[Virus] Infecté par drive cleaner , winanti.. [Résolu/Fermé]

Signaler
-
 Ludovic -
Bonjour,

Depuis quelques semaines j'ai un problème de pop up avec drive cleaner, spindoctor, winantivus pro, etc...

J'ai passé quelques logiciels tels spybot mais sans succès alors je vous demande un peu d'aide en collant le log de HijackThis

Merci d'avance :

Logfile of HijackThis v1.99.1
Scan saved at 17:46:18, on 01/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
E:\Program Files\Microsoft LifeCam\MSCamS32.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
E:\Program Files\DynDNS Updater\DynDNS.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
E:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
E:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
E:\WINDOWS\Mixer.exe
E:\WINDOWS\vVX1000.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\PROGRA~1\MICROS~3\rapimgr.exe
E:\Program Files\Skype\Plugin Manager\SkypePM.exe
E:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
E:\Program Files\eMule\emule.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Winamp\winamp.exe
E:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.htplayer.com:81/firefox/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "E:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [OrderReminder] E:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [VX1000] E:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "E:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "E:\WINDOWS\system32\yarklyeu.dll",realset
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [Topic lnternet] lnternet.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - E:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

9 réponses

Messages postés
114728
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
14 novembre 2019
2 931
Salut

Tu as fait ce qu'il t'était demandé ici ???

wilogon exe winantivirus2006#2007 04 25%2020%3A19%3A07
en fait je ne suis pas le même utilisateur que dans ce post, je viens de suivre les conseils de raleuboleu au post 3, j'espère que cela portera ses fruits
^^Marie^^
Messages postés
114728
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
14 novembre 2019
2 931 > Ludovic
Ok


Cela porte à confusion les mm speudos
rajoute toi un chiffre ou quelque chose d'autre

scousi

A+

Messages postés
3723
Date d'inscription
jeudi 30 mai 2002
Statut
Membre
Dernière intervention
20 mars 2008
69
help infecter par drive cleaner system doctor


bonjour, tusuis le mode d emploi de ce post

papy
Messages postés
5034
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
69
salut

coche cette ligne sur hijack puis clic sur fixer l'objet :
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/

dis moi tu as 2 antivirus : avast et norton?
et quel parefeu?

en second telecharge spybot ici :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

et fais 1 scan , reposte ensuite 1 log hijack stp

biz
Messages postés
114728
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
14 novembre 2019
2 931
Houlaaa... Tous en même temps

;-))

Messages postés
5034
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
69
ben oui Marie j'avais pas vu ^^

bizoux
^^Marie^^
Messages postés
114728
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
14 novembre 2019
2 931
Prends pour habitude de toujours cliker sur ""autre message de""
cela te permettra de constater les doublons.
Mais lorsqu'il sont non inscrits, comme l'internaute faut jeter un oeil sur le topik

Et hoplaaa ! le tour est joué

;-))

A++
raleuboleu
Messages postés
5034
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
69
ok merci a toi Marie , j'en apprendrai toujours ici lol
Salut,
Merci pr la réponse.

Auparavant j'avais Norton mais seul Avast est utilisé. (enfin normalement : je ne parviens pas à le supprimer via panneau de configuration, lorsque j'essaye Avast n'arrête pas de faire des alertes type Win32:Adware-gen. [Adw] )

Voici le log hijack après avoir effectuées les opérations demandées par
raleuboleu (post 3)

Logfile of HijackThis v1.99.1
Scan saved at 09:55:20, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
E:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
E:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
E:\WINDOWS\Mixer.exe
E:\WINDOWS\vVX1000.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
E:\PROGRA~1\MICROS~3\rapimgr.exe
E:\Program Files\Microsoft LifeCam\MSCamS32.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
E:\Program Files\DynDNS Updater\DynDNS.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Skype\Plugin Manager\SkypePM.exe
E:\WINDOWS\system32\wuauclt.exe
E:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
E:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.htplayer.com:81/firefox/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "E:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [OrderReminder] E:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [VX1000] E:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "E:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "E:\WINDOWS\system32\yarklyeu.dll",realset
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Topic lnternet] lnternet.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - E:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Messages postés
114728
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
14 novembre 2019
2 931
Re,

¨Pour désinstaller Norton correctement

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

A+
Merci bcp pr le lien
Je repose le log HijackThis après la suppression de Norton. Pour l'heure tjs des pop up type Drive cleaner avec IE7 (arrivent immédiatement) et avec Mozilla je suis en test. Merci de votre aide

Logfile of HijackThis v1.99.1
Scan saved at 15:20:20, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Microsoft LifeCam\MSCamS32.exe
E:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
E:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
E:\WINDOWS\Mixer.exe
E:\WINDOWS\vVX1000.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\PROGRA~1\MICROS~3\rapimgr.exe
E:\Program Files\DynDNS Updater\DynDNS.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Skype\Plugin Manager\SkypePM.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\taskmgr.exe
E:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
E:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
E:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
E:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.htplayer.com:81/firefox/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "E:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [OrderReminder] E:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [VX1000] E:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "E:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "E:\WINDOWS\system32\yarklyeu.dll",realset
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Topic lnternet] lnternet.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - E:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Messages postés
114728
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
14 novembre 2019
2 931
OK



Fais c qui suit

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.


Tu redémarres


Enuite

Prends connaissance du contenu le lien suivant:
http://www.f-secure.com/products/license-terms/eult_fra.pdf
Tu as donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que tu vas télécharger.
Maintenant fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/navilog1.zip
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.bat
Laisses-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2 sans notre avis/accord)
Patientes jusqu'au message :
*** Analyse Termine le ..... ***
Appuies sur une touche comme demandé, le blocnote va s'ouvrir.
Copies-colles l'intégralité dans une réponse. Refermes le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)


Je repasse dès que je peux

A++
Voici les 2 log puis je continue pdt ce tps là
1/VBG

[05/02/2007, 17:20:57] - VirtumundoBeGone v1.5 ( "E:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[05/02/2007, 17:21:11] - Detected System Information:
[05/02/2007, 17:21:11] - Windows Version: 5.1.2600, Service Pack 2
[05/02/2007, 17:21:11] - Current Username: Administrateur (Admin)
[05/02/2007, 17:21:11] - Windows is in NORMAL mode.
[05/02/2007, 17:21:12] - Searching for Browser Helper Objects:
[05/02/2007, 17:21:12] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/02/2007, 17:21:12] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/02/2007, 17:21:12] - BHO 3: {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} ()
[05/02/2007, 17:21:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:12] - Checking for HKLM\...\Winlogon\Notify\xxyawxv
[05/02/2007, 17:21:12] - Found: HKLM\...\Winlogon\Notify\xxyawxv - This is probably Virtumundo.
[05/02/2007, 17:21:12] - Assigning {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} MSEvents Object
[05/02/2007, 17:21:12] - BHO list has been changed! Starting over...
[05/02/2007, 17:21:12] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/02/2007, 17:21:12] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/02/2007, 17:21:12] - BHO 3: {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} (MSEvents Object)
[05/02/2007, 17:21:12] - ALERT: Found MSEvents Object!
[05/02/2007, 17:21:12] - BHO 4: {4A39755A-31FA-4A21-B613-C9D8AFDFAB88} ()
[05/02/2007, 17:21:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:12] - Checking for HKLM\...\Winlogon\Notify\pdpdfqwt
[05/02/2007, 17:21:12] - Key not found: HKLM\...\Winlogon\Notify\pdpdfqwt, continuing.
[05/02/2007, 17:21:12] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/02/2007, 17:21:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:13] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/02/2007, 17:21:13] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/02/2007, 17:21:13] - BHO 6: {87C1BA0A-4580-4B6F-BF3D-80AC62A4A14E} ()
[05/02/2007, 17:21:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:13] - Checking for HKLM\...\Winlogon\Notify\geede
[05/02/2007, 17:21:13] - Found: HKLM\...\Winlogon\Notify\geede - This is probably Virtumundo.
[05/02/2007, 17:21:13] - Assigning {87C1BA0A-4580-4B6F-BF3D-80AC62A4A14E} MSEvents Object
[05/02/2007, 17:21:13] - BHO list has been changed! Starting over...
[05/02/2007, 17:21:13] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/02/2007, 17:21:13] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/02/2007, 17:21:13] - BHO 3: {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} (MSEvents Object)
[05/02/2007, 17:21:13] - ALERT: Found MSEvents Object!
[05/02/2007, 17:21:13] - BHO 4: {4A39755A-31FA-4A21-B613-C9D8AFDFAB88} ()
[05/02/2007, 17:21:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:14] - Checking for HKLM\...\Winlogon\Notify\pdpdfqwt
[05/02/2007, 17:21:14] - Key not found: HKLM\...\Winlogon\Notify\pdpdfqwt, continuing.
[05/02/2007, 17:21:14] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/02/2007, 17:21:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:14] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/02/2007, 17:21:14] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/02/2007, 17:21:14] - BHO 6: {87C1BA0A-4580-4B6F-BF3D-80AC62A4A14E} (MSEvents Object)
[05/02/2007, 17:21:14] - ALERT: Found MSEvents Object!
[05/02/2007, 17:21:15] - BHO 7: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[05/02/2007, 17:21:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:15] - Checking for HKLM\...\Winlogon\Notify\lhivmejr
[05/02/2007, 17:21:15] - Key not found: HKLM\...\Winlogon\Notify\lhivmejr, continuing.
[05/02/2007, 17:21:15] - BHO 8: {F873C67B-ACDF-44AC-B953-1432D055D9EF} ()
[05/02/2007, 17:21:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:15] - Checking for HKLM\...\Winlogon\Notify\pmnll
[05/02/2007, 17:21:15] - Found: HKLM\...\Winlogon\Notify\pmnll - This is probably Virtumundo.
[05/02/2007, 17:21:15] - Assigning {F873C67B-ACDF-44AC-B953-1432D055D9EF} MSEvents Object
[05/02/2007, 17:21:15] - BHO list has been changed! Starting over...
[05/02/2007, 17:21:15] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/02/2007, 17:21:15] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/02/2007, 17:21:15] - BHO 3: {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} (MSEvents Object)
[05/02/2007, 17:21:15] - ALERT: Found MSEvents Object!
[05/02/2007, 17:21:15] - BHO 4: {4A39755A-31FA-4A21-B613-C9D8AFDFAB88} ()
[05/02/2007, 17:21:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:15] - Checking for HKLM\...\Winlogon\Notify\pdpdfqwt
[05/02/2007, 17:21:16] - Key not found: HKLM\...\Winlogon\Notify\pdpdfqwt, continuing.
[05/02/2007, 17:21:16] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/02/2007, 17:21:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:16] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/02/2007, 17:21:16] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/02/2007, 17:21:16] - BHO 6: {87C1BA0A-4580-4B6F-BF3D-80AC62A4A14E} (MSEvents Object)
[05/02/2007, 17:21:16] - ALERT: Found MSEvents Object!
[05/02/2007, 17:21:16] - BHO 7: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[05/02/2007, 17:21:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:16] - Checking for HKLM\...\Winlogon\Notify\lhivmejr
[05/02/2007, 17:21:16] - Key not found: HKLM\...\Winlogon\Notify\lhivmejr, continuing.
[05/02/2007, 17:21:16] - BHO 8: {F873C67B-ACDF-44AC-B953-1432D055D9EF} (MSEvents Object)
[05/02/2007, 17:21:16] - ALERT: Found MSEvents Object!
[05/02/2007, 17:21:16] - Finished Searching Browser Helper Objects
[05/02/2007, 17:21:16] - *** Detected MSEvents Object
[05/02/2007, 17:21:16] - Trying to remove MSEvents Object...
[05/02/2007, 17:21:17] - Terminating Process: IEXPLORE.EXE
[05/02/2007, 17:21:18] - Terminating Process: RUNDLL32.EXE
[05/02/2007, 17:21:18] - Disabling Automatic Shell Restart
[05/02/2007, 17:21:18] - Terminating Process: EXPLORER.EXE
[05/02/2007, 17:21:19] - Suspending the NT Session Manager System Service
[05/02/2007, 17:21:19] - Terminating Windows NT Logon/Logoff Manager
[05/02/2007, 17:21:20] - Re-enabling Automatic Shell Restart
[05/02/2007, 17:21:20] - File to disable: E:\WINDOWS\system32\xxyawxv.dll
[05/02/2007, 17:21:20] - Renaming E:\WINDOWS\system32\xxyawxv.dll -> E:\WINDOWS\system32\xxyawxv.dll.vir
[05/02/2007, 17:21:20] - File successfully renamed!
[05/02/2007, 17:21:20] - Removing HKLM\...\Browser Helper Objects\{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}
[05/02/2007, 17:21:20] - Removing HKCR\CLSID\{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}
[05/02/2007, 17:21:20] - Adding Kill Bit for ActiveX for GUID: {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}
[05/02/2007, 17:21:20] - Deleting ATLEvents/MSEvents Registry entries
[05/02/2007, 17:21:20] - Removing HKLM\...\Winlogon\Notify\xxyawxv
[05/02/2007, 17:21:20] - Searching for Browser Helper Objects:
[05/02/2007, 17:21:20] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/02/2007, 17:21:20] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/02/2007, 17:21:20] - BHO 3: {4A39755A-31FA-4A21-B613-C9D8AFDFAB88} ()
[05/02/2007, 17:21:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:20] - Checking for HKLM\...\Winlogon\Notify\pdpdfqwt
[05/02/2007, 17:21:20] - Key not found: HKLM\...\Winlogon\Notify\pdpdfqwt, continuing.
[05/02/2007, 17:21:20] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/02/2007, 17:21:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:20] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/02/2007, 17:21:21] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/02/2007, 17:21:21] - BHO 5: {87C1BA0A-4580-4B6F-BF3D-80AC62A4A14E} (MSEvents Object)
[05/02/2007, 17:21:21] - ALERT: Found MSEvents Object!
[05/02/2007, 17:21:21] - BHO 6: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[05/02/2007, 17:21:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:21] - Checking for HKLM\...\Winlogon\Notify\lhivmejr
[05/02/2007, 17:21:21] - Key not found: HKLM\...\Winlogon\Notify\lhivmejr, continuing.
[05/02/2007, 17:21:21] - BHO 7: {F873C67B-ACDF-44AC-B953-1432D055D9EF} (MSEvents Object)
[05/02/2007, 17:21:21] - ALERT: Found MSEvents Object!
[05/02/2007, 17:21:21] - Finished Searching Browser Helper Objects
[05/02/2007, 17:21:21] - *** Detected MSEvents Object
[05/02/2007, 17:21:21] - Trying to remove MSEvents Object...
[05/02/2007, 17:21:22] - Terminating Process: IEXPLORE.EXE
[05/02/2007, 17:21:22] - Terminating Process: RUNDLL32.EXE
[05/02/2007, 17:21:22] - Disabling Automatic Shell Restart
[05/02/2007, 17:21:22] - Terminating Process: EXPLORER.EXE
[05/02/2007, 17:21:22] - Suspending the NT Session Manager System Service
[05/02/2007, 17:21:23] - Terminating Windows NT Logon/Logoff Manager
[05/02/2007, 17:21:23] - Re-enabling Automatic Shell Restart
[05/02/2007, 17:21:23] - File to disable: E:\WINDOWS\System32\geede.dll
[05/02/2007, 17:21:23] - Removing HKLM\...\Browser Helper Objects\{87C1BA0A-4580-4B6F-BF3D-80AC62A4A14E}
[05/02/2007, 17:21:23] - Removing HKCR\CLSID\{87C1BA0A-4580-4B6F-BF3D-80AC62A4A14E}
[05/02/2007, 17:21:23] - Adding Kill Bit for ActiveX for GUID: {87C1BA0A-4580-4B6F-BF3D-80AC62A4A14E}
[05/02/2007, 17:21:23] - Deleting ATLEvents/MSEvents Registry entries
[05/02/2007, 17:21:23] - Removing HKLM\...\Winlogon\Notify\geede
[05/02/2007, 17:21:23] - Searching for Browser Helper Objects:
[05/02/2007, 17:21:23] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/02/2007, 17:21:23] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/02/2007, 17:21:23] - BHO 3: {4A39755A-31FA-4A21-B613-C9D8AFDFAB88} ()
[05/02/2007, 17:21:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:23] - Checking for HKLM\...\Winlogon\Notify\pdpdfqwt
[05/02/2007, 17:21:23] - Key not found: HKLM\...\Winlogon\Notify\pdpdfqwt, continuing.
[05/02/2007, 17:21:23] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/02/2007, 17:21:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:23] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/02/2007, 17:21:23] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/02/2007, 17:21:23] - BHO 5: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[05/02/2007, 17:21:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:23] - Checking for HKLM\...\Winlogon\Notify\lhivmejr
[05/02/2007, 17:21:23] - Key not found: HKLM\...\Winlogon\Notify\lhivmejr, continuing.
[05/02/2007, 17:21:23] - BHO 6: {F873C67B-ACDF-44AC-B953-1432D055D9EF} (MSEvents Object)
[05/02/2007, 17:21:23] - ALERT: Found MSEvents Object!
[05/02/2007, 17:21:23] - Finished Searching Browser Helper Objects
[05/02/2007, 17:21:23] - *** Detected MSEvents Object
[05/02/2007, 17:21:23] - Trying to remove MSEvents Object...
[05/02/2007, 17:21:24] - Terminating Process: IEXPLORE.EXE
[05/02/2007, 17:21:24] - Terminating Process: RUNDLL32.EXE
[05/02/2007, 17:21:24] - Disabling Automatic Shell Restart
[05/02/2007, 17:21:24] - Terminating Process: EXPLORER.EXE
[05/02/2007, 17:21:24] - Suspending the NT Session Manager System Service
[05/02/2007, 17:21:25] - Terminating Windows NT Logon/Logoff Manager
[05/02/2007, 17:21:25] - Re-enabling Automatic Shell Restart
[05/02/2007, 17:21:25] - File to disable: E:\WINDOWS\system32\pmnll.dll
[05/02/2007, 17:21:25] - Renaming E:\WINDOWS\system32\pmnll.dll -> E:\WINDOWS\system32\pmnll.dll.vir
[05/02/2007, 17:21:25] - File successfully renamed!
[05/02/2007, 17:21:25] - Removing HKLM\...\Browser Helper Objects\{F873C67B-ACDF-44AC-B953-1432D055D9EF}
[05/02/2007, 17:21:25] - Removing HKCR\CLSID\{F873C67B-ACDF-44AC-B953-1432D055D9EF}
[05/02/2007, 17:21:25] - Adding Kill Bit for ActiveX for GUID: {F873C67B-ACDF-44AC-B953-1432D055D9EF}
[05/02/2007, 17:21:25] - Deleting ATLEvents/MSEvents Registry entries
[05/02/2007, 17:21:25] - Removing HKLM\...\Winlogon\Notify\pmnll
[05/02/2007, 17:21:25] - Searching for Browser Helper Objects:
[05/02/2007, 17:21:25] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/02/2007, 17:21:25] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/02/2007, 17:21:25] - BHO 3: {4A39755A-31FA-4A21-B613-C9D8AFDFAB88} ()
[05/02/2007, 17:21:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:25] - Checking for HKLM\...\Winlogon\Notify\pdpdfqwt
[05/02/2007, 17:21:25] - Key not found: HKLM\...\Winlogon\Notify\pdpdfqwt, continuing.
[05/02/2007, 17:21:25] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/02/2007, 17:21:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:25] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/02/2007, 17:21:25] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/02/2007, 17:21:25] - BHO 5: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[05/02/2007, 17:21:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/02/2007, 17:21:25] - Checking for HKLM\...\Winlogon\Notify\lhivmejr
[05/02/2007, 17:21:25] - Key not found: HKLM\...\Winlogon\Notify\lhivmejr, continuing.
[05/02/2007, 17:21:25] - Finished Searching Browser Helper Objects
[05/02/2007, 17:21:25] - Finishing up...
[05/02/2007, 17:21:25] - A restart is needed.
[05/02/2007, 17:21:36] - Attempting to Restart via STOP error (Blue Screen!)

2/ Logfile of HijackThis v1.99.1
Scan saved at 17:27:13, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Microsoft LifeCam\MSCamS32.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Program Files\DynDNS Updater\DynDNS.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
E:\WINDOWS\Mixer.exe
E:\WINDOWS\vVX1000.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\PROGRA~1\MICROS~3\rapimgr.exe
E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
E:\Program Files\Skype\Plugin Manager\SkypePM.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.htplayer.com:81/firefox/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A39755A-31FA-4A21-B613-C9D8AFDFAB88} - E:\WINDOWS\system32\pdpdfqwt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - E:\WINDOWS\system32\lhivmejr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OrderReminder] E:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [VX1000] E:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "E:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "E:\WINDOWS\system32\yarklyeu.dll",realset
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Topic lnternet] lnternet.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\
O20 - Winlogon Notify: yaywurr - yaywurr.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - E:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Voilà le log après avoir lancé navilog1.bat :

Search Navipromo version 1.1.6 commencé le 02/05/2007 à 17:33:17,31

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis E:\Documents and Settings\Administrateur\Bureau
Mise a jour le 02.05.2007 a 08h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans E:\WINDOWS ***




*** Recherche dossiers dans E:\Program Files ***




*** Recherche dossiers dans E:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans E:\Documents and Settings\Administrateur\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 05/02/07 at 17:33:19.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .............................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 05/02/07 at 17:44:39 (return code = 0).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

E:\WINDOWS\system32\edeeg.ini2 trouvé ! infection Vundo possible non traité par cet outil !
E:\WINDOWS\system32\edeeg.bak1 trouvé ! infection Vundo possible non traité par cet outil !
E:\WINDOWS\system32\llnmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !
E:\WINDOWS\system32\edeeg.bak2 trouvé ! infection Vundo possible non traité par cet outil !
E:\WINDOWS\system32\llnmp.bak2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********


*** Analyse Terminé le 02/05/2007 à 17:45:10,18 ***
Bonjour Marie,

As-tu trouvé quelque chose dans les log postés hier soir ?

Merci d'avance de ton aide,
Messages postés
4
Date d'inscription
jeudi 3 mai 2007
Statut
Membre
Dernière intervention
8 janvier 2008

Il faut utiliser RogueRemover. Télécharge le logiciel sur http://game1.clubic.com/bulk/Rogue-Remover.zip et enregistre le sur ton buro par exemple.
Double clic sur le celui ci et sur le fichier RogueRemoverInstall.exe qu'il contient.
Dans l'assistant, clic successivement sur Nest, I agree, install et enfin sur finish. RogueRemover se lance automatiquement.
Dans la fenetre clic sur SCAN. Si Rogue détecte un intrus type Drive Cleaner, il t'en informe et l'élimine immédiatement.
Bonne chance.
Après toutes les opérations jusqu'au point 16, j'ai ensuite lancé RogueRemover qui a supprimé deux items (comme suggéré par loops73).
Et pour l'heure plus de pop-up : il semble donc que tout cela ait marché. Par contre, je suis bien incapable de savoir si toutes ces opérations étaient les bonnes et/ou toutes nécessaires. (kesako exactement HijackThis ?)

En tout cas un grand merci à tout le monde pour votre aide,

A bientôt