogue.AntivirusMaster) -> Quarantined and deleted successfully.
C:\Program Files\AVM\avm1.dat (Rogue.AntivirusMaster) -> Quarantined and deleted successfully.
C:\Program Files\AVM\avm.ooo (Rogue.AntivirusMaster) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\system1591.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awuoabxf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32pcc.dll (Trojan.Spammer) -> Delete on reboot.
C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\INSTALL (Rogue.Multiple) -> Delete on reboot.
C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS
favxwdbxqn.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

chefpunky · Answer

telecherge navilog

-http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
-installe le
-choisit f ou F
-laisse toi guider
-choisit l' option 1
-et poste le rapport sur ce forum.

seh75 · Answer

voilà  .... 


Search Navipromo version 3.6.1 commencé le 02/08/2008 à 20:34:03,22

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "Administrateur" 

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13 
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\BOOMSCUD\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\menud+~1\progra~1" *** 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier Navipromo trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\EOXbdfii.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\LSBKRqru.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 02/08/2008 à 20:42:04,57 ***

seh75 · Answer

que puis-je faire d'autres svp ?  :(

seh75 · Answer

aidez moi svp  :s

seh75 · Answer

je viens d'allumer l'ordi  et j'ai toujours des soucis ...  svp , dites moi ce que je dois faire  :(

^^Marie^^ · Answer

Re


1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse. 

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien : 

https://www.malwarebytes.com/ 

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci. 

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation. 

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées. 

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche : 

7) Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse. 

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement. 

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre. 

10) Si des malwares ont été détectés, leur liste s'affiche. 
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. 

11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs) 

12) Ferme MBAM en cliquant sur Quitter. 

13) Poste le rapport dans ta réponse

seh75 · Answer

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1016
Windows 5.1.2600 Service Pack 2

19:28:15 03/08/2008
mbam-log-8-3-2008 (19-28-15).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 83987
Temps écoulé: 47 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 23
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 51

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mrjjblul.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cobjargu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\atuknuio.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wqbpifvr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\urqRKBSL.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jxuodqau.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnkHBrs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\osgdcv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ailvge.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vzkjvv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kjqnfa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\asjwsr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\siaknm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\chpynp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dnnnmvvb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yneoksyq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xxqkljti.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mfmvikkx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ckjovq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32
mkgxaiu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\untlct.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dzxipo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kbzwlx.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29856063-cf18-4336-a52e-eca58436b49b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{29856063-cf18-4336-a52e-eca58436b49b} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1b324ae-1619-4c1d-94c5-9402ceaef024} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b1b324ae-1619-4c1d-94c5-9402ceaef024} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb4c937f-875f-42b9-9d67-e5860aaa89e5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4c937f-875f-42b9-9d67-e5860aaa89e5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnkhbrs (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2b751640 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{eb4c937f-875f-42b9-9d67-e5860aaa89e5} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqrkbsl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqrkbsl  -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\urqRKBSL.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\LSBKRqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LSBKRqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckjovq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mrjjblul.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lulbjjrm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cobjargu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ugrajboc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atuknuio.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\oiunkuta.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\asovncbm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mbcnvosa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wqbpifvr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32vfipbqw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jxuodqau.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uaqdouxj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnkHBrs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\osgdcv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ailvge.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vzkjvv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kjqnfa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\asjwsr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\siaknm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\chpynp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dnnnmvvb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yneoksyq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xxqkljti.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mfmvikkx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32
mkgxaiu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\untlct.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dzxipo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbzwlx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lduoejql.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	tiaanty.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Mes documents\Mes archives de conversations\Temporary Internet Files\Content.IE5\KVDAMX1J\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Mes documents\Mes archives de conversations\Temporary Internet Files\Content.IE5\KVDAMX1J\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84943B1E-B414-4741-859A-F6435ED4E9D2}\RP2\A0000016.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84943B1E-B414-4741-859A-F6435ED4E9D2}\RP2\A0000017.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84943B1E-B414-4741-859A-F6435ED4E9D2}\RP2\A0000018.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84943B1E-B414-4741-859A-F6435ED4E9D2}\RP2\A0000019.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84943B1E-B414-4741-859A-F6435ED4E9D2}\RP2\A0000020.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84943B1E-B414-4741-859A-F6435ED4E9D2}\RP2\A0000021.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84943B1E-B414-4741-859A-F6435ED4E9D2}\RP2\A0000022.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84943B1E-B414-4741-859A-F6435ED4E9D2}\RP2\A0000023.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84943B1E-B414-4741-859A-F6435ED4E9D2}\RP2\A0000024.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84943B1E-B414-4741-859A-F6435ED4E9D2}\RP2\A0000025.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84943B1E-B414-4741-859A-F6435ED4E9D2}\RP2\A0000026.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84943B1E-B414-4741-859A-F6435ED4E9D2}\RP3\A0000031.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84943B1E-B414-4741-859A-F6435ED4E9D2}\RP3\A0000033.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\combvtvq.dll (Trojan.Vundo) -> Delete on reboot.
C:\INSTALL (Rogue.Multiple) -> Delete on reboot.


merci :)

voici le rapport  ...

seh75 · Answer

up  :s

^^Marie^^ · Answer

Salut

Comment se comporte ton PC ?
relance un log hijackthis

Sehriban · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:19, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\Administrateur\Bureau\prout.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wanadoo.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {B3F8FA1E-0FF0-4FAC-B628-9EBD01AA2574} - C:\WINDOWS\system32\urqRKBSL.dll
O2 - BHO: (no name) - {EB4C937F-875F-42B9-9D67-E5860AAA89E5} - C:\WINDOWS\system32\pmnkHBrs.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - HKLM\..\Run: [u3y5uhnu] C:\WINDOWS\TEMP\1178E961.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [bios] C:\WINDOWS\system32\bios.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [xp_system] C:\WINDOWS\message.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [xp_system] C:\WINDOWS\message.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: https://www.google.be/?gws_rd=ssl
O15 - Trusted Zone: http://*.onemansblog.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O20 - AppInit_DLLs: czxhbv.dll ackfpc.dll epjzkk.dll jroahx.dll lemfyk.dll nxcqav.dll ebztgk.dll osgdcv.dll ailvge.dll vzkjvv.dll kjqnfa.dll nxzrwj.dll asjwsr.dll siaknm.dll untlct.dll dzxipo.dll kbzwlx.dll ckjovq.dll dlzkpk.dll bzkfoy.dll jbzplh.dll oopzvj.dll cvyfuz.dll myrxmv.dll tlkbfz.dll
O20 - Winlogon Notify: flballoon - fballoon.dll (file missing)
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll (file missing)
O20 - Winlogon Notify: pmnkHBrs - C:\WINDOWS\SYSTEM32\pmnkHBrs.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe

^^Marie^^ · Answer

1) Affiche les fichiers et dossiers cachés … 
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images". 
Ensuite, clique sur >
 Outils > Options des dossiers ... 
clique sur l' onglet « Affichage » et ... 
Ou bien 
« Outil »
« Option Internet »
« Avancés »
coche ---> Afficher les fichiers et dossiers cachés 
décoche > Masquer les extensions des fichiers dont le type est connu 
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé). 
« Appliquer » et « OK ».
refaire la manip inverse en fin de désinfection


Télécharges ComboFix à partir d'un de ces liens : 
En premier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


Si cela ne fonctionne pas
https://forospyware.com 
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/ 

Et important, enregistre le sur le bureau. 

Avant d'utiliser ComboFix : 

&#9658; Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

&#9658; Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. 


Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

&#9658; Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

&#9658; Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

+ 1 log hijackthis

Sehriban · Answer

ComboFix 08-08-03.03 - Administrateur 2008-08-04 12:07:50.1 - [color=red][b]FAT32[/b][/color]x86 * CrÚation d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE R+CUP+RATION N'EST PAS INSTALL+E SUR CETTE MACHINE !![/b][/color] . [color=red][b] Le Rootkit driver huy32 est présent... tentative de désinfection [/b][/color] [color=blue] huy32 ...... driver dÚchargÚ avec succÞs.[/color] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\install\install.exe C:\Program Files\Seekmo Programs C:\WINDOWS\Downloaded Program Files\UERSV_0001_N68M0602NetInstaller.exe C:\WINDOWS\inet20126 C:\WINDOWS\system32\cgqcqibx.dll C:\WINDOWS\system32\cvhdlifm.ini C:\WINDOWS\system32\dhdhrkof.ini C:\WINDOWS\system32\drivers pf.sys C:\WINDOWS\system32\efijbiog.dll C:\WINDOWS\system32\emuysrbh.ini C:\WINDOWS\system32\EOXbdfii.ini C:\WINDOWS\system32\EOXbdfii.ini2 C:\WINDOWS\system32\fdbkuwlh.dll C:\WINDOWS\system32\fewbgpje.ini C:\WINDOWS\system32\fluvbh.dll C:\WINDOWS\system32\ggfnjbhn.dll C:\WINDOWS\system32\ggongdec.ini C:\WINDOWS\system32\ghjchroh.ini C:\WINDOWS\system32\hhmplppl.ini C:\WINDOWS\system32\hlvdddji.ini C:\WINDOWS\system32\hpldakwf.ini C:\WINDOWS\system32\huy32.sys C:\WINDOWS\system32\hxmxbryo.ini C:\WINDOWS\system32\irugwdns.ini C:\WINDOWS\system32\jrrceolq.ini C:\WINDOWS\system32\ktvtgsix.ini C:\WINDOWS\system32\ljktnmdw.ini C:\WINDOWS\system32\LSBKRqru.ini C:\WINDOWS\system32\LSBKRqru.ini2 C:\WINDOWS\system32\lslwuogc.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mjcofrqy.ini C:\WINDOWS\system32\msmmftgq.dll C:\WINDOWS\system32 hfekefj.ini C:\WINDOWS\system32 yvvsuqc.ini C:\WINDOWS\system32\ojvwatym.ini C:\WINDOWS\system32\okdeunrx.ini C:\WINDOWS\system32\Packet.dll C:\WINDOWS\system32\pmnkHBrs.dll C:\WINDOWS\system32\pnfnnnma.ini C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\qixsjdfb.ini C:\WINDOWS\system32\qvtvbmoc.ini C:\WINDOWS\system32 eewbj.dll C:\WINDOWS\system32\sijoueva.ini C:\WINDOWS\system32 dqtqesy.ini C:\WINDOWS\system32 ioqekse.ini C:\WINDOWS\system32 syefjvv.ini C:\WINDOWS\system32 woalglg.ini C:\WINDOWS\system32\ucbhjvbv.ini C:\WINDOWS\system32\ufootg.dll C:\WINDOWS\system32\uiaxgkmn.ini C:\WINDOWS\system32\urqRKBSL.dll C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\wvouytcq.ini C:\WINDOWS\system32\xeyxdwfp.ini C:\WINDOWS\system32\xkpbyz.dll C:\WINDOWS\system32\yefbhu.dll C:\WINDOWS\system32\yigilluf.dll C:\WINDOWS\system32\ysdfhgrg.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Legacy_NTIO256 -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 ))))))))))))))))))))))))))))))) . 2008-08-04 10:05 . 2008-08-04 10:05 d-------- C:\Documents and Settings\NetworkService\Mes documents 2008-08-03 22:17 . 2008-08-03 22:17 130,432 --------- C:\WINDOWS\system32\ckjovq.dll 2008-08-03 21:01 . 2008-08-03 21:01 d-------- C:\VundoFix Backups 2008-08-03 20:18 . 2008-08-03 20:18 130,432 --------- C:\WINDOWS\system32\oopzvj.dll 2008-08-03 20:18 . 2008-08-03 20:18 130,432 --------- C:\WINDOWS\system32\jbzplh.dll 2008-08-03 20:18 . 2008-08-03 20:18 130,432 --------- C:\WINDOWS\system32\cvyfuz.dll 2008-08-03 20:14 . 2008-08-03 20:14 130,432 --------- C:\WINDOWS\system32\myrxmv.dll 2008-08-03 19:13 . 2008-08-03 19:13 130,432 --------- C:\WINDOWS\system32\dlzkpk.dll 2008-08-03 19:13 . 2008-08-03 19:13 130,432 --------- C:\WINDOWS\system32\bzkfoy.dll 2008-08-02 22:37 . 2008-08-02 22:37 d-------- C:\Program Files\Navilog1 2008-08-02 22:26 . 2008-08-01 04:33 d-------- C:\SDFix 2008-08-02 22:25 . 2008-08-02 22:25 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-08-02 22:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-02 22:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-02 22:24 . 2008-08-02 22:24 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-02 22:24 . 2008-08-02 22:24 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-02 22:05 . 2008-08-02 22:05 130,432 --------- C:\WINDOWS\system32\ailvge.dll 2008-08-02 22:03 . 2008-08-02 22:03 130,432 --------- C:\WINDOWS\system32\asjwsr.dll 2008-08-02 22:02 . 2008-08-02 22:03 d-------- C:\WINDOWS\system32\NtmsData 2008-08-02 22:02 . 2008-08-02 22:01 4,196 ---hs---- C:\WINDOWS\system32\xlvopmxq.ini 2008-08-02 22:01 . 2008-08-02 22:01 130,432 --------- C:\WINDOWS\system32\vzkjvv.dll 2008-08-02 22:01 . 2008-08-02 22:02 4,436 ---hs---- C:\WINDOWS\system32\fxbaouwa.ini 2008-08-02 22:01 . 2008-08-02 21:58 4,076 ---hs---- C:\WINDOWS\system32\fhvyjxwj.ini 2008-08-02 22:00 . 2008-08-02 22:00 d--hs---- C:\FOUND.114 2008-08-02 21:59 . 2008-08-02 21:59 130,432 --------- C:\WINDOWS\system32\siaknm.dll 2008-08-02 21:59 . 2008-08-02 21:59 130,432 --------- C:\WINDOWS\system32\kjqnfa.dll 2008-08-02 21:58 . 2008-08-02 21:58 130,432 --------- C:\WINDOWS\system32\osgdcv.dll 2008-08-01 22:39 . 2008-08-01 22:39 129,920 --a------ C:\WINDOWS\system32 lhyainb.dll 2008-08-01 22:39 . 2008-08-01 22:39 129,920 --a------ C:\WINDOWS\system32\ebztgk.dll 2008-08-01 22:00 . 2008-08-01 22:00 129,920 --a------ C:\WINDOWS\system32\jlkaddxy.dll 2008-08-01 22:00 . 2008-08-01 22:00 129,920 --a------ C:\WINDOWS\system32\epjzkk.dll 2008-08-01 21:59 . 2008-08-01 21:59 129,920 --a------ C:\WINDOWS\system32\wwjbkruh.dll 2008-08-01 21:59 . 2008-08-01 21:59 129,920 --a------ C:\WINDOWS\system32 xcqav.dll 2008-08-01 21:59 . 2008-08-01 21:59 129,920 --a------ C:\WINDOWS\system32\lemfyk.dll 2008-08-01 21:59 . 2008-08-01 21:59 129,920 --a------ C:\WINDOWS\system32\jcipcuuh.dll 2008-08-01 21:57 . 2008-08-01 21:56 129,920 --a------ C:\WINDOWS\system32\jroahx.dll 2008-08-01 21:56 . 2008-08-01 21:56 129,920 --a------ C:\WINDOWS\system32\miuyclpt.dll 2008-07-31 21:34 . 2008-07-31 21:34 d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2008-07-31 21:30 . 2008-07-31 21:30 129,920 --a------ C:\WINDOWS\system32\hjdgieja.dll 2008-07-31 21:30 . 2008-07-31 21:30 129,920 --a------ C:\WINDOWS\system32\ackfpc.dll 2008-07-31 21:27 . 2008-07-31 21:27 129,920 --a------ C:\WINDOWS\system32\fmlcginu.dll 2008-07-31 21:27 . 2008-07-31 21:27 129,920 --a------ C:\WINDOWS\system32\czxhbv.dll 2008-07-05 21:44 . 2008-07-05 21:44 d-------- C:\Program Files\Enigma Software Group 2008-07-05 21:29 . 2008-07-05 21:29 d-------- C:\Program Files\Zattoo 2008-07-05 21:24 . 2008-07-05 21:24 d--hs---- C:\FOUND.112 2008-07-05 21:24 . 2008-07-05 21:24 d--hs---- C:\FOUND.111 2008-07-05 21:24 . 2008-07-05 21:24 d--hs---- C:\FOUND.110 2008-07-05 21:24 . 2008-07-05 21:24 d--hs---- C:\FOUND.109 2008-07-05 21:24 . 2008-07-05 21:24 d--hs---- C:\FOUND.108 2008-07-05 21:24 . 2008-07-05 21:24 d--hs---- C:\FOUND.107 2008-07-05 21:24 . 2008-07-05 21:24 d--hs---- C:\FOUND.106 2008-07-05 21:24 . 2008-07-05 21:24 d--hs---- C:\FOUND.105 2008-07-05 21:23 . 2008-07-05 21:23 d--hs---- C:\FOUND.113 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-01-22 18:31 370,312 ----a-w C:\Documents and Settings\Administrateur\jre-6-windows-i586-iftw.exe 2007-01-22 18:31 13,170,312 ----a-w C:\Documents and Settings\Administrateur\jre-6-windows-i586.exe 2005-09-21 22:09 21 ----a-w C:\Program Files\AVPersonalAVWIN.INI . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 14:08 4670968] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "LXBSCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-08 16:24 61440] "MemoryCardManager"="C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe" [2004-02-02 13:58 139264] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-31 21:31 266497] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "BigDog305"="C:\WINDOWS\VM305_STI.EXE" [2005-08-05 15:15 61440] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Paltalk Messenger\paltalk.exe"= "C:\Program Files\Yahoo!\Messenger\YServer.exe"= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"= "C:\Program Files\LimeWire\LimeWire.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp"= "C:\Program Files\Skype\Phone\Skype.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "50791:TCP"= 50791:TCP:@xpsp2res.dll,-22005 "36402:TCP"= 36402:TCP:@xpsp2res.dll,-22005 "11537:TCP"= 11537:TCP:@xpsp2res.dll,-22005 "56556:TCP"= 56556:TCP:@xpsp2res.dll,-22005 R2 TTDec;ATI WDM Teletext Decoder (Microsoft);C:\WINDOWS\system32\DRIVERS\ati1TTXX.sys [2004-08-03 22:29] R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 00:38] R3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2005-09-23 10:35] S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53] . - - - - ORPHANS REMOVED - - - - HKLM-Run-QuickTime Task - C:\Program Files\QuickTime\qttask.exe HKU-Default-Run-xp_system - C:\WINDOWS\message.exe Notify-mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll Notify-flballoon - fballoon.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.mha\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.be/ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-04 12:05:58 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\OMSCAN] "ImagePath"="\Sys" . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE C:\WINDOWS\system32\devldr32.exe C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe C:\Program Files\Paltalk Messenger\paltalk.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Completion time: 2008-08-04 12:09:42 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-04 10:09:26 Pre-Run: 2,095,497,216 octets libres Post-Run: 2,031,468,544 octets libres 224 --- E O F --- 2008-01-15 18:48:33 ______________________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:18, on 04/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\VM305_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Paltalk Messenger\paltalk.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32 otepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\prout.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wanadoo.fr:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: https://www.google.be/?gws_rd=ssl O15 - Trusted Zone: http://*.onemansblog.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe

Problèmes de trojan

17 réponses

Discussions similaires

Newsletters