Sujet Précédent Sujet Suivant

Supression de smart antivirus 2009

Fermé
jojo - 7 sept. 2008 à 01:15
 Utilisateur anonyme - 10 sept. 2008 à 02:02
Bonjour,

me voilà aussi infecté par ce virus.

j'ai fais une analyse avec smitfraudfix .
je vous la met ci dessous.
De plus, j'ai essayé de lancer avant Hijack This, mais je ne peux pas le lancer car je n'est pas le .dll suivant : MSVBVM60.Dll

Merci pour votre aide.


josselin


SmitFraudFix v2.346

Rapport fait à 22:59:45,94, 06/09/2008
Executé à partir de C:\Documents and Settings\jojo\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Utilitaire\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Utilitaire\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Utilitaire\Babylon\Babylon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Utilitaire\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcccrj0er77.exe
C:\Windows\system32\YUR28.exe
C:\Windows\system32\YUR29.exe
C:\Windows\system32\YUR2A.exe
C:\Windows\system32\YUR2F.exe
C:\Program Files\MSA\MSA.exe
C:\Windows\system32\YUR51.exe
C:\Documents and Settings\jojo\Application Data\Adobe\Manager.exe
C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\jojo\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\pphcccrj0er77.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\jojo\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\1.ico PRESENT !
C:\WINDOWS\system32\2.ico PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jojo


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jojo\Application Data

C:\Documents and Settings\jojo\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\jojo\MENUDM~1\PROGRA~1\Smart Antivirus 2009 PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jojo\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\jojo\Bureau\Smart Antivirus-2009.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\PCHealthCenter\ PRESENT !
C:\Program Files\Smart Antivirus 2009\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/jojo/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/jojo/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: vanwxemgdfk.dll
BHO: QXK Olive - {9EED0EF0-103A-4C1B-A115-F39879368545}
TypeLib: {952FD5EC-C7C9-432B-A380-134D2809852C}
Interface: {22EB23D5-F582-4B38-8F8B-22ABDB8F7730}
Interface: {596090F2-124A-4A7E-95C0-B3D9CBB47026}
+--------------------------------------------------+
[!] Suspicious: vanwxemggfb.dll
BHO: QXK Olive - {AF57398C-E09D-4229-B2D5-12E909DCC730}
TypeLib: {6DA06CEE-C3B8-4EA1-A29F-0212470F00FC}
Interface: {23E0807B-33BA-4D75-970F-D4BB67290CCE}
Interface: {5309604A-F274-46F0-874D-4405B97CCC4C}


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="fiilwn.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8838E7A5-62A3-4650-A8C6-8B724D608D7B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8838E7A5-62A3-4650-A8C6-8B724D608D7B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8838E7A5-62A3-4650-A8C6-8B724D608D7B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
A voir également:

19 réponses

Réponse 1 / 19
Utilisateur anonyme
10 sept. 2008 à 02:02
Les anti-virus et peut importe celui que tu utilises, auront un train de retard, au moment ou le "virus" est créé et "distrubué" sur le net et sa détection il se passe un certain temps. Selon l'anti-virus utilisé, l'éditeur sera plus ou moins rapide à l'intégré à sa base virale et donc le détecter.

Garde ton Windows est ton anti-virus à jour. Vérifie que ton pare-feu est correctement configuré.
Ensuite, je te conseille de faire un scan anti-virus en ligne tous les mois, cela complétera l'analyse de ton anti-virus actuel. Puis de mettre à jour toutes les semaines tes anti-spywares afin de faire un scan rapide de ton système. Ils compléteront la fonction de ton anti-virus.

N'oublie pas de nettoyer régulièrement tes fichiers temporaires et ton registre. Puis si l'envie t'en dit de changer d'anti-virus, il en existe des gratuits pas moins efficace que celui que tu as actuellement, mais ça, c'est toi qui fera le choix ou non d'en changer, je te laisse libre de tes choix :-)
2
Réponse 2 / 19
assamann Messages postés 139 Date d'inscription samedi 17 mai 2008 Statut Membre Dernière intervention 5 octobre 2008 19
7 sept. 2008 à 01:21
salut telecharge Malwarebytes' Anti-Malware ( https://www.01net.com/telecharger/windows/Securite/anti-spam/fiches/44096.html ) la version est gratuit ! fai un scan complet si sa trouve une infection suprime et apres tu reffet un scan rapide o cas ou ! si ta un souci nesite pa a+
1
Réponse 3 / 19
jojo
7 sept. 2008 à 13:53
merci pour vos conseil

voici le rapport smitfraudfix:


SmitFraudFix v2.346

Rapport fait à 10:27:44,12, 07/09/2008
Executé à partir de C:\Documents and Settings\jojo\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\vanwxemgdfk.dll deleted.
C:\WINDOWS\vanwxemggfb.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\1.ico supprimé
C:\WINDOWS\system32\2.ico supprimé
C:\Documents and Settings\jojo\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk supprimé
C:\DOCUME~1\jojo\MENUDM~1\PROGRA~1\Smart Antivirus 2009 supprimé
C:\DOCUME~1\jojo\Bureau\Smart Antivirus-2009.lnk supprimé
C:\Program Files\PCHealthCenter\ supprimé
C:\Program Files\Smart Antivirus 2009\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{250F7979-A5D7-40F7-8250-03DF4F59B078}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8838E7A5-62A3-4650-A8C6-8B724D608D7B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{250F7979-A5D7-40F7-8250-03DF4F59B078}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8838E7A5-62A3-4650-A8C6-8B724D608D7B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8838E7A5-62A3-4650-A8C6-8B724D608D7B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 4 / 19
jojo
7 sept. 2008 à 13:54
voici le rapport malwarebytes:

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1122
Windows 5.1.2600 Service Pack 3

07/09/2008 13:17:56
mbam-log-2008-09-07 (13-17-56).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 85521
Temps écoulé: 35 minute(s), 12 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 43
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 93

Processus mémoire infecté(s):
C:\WINDOWS\system32\YURD.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\lphcccrj0er77.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\cbXPhhGY.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nhapdptc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\daiqkt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\awtuvWpO.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1eafaea6-5fdd-4b66-9e58-85296b3fff88} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1eafaea6-5fdd-4b66-9e58-85296b3fff88} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b06b899-e896-4689-b1f4-25f806c30111} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3b06b899-e896-4689-b1f4-25f806c30111} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ac6dc572-628f-425c-a3be-f0b1202bb39e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtuvwpo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ac6dc572-628f-425c-a3be-f0b1202bb39e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2016a32c-363c-4c3b-b244-6f9ce22817ef} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2016a32c-363c-4c3b-b244-6f9ce22817ef} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e3220e77-2cf5-3361-879d-6fab0da9a069} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9c38027e-22ba-3149-97ff-6823c9e30ca7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a46840bd-b856-3d4c-b6fe-8d26227b2d7d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a46840bd-b856-3d4c-b6fe-8d26227b2d7d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc9crj0er77 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc9crj0er77 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cc6db468 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ac6dc572-628f-425c-a3be-f0b1202bb39e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yure.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yure.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur28.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur29.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur51.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur68.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur67.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur69.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur28.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur29.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur51.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur68.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur67.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur69.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Run (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmcf5e87f4 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcccrj0er77 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxphhgy -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxphhgy -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\rhc9crj0er77 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Application Data\rhc9crj0er77 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\daiqkt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cbXPhhGY.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\YGhhPXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YGhhPXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtuvWpO.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nhapdptc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ctpdpahn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sgacxdcj.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\YURD.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Local Settings\Temporary Internet Files\Content.IE5\QFSUGI81\c5ro[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Local Settings\Temporary Internet Files\Content.IE5\XPWWRBMW\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Local Settings\Temporary Internet Files\Content.IE5\XPWWRBMW\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\MSA\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MSA\MSA.exe (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnlJcdB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqsoriab.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXRjjKC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXRLddd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmlKAs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfCttRK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rmfvuywg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aqdbmopa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\difour.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccyxxXp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fiilwn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\egswxshw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eseguf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwUmnk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jamkvelo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jhvgfdcm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mmx98181.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\MSa.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnKcYoP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pojqpplb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pypgqspn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qhywwhtk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qmpynrue.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qmzpjm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\scajbagr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqPhhHX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tcgpfyuj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olddgroc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcyecrlm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\whynfgeu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ldyfmbma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jwjtiq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jxvxqgar.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xpwbgaiq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xybylvgh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yghjktjx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ynpknnib.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YURE.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mx98181.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fnhjeq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rcalkipa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hpalllwm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edkxduna.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\efcBrRhi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcDTMCT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pdgdxmwl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ttqmqxlu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unguavxg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\rhc9crj0er77\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc9crj0er77\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc9crj0er77\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc9crj0er77\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc9crj0er77\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc9crj0er77\rhc9crj0er77.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Application Data\Adobe\Manager.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hfyoksvs.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXOHAQJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcDssRk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnomNec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtrQhhg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXQHbaB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcBTjhH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifgEvVl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJAPgfc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJYQIYQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUoMGxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMcf5e87f4.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMcf5e87f4.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfExXqR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUkIArq.dll (Trojan.vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcccrj0er77.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Bureau\MS Antivirus.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\jojo\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
jojo
7 sept. 2008 à 13:56
et pour finir voici le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27:54, on 07/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Utilitaire\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Utilitaire\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Utilitaire\Babylon\Babylon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Utilitaire\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\jojo\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {910f579f-9fcb-9588-33c4-01e7142bb382} - {283bb241-7e10-4c33-8859-bcf9f975f019} - C:\WINDOWS\system32\fnhjeq.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\utilitairel\Realone Player\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: QXK Olive - {9EED0EF0-103A-4C1B-A115-F39879368545} - C:\WINDOWS\vanwxemgdfk.dll (file missing)
O2 - BHO: QXK Olive - {AF57398C-E09D-4229-B2D5-12E909DCC730} - C:\WINDOWS\vanwxemggfb.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Utilitaire\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Utilitaire\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Utilitaire\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] doskeys.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services5] dllhosts.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\UTILIT~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\UTILIT~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - D:\Program Files\Vector NTI Advance 10\Ncbi.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: fnhjeq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Utilitaire\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
0
Réponse 6 / 19
jojo
7 sept. 2008 à 21:40
et voici le hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:14, on 07/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Utilitaire\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Utilitaire\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Utilitaire\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Framakey\Apps\portableFirefox3\firefox\firefox.exe
C:\Documents and Settings\jojo\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Utilitaire\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Utilitaire\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMcf5e87f4] Rundll32.exe "C:\WINDOWS\system32\fxsqusna.dll",s
O4 - HKLM\..\Run: [cc6db468] rundll32.exe "C:\WINDOWS\system32\mxwnpkyw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Run] "C:\Documents and Settings\jojo\Application Data\Adobe\Manager.exe"
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] doskeys.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services5] dllhosts.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\UTILIT~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\UTILIT~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - D:\Program Files\Vector NTI Advance 10\Ncbi.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: fnhjeq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Utilitaire\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
0
Réponse 7 / 19
jojo
7 sept. 2008 à 21:48
voici le VBG:


[09/07/2008, 21:41:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\jojo\Bureau\VirtumundoBeGone.exe" )
[09/07/2008, 21:41:42] - Detected System Information:
[09/07/2008, 21:41:42] - Windows Version: 5.1.2600, Service Pack 3
[09/07/2008, 21:41:42] - Current Username: jojo (Admin)
[09/07/2008, 21:41:42] - Windows is in NORMAL mode.
[09/07/2008, 21:41:42] - Searching for Browser Helper Objects:
[09/07/2008, 21:41:42] - BHO 1: {283bb241-7e10-4c33-8859-bcf9f975f019} ()
[09/07/2008, 21:41:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/07/2008, 21:41:42] - Checking for HKLM\...\Winlogon\Notify\fnhjeq
[09/07/2008, 21:41:42] - Key not found: HKLM\...\Winlogon\Notify\fnhjeq, continuing.
[09/07/2008, 21:41:42] - BHO 2: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[09/07/2008, 21:41:42] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/07/2008, 21:41:42] - BHO 4: {98672103-AFBE-4434-92D2-692A124CD60F} ()
[09/07/2008, 21:41:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/07/2008, 21:41:43] - Checking for HKLM\...\Winlogon\Notify\awtutqNh
[09/07/2008, 21:41:43] - Found: HKLM\...\Winlogon\Notify\awtutqNh - This is probably Virtumundo.
[09/07/2008, 21:41:43] - Assigning {98672103-AFBE-4434-92D2-692A124CD60F} MSEvents Object
[09/07/2008, 21:41:43] - BHO list has been changed! Starting over...
[09/07/2008, 21:41:43] - BHO 1: {283bb241-7e10-4c33-8859-bcf9f975f019} ()
[09/07/2008, 21:41:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/07/2008, 21:41:43] - Checking for HKLM\...\Winlogon\Notify\fnhjeq
[09/07/2008, 21:41:43] - Key not found: HKLM\...\Winlogon\Notify\fnhjeq, continuing.
[09/07/2008, 21:41:43] - BHO 2: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[09/07/2008, 21:41:43] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/07/2008, 21:41:43] - BHO 4: {98672103-AFBE-4434-92D2-692A124CD60F} (MSEvents Object)
[09/07/2008, 21:41:43] - ALERT: Found MSEvents Object!
[09/07/2008, 21:41:43] - BHO 5: {9EED0EF0-103A-4C1B-A115-F39879368545} (QXK Olive)
[09/07/2008, 21:41:43] - BHO 6: {AF57398C-E09D-4229-B2D5-12E909DCC730} (QXK Olive)
[09/07/2008, 21:41:43] - BHO 7: {C463267F-9E61-47C2-8560-0B9306DED26B} ()
[09/07/2008, 21:41:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/07/2008, 21:41:43] - Checking for HKLM\...\Winlogon\Notify\opnoLebA
[09/07/2008, 21:41:43] - Key not found: HKLM\...\Winlogon\Notify\opnoLebA, continuing.
[09/07/2008, 21:41:43] - Finished Searching Browser Helper Objects
[09/07/2008, 21:41:43] - *** Detected MSEvents Object
[09/07/2008, 21:41:43] - Trying to remove MSEvents Object...
[09/07/2008, 21:41:44] - Terminating Process: IEXPLORE.EXE
[09/07/2008, 21:41:44] - Terminating Process: RUNDLL32.EXE
[09/07/2008, 21:41:44] - Disabling Automatic Shell Restart
[09/07/2008, 21:41:44] - Terminating Process: EXPLORER.EXE
[09/07/2008, 21:41:45] - Suspending the NT Session Manager System Service
[09/07/2008, 21:41:45] - Terminating Windows NT Logon/Logoff Manager
[09/07/2008, 21:41:45] - Re-enabling Automatic Shell Restart
[09/07/2008, 21:41:45] - File to disable: C:\WINDOWS\system32\awtutqNh.dll
[09/07/2008, 21:41:45] - Renaming C:\WINDOWS\system32\awtutqNh.dll -> C:\WINDOWS\system32\awtutqNh.dll.vir
[09/07/2008, 21:41:45] - File successfully renamed!
[09/07/2008, 21:41:45] - Removing HKLM\...\Browser Helper Objects\{98672103-AFBE-4434-92D2-692A124CD60F}
[09/07/2008, 21:41:45] - Removing HKCR\CLSID\{98672103-AFBE-4434-92D2-692A124CD60F}
[09/07/2008, 21:41:45] - Adding Kill Bit for ActiveX for GUID: {98672103-AFBE-4434-92D2-692A124CD60F}
[09/07/2008, 21:41:45] - Deleting ATLEvents/MSEvents Registry entries
[09/07/2008, 21:41:45] - Removing HKLM\...\Winlogon\Notify\awtutqNh
[09/07/2008, 21:41:45] - Searching for Browser Helper Objects:
[09/07/2008, 21:41:46] - BHO 1: {283bb241-7e10-4c33-8859-bcf9f975f019} ()
[09/07/2008, 21:41:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/07/2008, 21:41:46] - Checking for HKLM\...\Winlogon\Notify\fnhjeq
[09/07/2008, 21:41:46] - Key not found: HKLM\...\Winlogon\Notify\fnhjeq, continuing.
[09/07/2008, 21:41:46] - BHO 2: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[09/07/2008, 21:41:46] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/07/2008, 21:41:46] - BHO 4: {9EED0EF0-103A-4C1B-A115-F39879368545} (QXK Olive)
[09/07/2008, 21:41:46] - BHO 5: {AF57398C-E09D-4229-B2D5-12E909DCC730} (QXK Olive)
[09/07/2008, 21:41:46] - BHO 6: {C463267F-9E61-47C2-8560-0B9306DED26B} ()
[09/07/2008, 21:41:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/07/2008, 21:41:46] - Checking for HKLM\...\Winlogon\Notify\opnoLebA
[09/07/2008, 21:41:46] - Key not found: HKLM\...\Winlogon\Notify\opnoLebA, continuing.
[09/07/2008, 21:41:46] - Finished Searching Browser Helper Objects
[09/07/2008, 21:41:46] - Finishing up...
[09/07/2008, 21:41:46] - A restart is needed.
[09/07/2008, 21:41:55] - Attempting to Restart via STOP error (Blue Screen!)
0
Réponse 8 / 19
jojo
7 sept. 2008 à 21:49
et voici un nouveau rapport hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:14, on 07/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Utilitaire\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Utilitaire\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Utilitaire\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Framakey\Apps\portableFirefox3\firefox\firefox.exe
C:\Documents and Settings\jojo\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Utilitaire\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Utilitaire\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cc6db468] rundll32.exe "C:\WINDOWS\system32\mxwnpkyw.dll",b
O4 - HKLM\..\Run: [BMcf5e87f4] Rundll32.exe "C:\WINDOWS\system32\dkkgpacy.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Run] "C:\Documents and Settings\jojo\Application Data\Adobe\Manager.exe"
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] doskeys.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services5] dllhosts.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\UTILIT~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\UTILIT~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - D:\Program Files\Vector NTI Advance 10\Ncbi.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: fnhjeq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Utilitaire\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
0
Réponse 9 / 19
jojo
8 sept. 2008 à 12:21
merci pour tout,

tout fonctionne plus de virus j'ai relancé Malwarebytes' Anti-Malware et il ne trouve plus rien
google veut bien fonctionné de nouveau et les mises à jours de windows sont réglables.


bonne journée,

josselin
0
Réponse 10 / 19
jojo
8 sept. 2008 à 18:20
voici le rapport:

DiagHelp version v1.4 - http://www.malekal.com
excute le 08/09/2008 à 17:46:38,62


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->08/09/2008 17:46:05
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->08/09/2008 17:45:58
C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->08/09/2008 17:44:47
C:\WINDOWS\prefetch\PORTABLEFIREFOX.EXE-1905D7D8.pf -->08/09/2008 17:43:42
C:\WINDOWS\prefetch\FIREFOX.EXE-077A0061.pf -->08/09/2008 17:43:39
C:\WINDOWS\prefetch\THUNDERBIRD.EXE-135C6213.pf -->08/09/2008 17:43:38
C:\WINDOWS\prefetch\PORTABLETHUNDERBIRD2.EXE-1729A646.pf -->08/09/2008 17:43:37
C:\WINDOWS\prefetch\RUNDLL32.EXE-4EE39BB6.pf -->08/09/2008 17:42:43
C:\WINDOWS\prefetch\WINWORD.EXE-2338C067.pf -->08/09/2008 15:01:01
C:\WINDOWS\prefetch\ACROBAT.EXE-0CA9D55B.pf -->08/09/2008 14:59:44

C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->02/09/2008 00:16:46
C:\WINDOWS\System32\drivers\mbam.sys -->02/09/2008 00:16:40
C:\WINDOWS\System32\drivers\tcpip.sys -->20/06/2008 13:51:12
C:\WINDOWS\System32\drivers\afd.sys -->20/06/2008 13:40:08
C:\WINDOWS\System32\drivers\tcpip6.sys -->20/06/2008 13:08:27
C:\WINDOWS\System32\drivers\bthport.sys -->14/06/2008 19:33:37
C:\WINDOWS\System32\drivers\rmcast.sys -->08/05/2008 16:02:52

C:\WINDOWS\System32\Monitored2.dat -->08/09/2008 17:45:18
C:\WINDOWS\System32\wpa.dbl -->08/09/2008 09:07:12
C:\WINDOWS\System32\c74e7016-.txt -->07/09/2008 22:31:20
C:\WINDOWS\System32\dkkgpacy.dll -->07/09/2008 21:45:38
C:\WINDOWS\System32\wykpnwxm.ini -->07/09/2008 21:45:05
C:\WINDOWS\System32\fxsqusna.dll -->07/09/2008 21:30:58
C:\WINDOWS\System32\exylrwtf.ini -->07/09/2008 21:30:27
C:\WINDOWS\System32\xqjjffhc.dll -->07/09/2008 17:44:59
C:\WINDOWS\System32\awtutqNh.dll.vir -->07/09/2008 17:38:49
C:\WINDOWS\System32\ragqxvxj.ini -->07/09/2008 12:42:32
C:\WINDOWS\System32\flrqexwq.dll -->07/09/2008 10:43:22
C:\WINDOWS\System32\grukpfmn.ini -->07/09/2008 10:42:46
C:\WINDOWS\System32\tmp.txt -->07/09/2008 10:28:08
C:\WINDOWS\System32\tmp.reg -->07/09/2008 10:28:08
C:\WINDOWS\System32\bsnuhhsm.ini -->06/09/2008 21:28:31
C:\WINDOWS\System32\adtjnnwv.ini -->06/09/2008 21:07:34
C:\WINDOWS\System32\qlrjvlpd.ini -->06/09/2008 10:59:27
C:\WINDOWS\System32\xygmubpe.ini -->06/09/2008 10:56:51
C:\WINDOWS\System32\Monitored3.dat -->05/09/2008 11:29:23
C:\WINDOWS\System32\pclhqjej.ini -->05/09/2008 08:18:35
C:\WINDOWS\System32\oykjgbsl.ini -->05/09/2008 07:55:34
C:\WINDOWS\System32\hcppduti.ini -->04/09/2008 21:57:46
C:\WINDOWS\System32\csnjxmus.ini -->04/09/2008 21:07:59
C:\WINDOWS\System32\daflfecb.ini -->04/09/2008 10:42:59
C:\WINDOWS\System32\hqhvouuq.ini -->04/09/2008 08:34:59

C:\WINDOWS\wiadebug.log -->08/09/2008 13:49:47
C:\WINDOWS\WindowsUpdate.log -->08/09/2008 12:13:57
C:\WINDOWS\0.log -->08/09/2008 09:07:00
C:\WINDOWS\wiaservc.log -->08/09/2008 09:06:58
C:\WINDOWS\bootstat.dat -->08/09/2008 09:06:28
C:\WINDOWS\SchedLgU.Txt -->08/09/2008 00:10:32
C:\WINDOWS\setupapi.log -->07/09/2008 23:02:36
C:\WINDOWS\ntbtlog.txt -->07/09/2008 21:27:12
C:\WINDOWS\setupact.log -->07/09/2008 12:44:28
C:\WINDOWS\win.ini -->06/09/2008 21:20:54
C:\WINDOWS\system.ini -->06/09/2008 21:20:54
C:\WINDOWS\tsoc.log -->14/08/2008 11:11:37
C:\WINDOWS\tabletoc.log -->14/08/2008 11:11:37
C:\WINDOWS\ocmsn.log -->14/08/2008 11:11:37
C:\WINDOWS\ocgen.log -->14/08/2008 11:11:37

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 2316
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll
0x10000000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\PDFShell.dll
0x02cf0000 0xa000 7.00.0000.0000 C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\PDFShell.FRA
0x4eb80000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll
0x03830000 0x4e000 7.00.0005.0172 C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat Elements\ContextMenu.fra
0x02830000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x03020000 0x2e000 C:\Program Files\WinRAR\rarext.dll
0x02a60000 0xb400 10.00.0000.0359 C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 1880
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x10000 6.14.0010.4118 C:\WINDOWS\system32\Ati2evxx.dll
0x01400000 0x3b000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x01610000 0x1e000 9.00.0002.0011 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
0x51650000 0xc400 10.00.0000.0359 C:\WINDOWS\system32\NavLogon.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est CC6D-B4C7

Répertoire de C:\WINDOWS\system

10/09/1999 12:06 4 672 WOWPOST.EXE
1 fichier(s) 4 672 octets
0 Rép(s) 8 472 113 152 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est CC6D-B4C7

Répertoire de C:\WINDOWS\system32

14/04/2008 04:33 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 8 472 113 152 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est CC6D-B4C7

Répertoire de C:\WINDOWS\Downloaded Program Files

18/07/2008 10:52 <REP> .
18/07/2008 10:52 <REP> ..
28/12/2007 23:06 65 desktop.ini
20/01/2000 16:25 1 162 Microsoft XML Parser for Java.osd
29/08/2003 15:55 2 136 WMAVAX.inf
30/06/2003 23:41 1 689 WMV9VCM.inf
30/07/2007 20:24 293 wuweb.inf
5 fichier(s) 5 345 octets

Total des fichiers listés :
5 fichier(s) 5 345 octets
2 Rép(s) 8 472 109 056 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\utilitairel\\Realone Player\\realplay.exe"="C:\\Program Files\\utilitairel\\Realone Player\\realplay.exe:*:Enabled:RealPlayer"
"D:\\Program Files\\Framakey\\Apps\\PortableVLC\\vlc\\vlc.exe"="D:\\Program Files\\Framakey\\Apps\\PortableVLC\\vlc\\vlc.exe:*:Enabled:VLC media player"
"D:\\Program Files\\Vector NTI Advance 10\\Vector NTI 10.exe"="D:\\Program Files\\Vector NTI Advance 10\\Vector NTI 10.exe:*:Enabled:Vector NTI 10.0.1"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"D:\\Program Files\\adslTV\\adsltv.exe"="D:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Utilitaire\\iTunes\\iTunes.exe"="C:\\Program Files\\Utilitaire\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 17:48:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
172 - ati2evxx.exe
244 - svchost.exe
308 - svchost.exe
524 - svchost.exe
580 - EvtEng.exe
700 - S24EvMon.exe
768 - AppleMobileDevi
824 - mDNSResponder.e
860 - cvpnd.exe
940 - cmd.exe
1064 - svchost.exe
1088 - svchost.exe
1092 - iTunesHelper.ex
1628 - spoolsv.exe
1660 - 1XConfig.exe
1680 - alg.exe
1744 - svchost.exe
1816 - Rtvscan.exe
1820 - ZCfgSvc.exe
1848 - csrss.exe
1880 - winlogon.exe
1928 - services.exe
1940 - lsass.exe
2124 - ati2evxx.exe
2316 - explorer.exe
2768 - PDVDServ.exe
2876 - ccApp.exe
2904 - VPTray.exe
2948 - ctfmon.exe
3328 - svchost.exe
3800 - vVX3000.exe
3884 - iPodService.exe

Total number of processes = 33
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806D0000 - \WINDOWS\system32\hal.dll
F7A1B000 - \WINDOWS\system32\KDCOM.DLL
F792B000 - \WINDOWS\system32\BOOTVID.dll
F73EB000 - ACPI.sys
F7A1D000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F73DA000 - pci.sys
F751B000 - isapnp.sys
F752B000 - ohci1394.sys
F753B000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
F792F000 - compbatt.sys
F7933000 - \WINDOWS\System32\DRIVERS\BATTC.SYS
F7AE3000 - pciide.sys
F779B000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F73BC000 - pcmcia.sys
F754B000 - MountMgr.sys
F739D000 - ftdisk.sys
F7A1F000 - dmload.sys
F7377000 - dmio.sys
F77A3000 - PartMgr.sys
F755B000 - VolSnap.sys
F735F000 - atapi.sys
F756B000 - disk.sys
F757B000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F733F000 - fltmgr.sys
F732D000 - sr.sys
F7316000 - KSecDD.sys
F7289000 - Ntfs.sys
F725C000 - NDIS.sys
F7242000 - Mup.sys
F76EB000 - \SystemRoot\System32\DRIVERS\intelppm.sys
F79E3000 - \SystemRoot\System32\DRIVERS\CmBatt.sys
F7081000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys
F706D000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F784B000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F7049000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F7853000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F76FB000 - \SystemRoot\System32\DRIVERS\bcm4sbxp.sys
F770B000 - \SystemRoot\System32\DRIVERS\nic1394.sys
F7035000 - \SystemRoot\System32\DRIVERS\sdbus.sys
F6D12000 - \SystemRoot\System32\DRIVERS\w29n51.sys
F6CCF000 - \SystemRoot\system32\drivers\STAC97.sys
F6CAB000 - \SystemRoot\system32\drivers\portcls.sys
F771B000 - \SystemRoot\system32\drivers\drmk.sys
F6C88000 - \SystemRoot\system32\drivers\ks.sys
F6C55000 - \SystemRoot\system32\DRIVERS\HSFHWICH.sys
F6B58000 - \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
F6AAB000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
F785B000 - \SystemRoot\System32\Drivers\Modem.SYS
F772B000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F7863000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F786B000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F773B000 - \SystemRoot\system32\DRIVERS\imapi.sys
F774B000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F775B000 - \SystemRoot\System32\DRIVERS\redbook.sys
F79F3000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F776B000 - \SystemRoot\System32\Drivers\tosrfcom.sys
F6A8D000 - \SystemRoot\system32\DRIVERS\dne2000.sys
F6A50000 - \SystemRoot\System32\DRIVERS\iwca.sys
F7B28000 - \SystemRoot\System32\DRIVERS\audstub.sys
F777B000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F79FB000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F6A39000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F778B000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F759B000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F7873000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F6A28000 - \SystemRoot\System32\DRIVERS\psched.sys
F75AB000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F787B000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F7883000 - \SystemRoot\System32\DRIVERS\raspti.sys
F62B0000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F75FB000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7A43000 - \SystemRoot\System32\DRIVERS\swenum.sys
F6252000 - \SystemRoot\System32\DRIVERS\update.sys
F71FD000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
F765B000 - \SystemRoot\System32\DRIVERS\tosporte.sys
F766B000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F769B000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7A8F000 - \SystemRoot\System32\DRIVERS\USBD.SYS
EE1B5000 - \??\C:\Program Files\Symantec AntiVirus\savrt.sys
EE198000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS
EE184000 - \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
F7A9B000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7B2B000 - \SystemRoot\System32\Drivers\Null.SYS
F7A9D000 - \SystemRoot\System32\Drivers\Beep.SYS
F7903000 - \SystemRoot\System32\drivers\vga.sys
F7A9F000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7AA1000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F790B000 - \SystemRoot\System32\Drivers\Msfs.SYS
F791B000 - \SystemRoot\System32\Drivers\Npfs.SYS
F79D3000 - \SystemRoot\System32\DRIVERS\rasacd.sys
EE040000 - \SystemRoot\System32\DRIVERS\ipsec.sys
EDFE7000 - \SystemRoot\System32\DRIVERS\tcpip.sys
EDFBF000 - \SystemRoot\System32\DRIVERS\netbt.sys
EDF7F000 - \SystemRoot\System32\Drivers\SYMTDI.SYS
EDF5D000 - \SystemRoot\System32\drivers\afd.sys
F76BB000 - \SystemRoot\System32\DRIVERS\netbios.sys
EDF37000 - \SystemRoot\System32\DRIVERS\ipnat.sys
EDF0C000 - \SystemRoot\System32\DRIVERS\rdbss.sys
EDE9C000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F76DB000 - \SystemRoot\System32\Drivers\Fips.SYS
EDE3E000 - \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
F6A08000 - \SystemRoot\System32\Drivers\tosrfusb.sys
F696C000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F69F8000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F77BB000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
EDD5B000 - \SystemRoot\System32\Drivers\tosrfbd.sys
F6968000 - \SystemRoot\System32\DRIVERS\mouhid.sys
F69E8000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F69D8000 - \SystemRoot\System32\DRIVERS\arp1394.sys
F69C8000 - \SystemRoot\System32\DRIVERS\Tosrfhid.sys
F69B8000 - \SystemRoot\System32\Drivers\tosrfbnp.sys
F77C3000 - \SystemRoot\System32\DRIVERS\tosrfnds.sys
F69A8000 - \SystemRoot\System32\Drivers\Cdfs.SYS
EDCCB000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7AC1000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
EDE22000 - \SystemRoot\System32\drivers\Dxapi.sys
F77DB000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7BF0000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\ati2dvag.dll
BFA0C000 - \SystemRoot\System32\ati2cqag.dll
BFA40000 - \SystemRoot\System32\atikvmag.dll
BFA75000 - \SystemRoot\System32\ati3duag.dll
BFCB7000 - \SystemRoot\System32\ativvaxx.dll
EBBD3000 - \SystemRoot\System32\DRIVERS\AegisP.sys
EBBCB000 - \SystemRoot\System32\DRIVERS\s24trans.sys
EBAE7000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
EB6AE000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
EB7D7000 - \SystemRoot\System32\Drivers\Aspi32.SYS
EB556000 - \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
EB703000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys
EB4DC000 - \SystemRoot\System32\DRIVERS\srv.sys
EB3D7000 - \SystemRoot\system32\drivers\wdmaud.sys
EB81B000 - \SystemRoot\system32\drivers\sysaudio.sys
F677B000 - \SystemRoot\System32\Drivers\HTTP.sys
F6687000 - \SystemRoot\System32\Drivers\SYMREDRV.SYS
F7803000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS
BAFB1000 - \SystemRoot\System32\Drivers\Fastfat.SYS
BAEF5000 - \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10822.sys
BAE21000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080907.003\navex15.sys
BAE0C000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080907.003\naveng.sys
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F7B02000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 145

Liste des programmes installes

Adobe Acrobat 7.0 Professional - English, Français, Deutsch
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Analyseur et SDK XML Microsoft
Apple Mobile Device Support
Apple Software Update
Archiveur WinRAR
ATI - Utilitaire de désinstallation du logiciel
ATI Display Driver
Babylon
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs 2
Broadcom Management Programs 2
C-Major Audio
Cisco Systems VPN Client 5.0.02.0090
Compatibility Pack for the 2007 Office system
Compel Adaptec WinASPI
Conexant D110 MDC V.92 Modem
Correctif pour Windows XP (KB952287)
ffdshow [rev 2060] [2008-08-01]
Intel(R) PROSet/Wireless Software
IrfanView (remove only)
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923789)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951376)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
mIWA
mIWCA
mLogView
mMHouse
Morgan Stream Switcher
Mozilla Firefox (3.0.1)
Mozilla Thunderbird (2.0.0.16)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB936181)
mToolkit
mWlsSafe
mXML
mZConfig
NeoDivx 2008
Nero Suite
Panneau de contrôle ATI
PowerDVD
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update pour Microsoft .NET Framework 2.0 (KB928365)
Skype™ 3.6
SSH Secure Shell
Suite Specific
Symantec AntiVirus
V10CC
V10CNT
V10COM
V10DT
V10NQ
V10PFAM
Vector NTI 10
VideoLAN VLC media player 0.8.6b
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
x264 Revision 305 x264.nl (remove only)
Xvid 1.1.3 final uninstall



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est CC6D-B4C7

Répertoire de C:\Program Files

07/09/2008 13:17 <REP> .
07/09/2008 13:17 <REP> ..
05/05/2008 12:20 <REP> Adobe
17/08/2008 16:17 <REP> Apple Software Update
28/12/2007 23:44 <REP> ATI Technologies
28/12/2007 23:59 <REP> BlueTooth
12/07/2008 08:12 <REP> Bonjour
28/12/2007 23:41 <REP> Broadcom
14/01/2008 22:56 <REP> Common Files
28/12/2007 23:05 <REP> ComPlus Applications
14/08/2008 12:57 <REP> CONEXANT
09/05/2008 12:37 <REP> Fichiers communs
09/05/2008 12:41 <REP> Informax Installations
28/12/2007 23:49 <REP> Intel
14/08/2008 11:25 <REP> Internet Explorer
09/05/2008 12:43 <REP> Invitrogen
17/08/2008 14:50 <REP> iPod
25/07/2008 00:37 <REP> Java
07/09/2008 11:12 <REP> Malwarebytes' Anti-Malware
14/08/2008 11:11 <REP> Messenger
03/01/2008 01:13 <REP> Microsoft CAPICOM 2.1.0.2
28/12/2007 23:07 <REP> microsoft frontpage
24/07/2008 20:41 <REP> Microsoft LifeCam
10/07/2008 18:14 <REP> Microsoft Office
05/01/2008 12:24 <REP> Microsoft Works
25/07/2008 11:49 <REP> Movie Maker
07/09/2008 13:17 <REP> MSA
10/07/2008 18:14 <REP> MSECache
25/07/2008 11:49 <REP> msn
28/12/2007 23:04 <REP> MSN Gaming Zone
29/12/2007 00:52 <REP> MSXML 4.0
25/07/2008 11:45 <REP> NetMeeting
25/07/2008 11:45 <REP> Outlook Express
12/07/2008 08:12 <REP> QuickTime
28/12/2007 23:20 <REP> Services en ligne
28/12/2007 23:42 <REP> SigmaTel
26/02/2008 18:44 <REP> Skype
29/12/2007 03:25 <REP> Symantec
08/09/2008 09:07 <REP> Symantec AntiVirus
29/12/2007 02:37 <REP> Système
28/12/2007 23:58 <REP> Toshiba
27/03/2008 15:57 <REP> Utilitaire
30/12/2007 11:56 <REP> utilitairel
04/01/2008 21:12 <REP> Windows Live
25/07/2008 11:50 <REP> Windows Media Player
25/07/2008 11:45 <REP> Windows NT
03/09/2008 07:54 <REP> WinRAR
28/12/2007 23:07 <REP> xerox
0 fichier(s) 0 octets
48 Rép(s) 8 471 384 064 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est CC6D-B4C7

Répertoire de C:\Program Files\fichiers communs

09/05/2008 12:37 <REP> .
09/05/2008 12:37 <REP> ..
13/05/2008 13:19 <REP> Adobe
05/05/2008 12:21 <REP> Adobe Systems Shared
29/12/2007 03:39 <REP> Ahead
29/12/2007 18:56 <REP> Apple
29/12/2007 02:37 <REP> DESIGNER
05/02/2008 23:08 <REP> Deterministic Networks
09/05/2008 12:37 <REP> Informax
28/12/2007 23:43 <REP> InstallShield
02/01/2008 19:10 <REP> Java
10/07/2008 18:14 <REP> Microsoft Shared
14/01/2008 22:56 <REP> Motive
28/12/2007 23:05 <REP> MSSoap
28/12/2007 22:55 <REP> ODBC
30/12/2007 11:57 <REP> Real
28/12/2007 23:05 <REP> Services
26/02/2008 18:44 <REP> Skype
28/12/2007 22:55 <REP> SpeechEngines
10/03/2008 09:04 <REP> Symantec Shared
25/07/2008 11:45 <REP> System
30/12/2007 11:57 <REP> xing shared
0 fichier(s) 0 octets
22 Rép(s) 8 471 379 968 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est CC6D-B4C7

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

05/01/2008 12:25 <REP> .
05/01/2008 12:25 <REP> ..
29/12/2007 02:37 <REP> 1033
05/01/2008 12:25 <REP> 1036
20/09/2005 13:33 1 293 008 MSONSEXT.DLL
22/03/2007 20:29 39 256 MSOSV.DLL
03/06/1999 15:09 122 937 MSOWS409.DLL
07/03/2001 10:00 127 033 MSOWS40c.DLL
11/07/2003 03:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 8 471 375 872 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est CC6D-B4C7

Répertoire de C:\Program Files\common files

14/01/2008 22:56 <REP> .
14/01/2008 22:56 <REP> ..
14/01/2008 22:59 <REP> Motive
0 fichier(s) 0 octets
3 Rép(s) 8 471 375 872 octets libres




c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.7.1.11\SetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\ALUNotify.exe
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\AUpdate.exe
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\Lsetup.exe
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LuAll.exe
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LuComServer_2_6.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LUInit.exe
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\NDetect.exe
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\SHFOLDER.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\SymantecRootInstaller.exe
c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Bio Soft\BioEdit.exe
c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Bio Soft\clustalx.exe
c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Bio Soft\treev32.exe
c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Bio Soft\Zoe-v3d.exe
c:\Documents and Settings\jojo\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\icon.exe
c:\Documents and Settings\jojo\Application Data\NeoDivX2008\Settings\DVDFabHDDecrypter4\DVDFabHDDecrypter.exe
c:\Documents and Settings\jojo\Application Data\NeoDivX2008\Settings\DVDFabHDDecrypter4\unins000.exe
c:\Documents and Settings\jojo\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\jojo\Application Data\U3\temp\Launchpad Removal.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\jojo\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\jojo\Local Settings\Temp\Setup+Patch.exe
c:\Documents and Settings\jojo\Local Settings\Temporary Internet Files\Content.IE5\5HJYQAE2\WebSoftCodecDrivern[2].exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\capicom.dll
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LuComServerPS_2_6.DLL
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LUinsDll.dll
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LUPreCon.dll
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LUSESAIntegration.dll
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\NetDetectController_2_6.DLL
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\pegclient.dll
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\pegcommon.dll
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\ProductRegCom_2_6.DLL
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\ProductRegComPS_2_6.DLL
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\Psapi.Dll
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\S32Live1.dll
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\S32Luis1.dll
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\S32LUWI1.dll
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\unrar.dll
c:\Documents and Settings\jojo\Application Data\NeoDivX2008\Settings\DVDFabHDDecrypter4\CrashRpt.dll
c:\Documents and Settings\jojo\Application Data\NeoDivX2008\Settings\DVDFabHDDecrypter4\dbghelp.dll
c:\Documents and Settings\jojo\Application Data\NeoDivX2008\Settings\DVDFabHDDecrypter4\zlib.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_JOGAU.tar.gz a l'adresse http://upload.malekal.com
0
Réponse 11 / 19
jojo
8 sept. 2008 à 20:25
voici me rapport OTmoveit:

C:\WINDOWS\System32\c74e7016-.txt moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\dkkgpacy.dll
C:\WINDOWS\System32\dkkgpacy.dll NOT unregistered.
C:\WINDOWS\System32\dkkgpacy.dll moved successfully.
C:\WINDOWS\System32\wykpnwxm.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fxsqusna.dll
C:\WINDOWS\System32\fxsqusna.dll NOT unregistered.
C:\WINDOWS\System32\fxsqusna.dll moved successfully.
C:\WINDOWS\System32\exylrwtf.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\xqjjffhc.dll
C:\WINDOWS\System32\xqjjffhc.dll NOT unregistered.
C:\WINDOWS\System32\xqjjffhc.dll moved successfully.
C:\WINDOWS\System32\awtutqNh.dll.vir moved successfully.
C:\WINDOWS\System32\ragqxvxj.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\flrqexwq.dll
C:\WINDOWS\System32\flrqexwq.dll NOT unregistered.
C:\WINDOWS\System32\flrqexwq.dll moved successfully.
C:\WINDOWS\System32\grukpfmn.ini moved successfully.
C:\WINDOWS\System32\tmp.txt moved successfully.
C:\WINDOWS\System32\tmp.reg moved successfully.
C:\WINDOWS\System32\bsnuhhsm.ini moved successfully.
C:\WINDOWS\System32\adtjnnwv.ini moved successfully.
C:\WINDOWS\System32\qlrjvlpd.ini moved successfully.
C:\WINDOWS\System32\xygmubpe.ini moved successfully.
C:\WINDOWS\System32\pclhqjej.ini moved successfully.
C:\WINDOWS\System32\oykjgbsl.ini moved successfully.
C:\WINDOWS\System32\hcppduti.ini moved successfully.
C:\WINDOWS\System32\csnjxmus.ini moved successfully.
C:\WINDOWS\System32\daflfecb.ini moved successfully.
C:\WINDOWS\System32\hqhvouuq.ini moved successfully.
c:\Documents and Settings\jojo\Bureau\DiagHelp moved successfully.
c:\Documents and Settings\jojo\Local Settings\Temp\Setup+Patch.exe moved successfully.
< c:\Documents and Settings\jojo\Local Settings\Temporary Internet Files\Content.IE5\5HJYQAE2\WebSoftCodecDrivern[2].exe >
c:\Documents and Settings\jojo\Local Settings\Temporary Internet Files\Content.IE5\5HJYQAE2\WebSoftCodecDrivern[2].exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09082008_202042
0
Réponse 12 / 19
jojo
8 sept. 2008 à 21:04
et voici le rapport de virus total:

Fichier Monitored3.dat reçu le 2008.09.08 20:25:10 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/36 (0%)

Fichier Monitored3.dat reçu le 2008.09.08 20:25:10 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.6.0 2008.09.08 -
AntiVir 7.8.1.28 2008.09.08 -
Authentium 5.1.0.4 2008.09.08 -
Avast 4.8.1195.0 2008.09.08 -
AVG 8.0.0.161 2008.09.08 -
BitDefender 7.2 2008.09.08 -
CAT-QuickHeal 9.50 2008.09.06 -
ClamAV 0.93.1 2008.09.08 -
DrWeb 4.44.0.09170 2008.09.08 -
eSafe 7.0.17.0 2008.09.07 -
eTrust-Vet 31.6.6077 2008.09.08 -
Ewido 4.0 2008.09.08 -
F-Prot 4.4.4.56 2008.09.08 -
F-Secure 8.0.14332.0 2008.09.08 -
Fortinet 3.112.0.0 2008.09.08 -
GData 19 2008.09.08 -
Ikarus T3.1.1.34.0 2008.09.08 -
K7AntiVirus 7.10.446 2008.09.08 -
Kaspersky 7.0.0.125 2008.09.08 -
McAfee 5379 2008.09.08 -
Microsoft 1.3903 2008.09.08 -
NOD32v2 3426 2008.09.08 -
Norman 5.80.02 2008.09.08 -
Panda 9.0.0.4 2008.09.08 -
PCTools 4.4.2.0 2008.09.08 -
Prevx1 V2 2008.09.08 -
Rising 20.61.02.00 2008.09.08 -
Sophos 4.33.0 2008.09.08 -
Sunbelt 3.1.1616.1 2008.09.07 -
Symantec 10 2008.09.08 -
TheHacker 6.3.0.8.075 2008.09.06 -
TrendMicro 8.700.0.1004 2008.09.08 -
VBA32 3.12.8.5 2008.09.08 -
ViRobot 2008.9.8.1367 2008.09.08 -
VirusBuster 4.5.11.0 2008.09.08 -
Webwasher-Gateway 6.6.2 2008.09.08 -
Information additionnelle
File size: 97 bytes
MD5...: f6133dba2d04ad10618fbc833a5496bb
SHA1..: 15d6d7f834e7cfb98688d12fe426f43108b62554
SHA256: 86348d0bfa500e10bfe695363d147a9e42febc2da60eec6105134b479d6bb03d
SHA512: 9dd11224a0dd27fc4ce584823da5fe1c8c779d4839ac4173df1594b982cd8ddc<br>f3f68147d92973afaca9c2122ad0befdc4a339357fe072ec0f5644f342030821
PEiD..: -
TrID..: File type identification<br>Generic INI configuration (100.0%)
PEInfo: -
0
Réponse 13 / 19
jojo
9 sept. 2008 à 07:37
merci boulepate62
et tu serais pourquoi symantec n'avais pas détecté tous ces petits virus?


bon sur à toi aussi
0
Réponse 14 / 19
DJB5 Messages postés 589 Date d'inscription vendredi 2 mai 2008 Statut Membre Dernière intervention 27 février 2011 87
7 sept. 2008 à 01:16
Up pour toi
-1
Réponse 15 / 19
Utilisateur anonyme
7 sept. 2008 à 02:01
Bonjour

Exécute l'option 2 de Smitfraudfix ça sera déjà ça de fait.
Ensuite, passe à la suite, car ton PC sera encore infecté.
-1
Réponse 16 / 19
Utilisateur anonyme
7 sept. 2008 à 17:01
* Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
- Ferme Internet Explorer avant de cliquer sur Fix checked
- S'il manque des lignes ce n'est pas grave

O2 - BHO: {910f579f-9fcb-9588-33c4-01e7142bb382} - {283bb241-7e10-4c33-8859-bcf9f975f019} - C:\WINDOWS\system32\fnhjeq.dll (file missing)
O2 - BHO: QXK Olive - {9EED0EF0-103A-4C1B-A115-F39879368545} - C:\WINDOWS\vanwxemgdfk.dll (file missing)
O2 - BHO: QXK Olive - {AF57398C-E09D-4229-B2D5-12E909DCC730} - C:\WINDOWS\vanwxemggfb.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Utilitaire\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?



* Télécharge VundoFix
---> http://ohfr-redir.com/1463

Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..

double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer sinon, fais le par toit même
Une fois qu'il a redemarré colle le rapport C:\vundofix.txt et un nouveau rapport hijackthis stp


ET


Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/~secured2k/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
-1
jojo
7 sept. 2008 à 21:38
voici le rapport vundi fix:


VundoFix V7.0.6

Scan started at 20:28:43 07/09/2008

Listing files found while scanning....

C:\Windows\system32\ayuhgu.dll
C:\Windows\system32\bxkxncqo.dll
C:\Windows\system32\drjdjayc.dll
C:\Windows\system32\dwtempwm.dll
C:\Windows\system32\ecpyrbks.dll
C:\Windows\system32\enkwkp.dll
C:\Windows\system32\fxcxasng.dll
C:\Windows\system32\hjlxtj.dll
C:\Windows\system32\kgvaumoh.dll
C:\Windows\system32\lbvktwyn.dll
C:\Windows\system32\owvqaobj.dll
C:\Windows\system32\pfnvglnv.dll
C:\Windows\system32\utigruek.dll
C:\Windows\system32\vhwyrf.dll
C:\Windows\system32\xnjuciiv.dll

Beginning removal...

Attempting to delete C:\Windows\system32\ayuhgu.dll
C:\Windows\system32\ayuhgu.dll Has been deleted!

Attempting to delete C:\Windows\system32\bxkxncqo.dll
C:\Windows\system32\bxkxncqo.dll Has been deleted!

Attempting to delete C:\Windows\system32\drjdjayc.dll
C:\Windows\system32\drjdjayc.dll Has been deleted!

Attempting to delete C:\Windows\system32\dwtempwm.dll
C:\Windows\system32\dwtempwm.dll Has been deleted!

Attempting to delete C:\Windows\system32\ecpyrbks.dll
C:\Windows\system32\ecpyrbks.dll Has been deleted!

Attempting to delete C:\Windows\system32\enkwkp.dll
C:\Windows\system32\enkwkp.dll Has been deleted!

Attempting to delete C:\Windows\system32\fxcxasng.dll
C:\Windows\system32\fxcxasng.dll Has been deleted!

Attempting to delete C:\Windows\system32\hjlxtj.dll
C:\Windows\system32\hjlxtj.dll Has been deleted!

Attempting to delete C:\Windows\system32\kgvaumoh.dll
C:\Windows\system32\kgvaumoh.dll Has been deleted!

Attempting to delete C:\Windows\system32\lbvktwyn.dll
C:\Windows\system32\lbvktwyn.dll Has been deleted!

Attempting to delete C:\Windows\system32\owvqaobj.dll
C:\Windows\system32\owvqaobj.dll Has been deleted!

Attempting to delete C:\Windows\system32\pfnvglnv.dll
C:\Windows\system32\pfnvglnv.dll Has been deleted!

Attempting to delete C:\Windows\system32\utigruek.dll
C:\Windows\system32\utigruek.dll Has been deleted!

Attempting to delete C:\Windows\system32\vhwyrf.dll
C:\Windows\system32\vhwyrf.dll Has been deleted!

Attempting to delete C:\Windows\system32\xnjuciiv.dll
C:\Windows\system32\xnjuciiv.dll Has been deleted!

Performing Repairs to the registry.
Done!
0
Réponse 17 / 19
Utilisateur anonyme
8 sept. 2008 à 17:26
Tu es encore infecté malgré tout, peut-être plus de signes d'infections, mais ce n'est pas propre.
Tu peux jeter Vundofix et VirtumundoBeGone .


Télécharge DiagHelp.zip sur ton bureau
http://www.malekal.com/download/DiagHelp.zip

- Fais un clic droit sur le dossier -> Ouvrir avec -> Dossiers compréssés -> Suivant -> Suivant
- Un nouveau dossier va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
- Dès l'analyse terminée ,copie et colle ici le contenu du bloc-notes.

-1
Réponse 18 / 19
Utilisateur anonyme
8 sept. 2008 à 19:39
Télécharge OTMoveIt sur ton bureau
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

Double clic sur OTMoveIt.exe
Sélectionne et copie les lignes ci-dessous

C:\WINDOWS\System32\c74e7016-.txt
C:\WINDOWS\System32\dkkgpacy.dll
C:\WINDOWS\System32\wykpnwxm.ini
C:\WINDOWS\System32\fxsqusna.dll
C:\WINDOWS\System32\exylrwtf.ini
C:\WINDOWS\System32\xqjjffhc.dll
C:\WINDOWS\System32\awtutqNh.dll.vir
C:\WINDOWS\System32\ragqxvxj.ini
C:\WINDOWS\System32\flrqexwq.dll
C:\WINDOWS\System32\grukpfmn.ini
C:\WINDOWS\System32\tmp.txt
C:\WINDOWS\System32\tmp.reg
C:\WINDOWS\System32\bsnuhhsm.ini
C:\WINDOWS\System32\adtjnnwv.ini
C:\WINDOWS\System32\qlrjvlpd.ini
C:\WINDOWS\System32\xygmubpe.ini
C:\WINDOWS\System32\pclhqjej.ini
C:\WINDOWS\System32\oykjgbsl.ini
C:\WINDOWS\System32\hcppduti.ini
C:\WINDOWS\System32\csnjxmus.ini
C:\WINDOWS\System32\daflfecb.ini
C:\WINDOWS\System32\hqhvouuq.ini
c:\Documents and Settings\jojo\Bureau\DiagHelp\
c:\Documents and Settings\jojo\Local Settings\Temp\Setup+Patch.exe
c:\Documents and Settings\jojo\Local Settings\Temporary Internet Files\Content.IE5\5HJYQAE2\WebSoftCodecDrivern[2].exe

Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste Standard List of Files/Folders to move" et choisis "coller".
Clic sur le boutton rouge Moveit et clic sur Exit
Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles



Vas dans ajouter/supprimer des programmes et désinstalle :

- Java(TM) 6 Update 3 (obsolète)
- Java(TM) 6 Update 5 (obsolète)


Rends toi ici https://www.virustotal.com/gui/
Dans l'espace vide à côté du bouton choisir copie et colle la ligne ci-dessous
C:\WINDOWS\System32\Monitored3.dat
Clic sur Envoyer et patiente pendant l'analyse
Dès qu'il a terminé colle le rapport ici (probable bestiole)
-1
Réponse 19 / 19
Utilisateur anonyme
8 sept. 2008 à 21:35
C'est Ok. Tu epux tout jeter ce que j'ai tait fait installé, hormis Malwarebytes anti-malware, garde-le ça mange pas d'pain.

Clic sur démarrer, poste de travail, Disque local C:, cherche et supprime ce dossier : OTMoveIt
S'il résiste supprime-le en mode sans échec.

Pense à mettre à jour Windows et de temps en temps faire un scan antivirus

Bon surf ! A++
-1

Discussions similaires

enceinte MI Smart Speaker impossible a connecter
bobos -
Panth33ra -

9 réponses
notice utilisation en francais pour wifi smart camera merci
kinos -
Stef -

4 réponses
Télécharger le logiciel Encarta gratuit 2015 version française.
Rémy M. SAKI -
medab -

13 réponses
Télé smart tech
Lebocoeur -
Andy31200 -

3 réponses
échec de l'analyse antivirus
StalkerShadows -
ness -

19 réponses