la barre est revenue mais pas d'erreur fatale suite à VirtumondoBeGone
voici les rapports
[11/15/2007, 16:55:38] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Julie\Bureau\VirtumundoBeGone.exe" )
[11/15/2007, 16:55:59] - Detected System Information:
[11/15/2007, 16:55:59] - Windows Version: 5.1.2600, Service Pack 1
[11/15/2007, 16:55:59] - Current Username: Julie (Admin)
[11/15/2007, 16:55:59] - Windows is in NORMAL mode.
[11/15/2007, 16:56:00] - Searching for Browser Helper Objects:
[11/15/2007, 16:56:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/15/2007, 16:56:00] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[11/15/2007, 16:56:00] - BHO 3: {4388D3AF-40EF-4B1B-873F-32D4CF14323F} ()
[11/15/2007, 16:56:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/15/2007, 16:56:00] - Checking for HKLM\...\Winlogon\Notify\iiihg
[11/15/2007, 16:56:00] - Key not found: HKLM\...\Winlogon\Notify\iiihg, continuing.
[11/15/2007, 16:56:00] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/15/2007, 16:56:00] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/15/2007, 16:56:00] - BHO 6: {f7ee146d-7dda-4d57-9461-a285aac8f93a} ()
[11/15/2007, 16:56:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/15/2007, 16:56:00] - Checking for HKLM\...\Winlogon\Notify\erytrjwy
[11/15/2007, 16:56:00] - Key not found: HKLM\...\Winlogon\Notify\erytrjwy, continuing.
[11/15/2007, 16:56:00] - Finished Searching Browser Helper Objects
[11/15/2007, 16:56:00] - Finishing up...
[11/15/2007, 16:56:00] - Nothing found! Exiting...
puis celui de combofix
ComboFix 07-11-08.1 - Julie 2007-11-15 17:00:23.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.50 [GMT 1:00]
Running from: C:\Documents and Settings\Julie\Bureau\ComboFix.exe
* Created a new restore point
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Julie\Bureau\internet.lnk
C:\Documents and Settings\Julie\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Julie\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Julie\Favoris\Online Security Guide.lnk
C:\Program Files\BestsellerAntivirus
C:\Program Files\Fichiers communs\Yazzle1549OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Temporary
C:\WINDOWS\~tmp1117.exe
C:\WINDOWS\~tmp4561.exe
C:\WINDOWS\~tmp9838.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ghiii.bak1
C:\WINDOWS\system32\ghiii.bak2
C:\WINDOWS\system32\ghiii.ini
C:\WINDOWS\System32\iiihg.dll
C:\WINDOWS\system32\jkklmnn.dll
C:\WINDOWS\system32\kaywndmy.dllbox
C:\WINDOWS\system32\kkdsrngk.exe
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\zxdnt3d.cfg
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))))))))
.
2007-11-15 17:00 145,984 --a------ C:\WINDOWS\system32\feobxpqc.dll
2007-11-15 17:00 145,984 --a------ C:\WINDOWS\system32\csyvoumr.dll
2007-11-15 16:58 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 16:34 81,984 --a------ C:\WINDOWS\system32\erytrjwy.dll
2007-11-15 16:31 85,056 --a------ C:\WINDOWS\system32\snfloxuc.dll
2007-11-15 16:18 71,232 --a------ C:\WINDOWS\system32\rqdgwltx.exe
2007-11-14 17:11 <REP> d-------- C:\VundoFix Backups
2007-11-14 15:01 79,936 --a------ C:\WINDOWS\system32\phskqgjd.dll
2007-11-14 14:53 71,232 --a------ C:\WINDOWS\system32\qewngipd.exe
2007-11-10 17:49 79,936 --a------ C:\WINDOWS\system32\pyhnurow.dll
2007-11-10 17:46 71,232 --a------ C:\WINDOWS\system32\pbktwbwj.exe
2007-11-09 17:49 81,472 --a------ C:\WINDOWS\system32\fbhwftvp.dll
2007-11-09 17:44 71,232 --a------ C:\WINDOWS\system32\tnobecpd.exe
2007-11-08 13:44 <REP> d-------- C:\Documents and Settings\Julie\logs
2007-11-08 02:29 <REP> d-------- C:\Program Files\Symantec
2007-11-08 02:29 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-11-08 02:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-08 02:29 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL
2007-11-08 02:29 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2007-11-08 02:29 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
2007-11-07 14:27 <REP> d-------- C:\WINDOWS\system32\DRVSTORE
2007-11-07 14:27 <REP> d--h----- C:\WINDOWS\PIF
2007-11-07 14:27 <REP> d-------- C:\Documents and Settings\Julie\Application Data\Grisoft
2007-11-07 14:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-07 14:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-07 05:34 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-07 05:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-07 05:34 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-07 05:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-07 05:34 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-07 05:34 3,468 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-07 05:25 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-07 04:54 <REP> d-------- C:\Program Files\Trend Micro
2007-11-07 02:12 79,936 --a------ C:\WINDOWS\system32\drnfvrvs.dll
2007-11-07 02:09 86,080 --a------ C:\WINDOWS\system32\kkjcclro.dll
2007-11-06 17:04 <REP> d-------- C:\WINDOWS\pss
2007-11-06 16:50 <REP> d-------- C:\Documents and Settings\Julie\Application Data\Leadertech
2007-11-06 14:03 196,682 --a------ C:\WINDOWS\system32\rwinlldq.exe
2007-11-06 14:02 <REP> d-------- C:\Program Files\SpyGuardPro
2007-11-06 14:02 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-06 14:02 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-21 00:43 <REP> d-------- C:\Documents and Settings\Julie\Application Data\Apple Computer
2007-10-21 00:42 <REP> d-------- C:\Program Files\iTunes
2007-10-21 00:42 <REP> d-------- C:\Program Files\iPod
2007-10-21 00:40 <REP> d-------- C:\Program Files\QuickTime
2007-10-21 00:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-21 00:39 <REP> d-------- C:\Program Files\Apple Software Update
2007-10-21 00:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-17 00:13 <REP> d-------- C:\Program Files\InstallShield Installation Information
2007-10-17 00:12 <REP> d-------- C:\Program Files\Veoh Networks
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 15:41 332 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-07 13:27 --------- d-----w C:\Program Files\eMule
2007-11-07 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2007-11-07 13:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-06 15:58 --------- d-----w C:\Program Files\Kodak
2007-11-06 15:09 --------- d-----w C:\Documents and Settings\Julie\Application Data\Skype
2007-11-01 18:07 --------- d-----w C:\Program Files\Picasa2
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-10-12 01:03 --------- d-----w C:\Documents and Settings\Julie\Application Data\Move Networks
2007-09-23 18:39 --------- d-----w C:\Documents and Settings\Julie\Application Data\VoipBuster
2007-09-23 18:33 --------- d-----w C:\Program Files\VoipBuster.com
2007-09-20 14:53 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-09-16 11:57 --------- d-----w C:\Program Files\Google
2007-05-28 09:00 19,016 ----a-w C:\Documents and Settings\Julie\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-15 17:00 145984 --a------ C:\WINDOWS\system32\csyvoumr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f7ee146d-7dda-4d57-9461-a285aac8f93a}]
2007-11-15 16:34 81984 --a------ C:\WINDOWS\System32\erytrjwy.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\csyvoumr.dll [2007-11-15 17:00 145984]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\csyvoumr.dll [2007-11-15 17:00 145984]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 18:14]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 07:53 C:\WINDOWS\AGRSMMSG.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"doom 3d"="doom3d.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"b89925b5"="C:\WINDOWS\System32\snfloxuc.dll" [2007-11-15 16:31]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18]
"VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2007-06-21 11:26]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-17 00:29]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"doom 3d"=doom3d.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\csyvoumr]
csyvoumr.dll 2007-11-15 17:00 145984 C:\WINDOWS\system32\csyvoumr.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\iiihg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Julie^Menu Démarrer^Programmes^Démarrage^TA_Start.lnk]
path=C:\Documents and Settings\Julie\Menu Démarrer\Programmes\Démarrage\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Julie^Menu Démarrer^Programmes^Démarrage^Think-Adz.lnk]
path=C:\Documents and Settings\Julie\Menu Démarrer\Programmes\Démarrage\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b89925b5]
rundll32.exe "C:\WINDOWS\System32\kkjcclro.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\System32\rwinlldq.exe CHD001
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{92-25-51-1A-ZN}]
C:\windows\system32\kkdsrngk.exe CHD001
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\System32\DRIVERS\PCX504.sys
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\PCASp50.sys
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-03 15:45:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-15 17:10:53
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-15 17:18:45 - machine was rebooted
.
--- E O F ---
j'ai plein de bulles qui apparaissent et me demandent de telecharger un anti spyware
encore merci
