infecté par virtumondeRésolu/Fermé

Question

Bonjour
Zone alarm me dit que je suis infecté par ce virus: not-a-virus:AdWare.Win32.Virtumonde.fp

J'ai des tentatives d'ouverture  de pages sur "winantiviruspro.com" qui est il me semble une fausse pub sur des antivirus...

Y'a t-il un(e) passionné(e) qui veuille bien m'aider à éradiquer cette vermine?

Voici mon rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:38:40, on 19/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\FANNY\Mes documents\Logiciels\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: (no name) - {1831F0A6-F64A-48EF-91AD-9A0B7ACD1D1a} - (no file)
O2 - BHO: (no name) - {31520083-B920-45D8-A71C-618FC861B63E} - C:\WINDOWS\system32\ssqpp.dll
O2 - BHO: (no name) - {51248DEA-04B5-4AD8-AC08-547371D86740} - C:\WINDOWS\system32\ljjggdc.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: IESizer - {3CEE9EC1-84F7-11D9-BC7A-000021D3CE1D} - C:\PROGRA~1\IESizer\IESizer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: ljjggdc - C:\WINDOWS\SYSTEM32\ljjggdc.dll
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - Unknown owner - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

jlpjlp · Answer

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

jlpjlp · Answer

tu peux aussi utiliser pour effacer tes traces de surf et voir si il n'y a pas d'autre espions
CCLEANER
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html


spybot :

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html



AD AWARE
https://www.01net.com/404/

et scan en ligne sur bitdefender :

https://www.bitdefender.com/toolbox/

ou Panda en ligne :

http://pandasoftware.fr

alexplorer · Answer

Voilà j'ai pris le temps de faire toute les manips, il semblerait que le blème soit résolu, mais j'attend ta confirmation avec les rapports:

RAPPORTS VUNDO:

Scanned File
	
 Status

C:\Documents and Settings\FANNY\Mes documents\Logiciels\sécurité\backups\backup-20070519-011430-225.dll
	
Infected with: MemScan:Trojan.Vundo.DLO

C:\Documents and Settings\FANNY\Mes documents\Logiciels\sécurité\backups\backup-20070519-011430-225.dll
	
Disinfection failed

C:\Documents and Settings\FANNY\Mes documents\Logiciels\sécurité\backups\backup-20070519-011430-225.dll	

Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP583\A0062046.exe
	
Suspected of: BehavesLike:Win32.AV-Killer

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP583\A0062046.exe
	
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP583\A0062046.exe
	
Deleted

C:\WINDOWS\system32\ljjggdc.dll	

Infected with: MemScan:Trojan.Vundo.DLO

C:\WINDOWS\system32\ljjggdc.dll	

Disinfection failed

C:\WINDOWS\system32\ljjggdc.dll
	
Delete failed

alexplorer · Answer

Rapport BITDEFENDER:

C:\Documents and Settings\FANNY\Mes documents\Logiciels\sécurité\backups\backup-20070519-011430-225.dll
	

Infected with: MemScan:Trojan.Vundo.DLO

C:\Documents and Settings\FANNY\Mes documents\Logiciels\sécurité\backups\backup-20070519-011430-225.dll
	

Disinfection failed

C:\Documents and Settings\FANNY\Mes documents\Logiciels\sécurité\backups\backup-20070519-011430-225.dll
	

Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP583\A0062046.exe
	

Suspected of: BehavesLike:Win32.AV-Killer

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP583\A0062046.exe
	

Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP583\A0062046.exe
	

Deleted

C:\WINDOWS\system32\ljjggdc.dll
	

Infected with: MemScan:Trojan.Vundo.DLO

C:\WINDOWS\system32\ljjggdc.dll
	

Disinfection failed

C:\WINDOWS\system32\ljjggdc.dll
	

Delete failed

alexplorer · Answer

Et enfin le rapport HIJACK suite aux 2 dernier scan:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:48:33, on 19/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\FANNY\Mes documents\Logiciels\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: (no name) - {1831F0A6-F64A-48EF-91AD-9A0B7ACD1D1a} - (no file)
O2 - BHO: (no name) - {35419BB1-9FB8-40EE-859D-240073605ECA} - C:\WINDOWS\system32\ssqpp.dll
O2 - BHO: (no name) - {51248DEA-04B5-4AD8-AC08-547371D86740} - C:\WINDOWS\system32\ljjggdc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: IESizer - {3CEE9EC1-84F7-11D9-BC7A-000021D3CE1D} - C:\PROGRA~1\IESizer\IESizer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: ljjggdc - C:\WINDOWS\SYSTEM32\ljjggdc.dll
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - Unknown owner - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

alexplorer · Answer

Avec ton dernier lien, VIRTUMONBEGONE voilà le rapport:


[05/19/2007, 20:59:27] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\FANNY\Mes documents\Logiciels\VirtumundoBeGone.exe" )
[05/19/2007, 20:59:34] - Detected System Information:
[05/19/2007, 20:59:34] -  Windows Version: 5.1.2600, Service Pack 2
[05/19/2007, 20:59:34] -  Current Username: Alex (Admin)
[05/19/2007, 20:59:34] -  Windows is in SAFE mode with Networking.
[05/19/2007, 20:59:34] - Searching for Browser Helper Objects:
[05/19/2007, 20:59:34] -  BHO 1: {1831F0A6-F64A-48EF-91AD-9A0B7ACD1D1a} ()
[05/19/2007, 20:59:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:34] -  No filename found. Continuing.
[05/19/2007, 20:59:34] -  BHO 2: {51248DEA-04B5-4AD8-AC08-547371D86740} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] -  Checking for HKLM\...\Winlogon\Notify\ljjggdc
[05/19/2007, 20:59:35] -  Found: HKLM\...\Winlogon\Notify\ljjggdc - This is probably Virtumundo.
[05/19/2007, 20:59:35] -  Assigning {51248DEA-04B5-4AD8-AC08-547371D86740} MSEvents Object
[05/19/2007, 20:59:35] - BHO list has been changed! Starting over...
[05/19/2007, 20:59:35] -  BHO 1: {1831F0A6-F64A-48EF-91AD-9A0B7ACD1D1a} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] -  No filename found. Continuing.
[05/19/2007, 20:59:35] -  BHO 2: {51248DEA-04B5-4AD8-AC08-547371D86740} (MSEvents Object)
[05/19/2007, 20:59:35] - ALERT: Found MSEvents Object!
[05/19/2007, 20:59:35] -  BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/19/2007, 20:59:35] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/19/2007, 20:59:35] -  BHO 4: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] -  No filename found. Continuing.
[05/19/2007, 20:59:35] -  BHO 5: {6BE29409-9418-46C6-A75F-8D43E0476FF7} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] -  Checking for HKLM\...\Winlogon\Notify\ssqpp
[05/19/2007, 20:59:35] -  Found: HKLM\...\Winlogon\Notify\ssqpp - This is probably Virtumundo.
[05/19/2007, 20:59:35] -  Assigning {6BE29409-9418-46C6-A75F-8D43E0476FF7} MSEvents Object
[05/19/2007, 20:59:35] - BHO list has been changed! Starting over...
[05/19/2007, 20:59:35] -  BHO 1: {1831F0A6-F64A-48EF-91AD-9A0B7ACD1D1a} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] -  No filename found. Continuing.
[05/19/2007, 20:59:35] -  BHO 2: {51248DEA-04B5-4AD8-AC08-547371D86740} (MSEvents Object)
[05/19/2007, 20:59:35] - ALERT: Found MSEvents Object!
[05/19/2007, 20:59:35] -  BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/19/2007, 20:59:35] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/19/2007, 20:59:35] -  BHO 4: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] -  No filename found. Continuing.
[05/19/2007, 20:59:35] -  BHO 5: {6BE29409-9418-46C6-A75F-8D43E0476FF7} (MSEvents Object)
[05/19/2007, 20:59:35] - ALERT: Found MSEvents Object!
[05/19/2007, 20:59:36] -  BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/19/2007, 20:59:36] -  BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/19/2007, 20:59:36] -  BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/19/2007, 20:59:36] - Finished Searching Browser Helper Objects
[05/19/2007, 20:59:36] - *** Detected MSEvents Object
[05/19/2007, 20:59:36] - Trying to remove MSEvents Object...
[05/19/2007, 20:59:37] -    Terminating Process: IEXPLORE.EXE
[05/19/2007, 20:59:37] -    Terminating Process: RUNDLL32.EXE
[05/19/2007, 20:59:37] -    Disabling Automatic Shell Restart
[05/19/2007, 20:59:37] -    Terminating Process: EXPLORER.EXE
[05/19/2007, 20:59:37] -    Suspending the NT Session Manager System Service
[05/19/2007, 20:59:37] -    Terminating Windows NT Logon/Logoff Manager
[05/19/2007, 20:59:38] -    Re-enabling Automatic Shell Restart
[05/19/2007, 20:59:38] -   File to disable: C:\WINDOWS\system32\ljjggdc.dll
[05/19/2007, 20:59:38] -  Renaming C:\WINDOWS\system32\ljjggdc.dll -> C:\WINDOWS\system32\ljjggdc.dll.vir
[05/19/2007, 20:59:38] -  File successfully renamed!
[05/19/2007, 20:59:38] -   Removing HKLM\...\Browser Helper Objects\{51248DEA-04B5-4AD8-AC08-547371D86740}
[05/19/2007, 20:59:38] -   Removing HKCR\CLSID\{51248DEA-04B5-4AD8-AC08-547371D86740}
[05/19/2007, 20:59:38] -   Adding Kill Bit for ActiveX for GUID: {51248DEA-04B5-4AD8-AC08-547371D86740}
[05/19/2007, 20:59:38] -   Deleting ATLEvents/MSEvents Registry entries
[05/19/2007, 20:59:38] -   Removing HKLM\...\Winlogon\Notify\ljjggdc
[05/19/2007, 20:59:38] - Searching for Browser Helper Objects:
[05/19/2007, 20:59:38] -  BHO 1: {1831F0A6-F64A-48EF-91AD-9A0B7ACD1D1a} ()
[05/19/2007, 20:59:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:38] -  No filename found. Continuing.
[05/19/2007, 20:59:38] -  BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/19/2007, 20:59:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:38] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/19/2007, 20:59:38] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/19/2007, 20:59:38] -  BHO 3: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/19/2007, 20:59:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:38] -  No filename found. Continuing.
[05/19/2007, 20:59:38] -  BHO 4: {6BE29409-9418-46C6-A75F-8D43E0476FF7} (MSEvents Object)
[05/19/2007, 20:59:38] - ALERT: Found MSEvents Object!
[05/19/2007, 20:59:38] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/19/2007, 20:59:38] -  BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/19/2007, 20:59:38] -  BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/19/2007, 20:59:38] - Finished Searching Browser Helper Objects
[05/19/2007, 20:59:38] - *** Detected MSEvents Object
[05/19/2007, 20:59:38] - Trying to remove MSEvents Object...
[05/19/2007, 20:59:39] -    Terminating Process: IEXPLORE.EXE
[05/19/2007, 20:59:39] -    Terminating Process: RUNDLL32.EXE
[05/19/2007, 20:59:39] -    Disabling Automatic Shell Restart
[05/19/2007, 20:59:39] -    Terminating Process: EXPLORER.EXE
[05/19/2007, 20:59:39] -    Suspending the NT Session Manager System Service
[05/19/2007, 20:59:40] -    Terminating Windows NT Logon/Logoff Manager
[05/19/2007, 20:59:40] -    Re-enabling Automatic Shell Restart
[05/19/2007, 20:59:40] -   File to disable: C:\WINDOWS\system32\ssqpp.dll
[05/19/2007, 20:59:40] -  Renaming C:\WINDOWS\system32\ssqpp.dll -> C:\WINDOWS\system32\ssqpp.dll.vir
[05/19/2007, 20:59:40] -  File successfully renamed!
[05/19/2007, 20:59:40] -   Removing HKLM\...\Browser Helper Objects\{6BE29409-9418-46C6-A75F-8D43E0476FF7}
[05/19/2007, 20:59:40] -   Removing HKCR\CLSID\{6BE29409-9418-46C6-A75F-8D43E0476FF7}
[05/19/2007, 20:59:40] -   Adding Kill Bit for ActiveX for GUID: {6BE29409-9418-46C6-A75F-8D43E0476FF7}
[05/19/2007, 20:59:40] -   Deleting ATLEvents/MSEvents Registry entries
[05/19/2007, 20:59:40] -   Removing HKLM\...\Winlogon\Notify\ssqpp
[05/19/2007, 20:59:40] - Searching for Browser Helper Objects:
[05/19/2007, 20:59:40] -  BHO 1: {1831F0A6-F64A-48EF-91AD-9A0B7ACD1D1a} ()
[05/19/2007, 20:59:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:40] -  No filename found. Continuing.
[05/19/2007, 20:59:40] -  BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/19/2007, 20:59:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:40] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/19/2007, 20:59:40] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/19/2007, 20:59:40] -  BHO 3: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/19/2007, 20:59:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:40] -  No filename found. Continuing.
[05/19/2007, 20:59:40] -  BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/19/2007, 20:59:40] -  BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/19/2007, 20:59:40] -  BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/19/2007, 20:59:40] - Finished Searching Browser Helper Objects
[05/19/2007, 20:59:40] - Finishing up...
[05/19/2007, 20:59:40] - A restart is needed.
[05/19/2007, 20:59:40] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[05/19/2007, 20:59:48] - Attempting to Restart via STOP error (Blue Screen!)

alexplorer · Answer

Puis ensuite l'analyse SYMANTEC m'a dit "pas de VIRTUMONDE dans votre PC!"

Donc c'est VIRTUMONBEGONE qui a du l'éradiquer.

J'attend ton avis...

jlpjlp · Answer

ca m'a l'air bon 

rescanne avec bit defender  pour voir

lovahh_xx · Answer

Bonjour , on me dit aussi que je suis infectée par ce virus. je suis entrain dessayer vos conseil , merci

jlpjlp · Answer

slt,




colle un rapport hijackthis 
 

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo. 

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste 

Ensuite avec Explorer créer un dossier c:\hijackthis 
Décompresser Hijackthis dans ce dossier. 
C'est important pour les sauvegardes."
_______________



scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
___________________

puis :




virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

___________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

______________________

recolle un rapport hijackhtis

lovahh_xx · Answer

Merci, mon hijack est renommer. Mais mon virus s'est infiltrer dans norton. Vundofix ne trouve rien. Virtumundobegone  (kkchose comme sa) ne trouve rien non plus. mon antivirus (antivir) le détecte pourtant tres souvent . Voila le fichier hijackthis , mais au démarrage il me dise qui ne peut pas lire les fichiers hosts, sa déranges ? 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:06, on 2008-01-05
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Users\LOVAHH~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Lovahh_xx\Documents\jpp cleaner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

jlpjlp · Answer

colle le rapport combofix. Et un rapport antivir

lovahh_xx · Answer

Combofix ? 
 J'ai completement supprimer Norton . Antivir ne me dit que jai un virus que par ses alertes on ne le vois pas dans le rapport, c'est ce que je ne comprend pas vraiment.. Depuis que je lai supprimer je nai pas réeu de message comme quoi javais TR\Vundo.DUQ mais c'est parce que sa ne fait pas longtemps et que les alertes sont plutot espacée dans le temps.  Vundofix ne fait rien , je le répete. Est-ce que quelque chose cloche dans mon rapport hijackthis ? 

Voici mon rapport ANtivir. :


AntiVir PersonalEdition Classic
Report file date: 5 janvier 2008  21:41

Scanning for 1000802 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows Vista
Windows version:  (plain)  [6.0.6000]
Username:         SYSTEM
Computer name:    PC-DE-LOVAHH_XX

Version information:
BUILD.DAT    : 270           15603 Bytes  2007-09-19 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  2007-08-23 19:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  2007-08-16 18:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  2007-08-14 21:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  2007-08-21 18:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  2007-07-18 20:27:15
ANTIVIR1.VDF : 7.0.1.95    3367424 Bytes  2007-12-14 22:39:01
ANTIVIR2.VDF : 7.0.1.170    311296 Bytes  2007-12-28 22:39:01
ANTIVIR3.VDF : 7.0.1.194     93696 Bytes  2008-01-04 22:39:01
AVEWIN32.DLL : 7.6.0.46    3084800 Bytes  2008-01-04 22:39:01
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  2007-02-26 16:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  2007-07-18 13:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  2007-04-16 19:16:24
AVPACK32.DLL : 7.6.0.2      360488 Bytes  2008-01-04 22:39:01
AVREG.DLL    : 7.0.1.6       30760 Bytes  2007-07-18 13:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  2007-08-28 18:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  2007-07-18 13:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  2007-03-08 17:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  2007-08-07 18:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  2007-08-21 18:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  2007-07-23 15:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 5 janvier 2008  21:41

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Supervisor.ex' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'eNMTray.exe' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'ePowerSvc.exe' - '1' Module(s) have been scanned
Scan process 'capuserv.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'PSIService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'o2flash.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'MobilityService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'eNet Service.exe' - '1' Module(s) have been scanned
Scan process 'eLockServ.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
73 processes with 73 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'D:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '15' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!


End of the scan: 5 janvier 2008  21:41
Used time: 00:24 min

The scan has been canceled!

     51 Scanning directories
   2073 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
   2073 Files not concerned
     31 Archives were scanned
      2 Warnings
      0 Notes

Quand l'alerte se déclance ca dit : Unwanted program was found. mais cette donnée reste toujours a 0 dans le rapport..

jlpjlp · Answer

il me faut le rapport combofix

lovahh_xx · Answer

Vundofix ne trouve rien : donc pas de rapport
virtumundo : Rien, pas de rapport
Combofix :

ComboFix 08-01-04.1 - Lovahh_xx 2008-01-07 9:56:32.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1831 [GMT -5:00]
Running from: C:\Users\Lovahh_xx\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))))))))
.

2008-01-07 09:54 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-06 19:48 . 2004-01-13 20:10 163,840 --a------ C:\Windows\BJPSUNST.EXE
2008-01-06 19:47 . 1998-11-13 13:16 308,224 --a------ C:\Windows\IsUn040c.exe
2008-01-06 19:46 . 2008-01-06 19:46 <REP> d--h----- C:\Windows\System32\CanonIJ Uninstaller Information
2008-01-06 19:45 . 2008-01-06 19:45 <REP> d--h----- C:\Program Files\CanonBJ
2008-01-06 19:45 . 2006-04-24 00:00 161,792 --a------ C:\Windows\System32\CNMLM84.DLL
2008-01-06 19:44 . 2008-01-06 19:48 <REP> d-------- C:\Program Files\Canon
2008-01-06 19:40 . 2008-01-06 19:40 <REP> d--h----- C:\Users\All Users\CanonBJ
2008-01-06 19:40 . 2008-01-06 19:40 <REP> d--h----- C:\ProgramData\CanonBJ
2008-01-05 14:05 . 2008-01-05 14:05 <REP> d-------- C:\Users\Lovahh_xx\AppData\Roaming\CyberLink
2008-01-05 14:04 . 2008-01-05 14:04 <REP> d-------- C:\Users\Lovahh_xx\AppData\Roaming\dvdcss
2008-01-05 10:52 . 2008-01-05 10:52 <REP> d-------- C:\Program Files\CCleaner
2008-01-04 17:29 . 2008-01-04 17:29 <REP> d-------- C:\Users\All Users\Avira
2008-01-04 17:29 . 2008-01-04 17:29 <REP> d-------- C:\ProgramData\Avira
2008-01-04 17:29 . 2008-01-04 17:29 <REP> d-------- C:\Program Files\Avira
2008-01-04 16:22 . 2008-01-04 16:22 <REP> d-------- C:\Users\All Users\Avg7
2008-01-04 16:22 . 2008-01-04 16:22 <REP> d-------- C:\ProgramData\Avg7
2008-01-04 12:44 . 2008-01-04 12:44 <REP> d-------- C:\VundoFix Backups
2008-01-04 12:38 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-01 19:39 . 2008-01-01 19:39 <REP> d-------- C:\Users\Lovahh_xx\NTI-Shadow
2007-12-29 22:07 . 2007-12-29 22:07 <REP> d-------- C:\Users\All Users\CyberLink
2007-12-29 22:07 . 2007-12-29 22:07 <REP> d-------- C:\ProgramData\CyberLink
2007-12-29 21:11 . 2008-01-07 09:45 <REP> d-------- C:\Users\Lovahh_xx\AppData\Roaming\OpenOffice.org2
2007-12-29 21:09 . 2007-12-29 21:10 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-12-29 21:09 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2007-12-29 21:08 . 2007-12-29 21:09 <REP> d-------- C:\Program Files\Java
2007-12-29 21:08 . 2007-12-29 21:08 <REP> d-------- C:\Program Files\Common Files\Java
2007-12-29 20:33 . 2007-12-29 20:34 <REP> d-------- C:\Program Files\WordPerfect Office X3
2007-12-29 20:33 . 2007-12-29 20:33 <REP> d-------- C:\Program Files\Common Files\Corel
2007-12-29 19:19 . 2007-12-29 19:19 <REP> d-------- C:\Program Files\Corel
2007-12-29 11:04 . 2007-12-29 11:04 <REP> d-------- C:\Program Files\EA GAMES
2007-12-29 11:04 . 2005-02-26 00:34 442,368 -ra------ C:\Windows\System32\vp6vfw.dll
2007-12-28 19:52 . 2007-12-28 19:52 <REP> d-------- C:\Users\All Users\TaskMgr
2007-12-28 19:52 . 2007-12-28 19:52 <REP> d-------- C:\ProgramData\TaskMgr
2007-12-27 20:36 . 2007-12-27 20:36 48 --a------ C:\Windows\winfile.ini
2007-12-27 13:19 . 2007-12-27 20:32 <REP> d-------- C:\Users\All Users\WinZip
2007-12-27 13:19 . 2007-12-27 20:32 <REP> d-------- C:\ProgramData\WinZip
2007-12-27 10:29 . 2007-12-27 10:29 <REP> d-------- C:\Users\Lovahh_xx\AppData\Roaming\vlc
2007-12-27 10:28 . 2007-12-27 10:28 <REP> d-------- C:\Program Files\VideoLAN
2007-12-27 06:05 . 2006-11-03 00:29 21,264 --a------ C:\Windows\System32\drivers\DKbFltr.sys
2007-12-27 06:05 . 2007-09-13 22:43 4,558 --ahs---- C:\Patch.rev
2007-12-27 06:03 . 2007-08-22 16:16 139,264 --a------ C:\Windows\PreLaunch.exe
2007-12-27 06:02 . 2007-12-27 06:04 <REP> d-------- C:\Windows\Lan
2007-12-27 06:02 . 2007-04-20 20:56 20,480 --a------ C:\Windows\RUNXMLPL.EXE
2007-12-26 20:38 . 2007-12-29 19:27 88 -rahs---- C:\Windows\System32\[u]0[/u]080FC7712.sys
2007-12-26 20:36 . 2007-12-26 20:41 <REP> d-------- C:\Users\Lovahh_xx\AppData\Roaming\Corel
2007-12-26 20:36 . 2008-01-06 20:02 2,776 --ahs---- C:\Windows\System32\KGyGaAvL.sys
2007-12-26 20:32 . 2007-12-29 20:33 <REP> d-------- C:\Users\All Users\Corel
2007-12-26 20:32 . 2007-12-29 20:35 <REP> d-------- C:\Users\All Users\Borland
2007-12-26 20:32 . 2007-12-29 20:33 <REP> d-------- C:\ProgramData\Corel
2007-12-26 20:32 . 2007-12-29 20:35 <REP> d-------- C:\ProgramData\Borland
2007-12-26 20:32 . 2007-12-26 20:32 <REP> d-------- C:\Program Files\Common Files\Borland Shared
2007-12-26 19:17 . 2007-12-26 19:17 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2007-12-26 19:13 . 2007-12-26 19:13 <REP> d-------- C:\Windows\SUYIN NB Cam
2007-12-26 19:13 . 2007-12-26 19:13 <REP> d-------- C:\Program Files\Common Files\snp2uvc
2007-12-26 19:13 . 2007-06-12 04:38 1,729,152 --a------ C:\Windows\System32\drivers\snp2uvc.sys
2007-12-26 19:13 . 2006-11-07 09:17 286,720 --a------ C:\Windows\System32\vsnp2uvc.dll
2007-12-26 19:13 . 2007-04-02 12:40 172,032 --a------ C:\Windows\System32\rsnp2uvc.dll
2007-12-26 19:13 . 2005-11-23 07:55 53,248 --a------ C:\Windows\System32\csnp2uvc.dll
2007-12-26 19:13 . 2007-04-25 07:47 45,056 --a------ C:\Windows\PLFSet.dll
2007-12-26 19:13 . 2006-12-28 05:21 27,904 --a------ C:\Windows\System32\drivers\sncduvc.sys
2007-12-26 17:42 . 2007-12-26 17:42 2,923,520 --a------ C:\Windows\explorer.exe
2007-12-26 17:40 . 2007-12-26 17:40 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-12-26 17:40 . 2007-12-26 17:40 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-12-26 17:40 . 2007-12-26 17:40 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-12-26 17:40 . 2007-12-26 17:40 4,096 --a------ C:\Windows\System32\msdxm.ocx
2007-12-26 17:40 . 2007-12-26 17:40 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-12-26 17:33 . 2007-12-26 17:33 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2007-12-26 17:33 . 2007-12-26 17:33 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2007-12-26 17:33 . 2007-12-26 17:33 193,536 --a------ C:\Windows\System32\drivers\usbhub.sys
2007-12-26 17:33 . 2007-12-26 17:33 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2007-12-26 17:33 . 2007-12-26 17:33 19,456 --a------ C:\Windows\System32\drivers\usbohci.sys
2007-12-26 17:33 . 2007-12-26 17:33 8,704 --a------ C:\Windows\System32\hcrstco.dll
2007-12-26 17:33 . 2007-12-26 17:33 8,704 --a------ C:\Windows\System32\hccoin.dll
2007-12-26 17:33 . 2007-12-26 17:33 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2007-12-26 17:33 . 2007-12-26 17:33 2,048 --a------ C:\Windows\System32\msxml3r.dll
2007-12-26 17:32 . 2007-12-26 17:32 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-26 17:31 . 2007-12-26 17:31 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2007-12-26 17:31 . 2007-12-26 17:31 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-26 17:31 . 2007-12-26 17:31 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-26 17:31 . 2007-12-26 17:31 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-26 17:30 . 2007-12-26 17:30 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2007-12-26 17:30 . 2007-12-26 17:30 2,048 --a------ C:\Windows\System32\msxml6r.dll
2007-12-26 17:27 . 2007-12-26 17:27 1,830,912 --a------ C:\Windows\System32\inetcpl.cpl
2007-12-26 17:27 . 2007-12-26 17:27 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-26 17:27 . 2007-12-26 17:27 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-26 17:27 . 2007-12-26 17:27 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-26 17:27 . 2007-12-26 17:27 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-26 17:27 . 2007-12-26 17:27 56,320 --a------ C:\Windows\System32\iesetup.dll
2007-12-26 17:27 . 2007-12-26 17:27 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2007-12-26 17:26 . 2007-12-26 17:26 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-26 17:26 . 2007-12-26 17:26 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-26 17:26 . 2007-12-26 17:26 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2007-12-26 17:25 . 2007-12-26 17:25 750,080 --a------ C:\Windows\System32\qmgr.dll
2007-12-26 17:25 . 2007-12-26 17:25 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-26 16:31 . 2008-01-05 18:55 16 --a------ C:\Windows\System32\coh.cache
2007-12-26 15:24 . 2007-12-26 15:24 0 --a------ C:\Windows\nsreg.dat
2007-12-26 15:21 . 2007-12-26 15:26 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-26 15:20 . 2007-12-26 15:28 <REP> d-------- C:\Program Files\Windows Live
2007-12-26 15:19 . 2007-12-26 15:19 <REP> d-------- C:\Users\All Users\WLInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 00:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 01:45 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-30 01:45 --------- d-----w C:\Program Files\Windows Mail
2007-12-30 01:45 --------- d-----w C:\Program Files\Windows Calendar
2007-12-30 01:45 --------- d-----w C:\Program Files\Microsoft Works
2007-12-26 22:49 174 --sha-w C:\Program Files\desktop.ini
2007-12-26 22:43 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-26 22:43 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-26 22:43 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-26 22:43 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-26 22:43 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-26 22:43 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-26 22:43 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-26 22:43 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-26 22:43 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-26 22:43 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-26 22:43 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-26 22:43 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-26 22:43 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-26 22:43 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-26 22:43 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-26 22:43 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-26 22:43 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-26 22:43 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-26 22:43 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-26 22:42 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-26 22:42 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-26 22:42 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-26 22:42 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-26 22:42 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-26 22:42 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-26 22:42 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-26 22:42 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-26 22:42 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-26 22:42 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-26 22:42 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-26 22:42 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-26 22:42 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-26 22:42 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-12-26 22:37 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-12-26 22:29 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-26 22:29 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-26 22:29 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-26 22:29 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-26 22:29 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-26 22:29 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-26 22:29 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-26 22:29 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-26 22:29 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-26 22:29 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-26 22:29 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-26 22:29 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-26 22:29 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-26 22:29 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-26 22:29 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-26 22:29 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-26 22:29 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-26 22:28 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-26 07:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 07:51 --------- d-----w C:\Program Files\NewTech Infosystems
2007-12-26 07:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-26 07:34 --------- d-sh--w C:\ProgramData\Modèles
2007-12-26 07:34 --------- d-sh--w C:\ProgramData\Menu Démarrer
2007-12-26 07:34 --------- d-sh--w C:\ProgramData\Favoris
2007-12-26 07:34 --------- d-sh--w C:\ProgramData\Bureau
2007-12-26 07:34 --------- d-sh--w C:\Program Files\Fichiers communs
2007-10-18 16:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 07:35 1196032]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 07:34 2159104 C:\Windows\System32\oobefldr.dll]
"Acer Tour Reminder"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-03 03:57 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 16:27 4702208 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 14:00 815104]
"Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-07 21:38 40048]
"Acer Tour"="" []
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 07:47 45056]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"eRecoveryService"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 03:04 813840]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [2007-02-02 14:24 3383296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-04 17:39 249896]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 04:45 222208]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-13 20:10 409600]

C:\Users\Lovahh_xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-17 12:33:55]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 12:04]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-02 18:11]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 16:51]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 16:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 18:50]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 18:12]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 05:29]
R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 11:23]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 02:10]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-06-12 04:38]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 13:12]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 02:30]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 15:18]
S3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 02:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 09:58:30
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 9:59:25
.
2007-12-27 21:38:38 --- E O F ---

NB : Je ne suis pas convaincu mais je crois etre débarasser du virus depuis que je me suis débarrassée de Norton . C'est possible ? Je te remet un hijackthis pour ne pas te faire chercher des solutions sil n'est plus la :

Hijackthis : Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:50, on 2008-01-07
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Users\LOVAHH~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Users\Lovahh_xx\Documents\jpp cleaner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

lovahh_xx · Answer

VBG au cas ou : 


[01/07/2008, 10:06:57] - VirtumundoBeGone v1.5 ( "C:\Users\Lovahh_xx\Desktop\VirtumundoBeGone(2).exe" )
[01/07/2008, 10:07:00] - Detected System Information:
[01/07/2008, 10:07:00] -  Windows Version: 6.0.6000, 
[01/07/2008, 10:07:00] -  Current Username: Lovahh_xx (Admin)
[01/07/2008, 10:07:00] -  Windows is in NORMAL mode.
[01/07/2008, 10:07:00] - Searching for Browser Helper Objects:
[01/07/2008, 10:07:00] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/07/2008, 10:07:00] -  BHO 2: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (EWPBrowseObject Class)
[01/07/2008, 10:07:00] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/07/2008, 10:07:00] -  BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/07/2008, 10:07:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/07/2008, 10:07:00] -  No filename found. Continuing.
[01/07/2008, 10:07:00] -  BHO 5: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} (ShowBarObj Class)
[01/07/2008, 10:07:00] -  BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[01/07/2008, 10:07:00] - Finished Searching Browser Helper Objects
[01/07/2008, 10:07:00] - Finishing up...
[01/07/2008, 10:07:00] - Nothing found! Exiting...

lovahh_xx · Answer

J'ai essayer de faire un scan avec kaspersky puisque lui aussi lavais détecté et il de le trouve plus, Je crois que je suis débarassée de ce trojan mais je ne suis pas sure puisque qu'auparavant il était "rentré" dans norton et celui ci ne le détectait plus. Comment faire pour etre certaine qu'il n'est plus la ?
Autre chose kaspersky détecte maintenant heur.invarder .. -.-

jlpjlp · Answer

désolé . Ma connexion internet est défectueuse . Je regarde depuis mon tel et je pense que tout est ok . Hijackthis est bon . Il ne faut garder qu un seul antivirus . Antivir ou norton. Des que france tel répare ma ligne je te confirme ça

lovahh_xx · Answer

C'est bon, norton je lai supprimer pour essayer de supprimer le virus . Les autres antivrus je les supprime tous au fur et a mesure pour ne jamais en avoir plus que 2. J'ai que antivir la et si tu me confirme que je nai plus de souci a me faire malgré que j'ais heur.invarder je ne garderai que celui la

jlpjlp · Answer

slt, encore des soucis???




Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

__________________

installe pour etere bien protégé spybot SANS ACTIVER LE TEA TIMER car tu as windows defender,
et spywareblaster 











pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français   ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT +/-    si tea timer non active de spybot: WINDOWS DEFENDER 

+

SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation  : il suffit de faire "update" pour mettre à jour tous les mois  et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version 
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf

lovahh_xx · Answer

désolé, ma connexion aussi avait lachée. jai déja antivir

et jai cocher ce que tu mas dit et fais fix checked

jlpjlp · Answer

encore des problemes?

lovahh_xx · Answer

Pas vraiment , donc je crois que je suis débarrassée. Mais est-ce que mes rapports prouvent que je nai plus de souci a me faire ?

jlpjlp · Answer

oui c'est bon

si doute tu peux scanner ton ordi en ligne de temps en temps

bonne continuation

lovahh_xx · Answer

mercii

jlpjlp · Answer

de rien!

elfique · Answer

Bonjour,

Depuis quelques jours je suis infectée par des trojans virtumonde, et je n 'arrive pas à m'en debarrasser.
J'ai Avast 4.7 comme anti virus et j ai aussi Spyware Doctor. Avast ne trouve rien alors je fais tourné bien souvent mon anti spyware, mais ils reviennent toujours et en nombe élevé
Comment faire pour pour m en debarrasser une bonne fois pouur toute???
Esperant avoir une rèp trés vite.

jlpjlp · Answer

colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
_______________



scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
___________________

puis :




virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

___________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

______________________

recolle un rapport hijackhtis

elfique · Answer

Voici mon rapport hijackhtis 


Logfile of HijackThis v1.99.1
Scan saved at 16:20, on 2008-03-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\dpcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top15music.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search4top.net/040C/ie.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ASH Class - {014541E0-B57C-45E2-A24B-87A847C1E4A5} - C:\WINDOWS\system32\MSPCA32.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PU Class - {56EF9AEB-9F18-4CA9-9D41-60F24CEA4A80} - C:\WINDOWS\system32\MSPCA32.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F35945DE-D89B-4C06-B76A-0932CE1ECDE8} - C:\WINDOWS\system32\mljgh.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LoadMSPCA] rundll32.exe C:\WINDOWS\system32\MSPCA32.DLL,MSPCA32
O4 - HKLM\..\Run: [Disk Panel Configuration] dpcsvc.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?dfdaba6ce6e74cfcb6e57fef4b65d629
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?dfdaba6ce6e74cfcb6e57fef4b65d629
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxvtrq - byxvtrq.dll (file missing)
O20 - Winlogon Notify: rqrqqol - rqrqqol.dll (file missing)
O20 - Winlogon Notify: vtuttus - vtuttus.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)

J'espere que tou y est.
Que faire par la suite

jlpjlp · Answer

tu as fais vundofix? combofix...

si oui colle les rapport

sinon fais les

elfique · Answer

le 2eme rapport demander ComboFix 08-03-07.4 - Angélique 2008-03-08 16:43:31.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.133 [GMT 1:00] Endroit: C:\Documents and Settings\Angélique\Local Settings\Temporary Internet Files\Content.IE5\29IZCPMN\ComboFix[1].exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Marie\Application Data\MessengerSkinner C:\Documents and Settings\Marie\Application Data\MessengerSkinner\Userdata\languages_v2.xml C:\Documents and Settings\Marie\Application Data\MessengerSkinner\Userdata\pack1.cab C:\WINDOWS\BMf700d0e6.xml C:\WINDOWS\pack.epk C:\WINDOWS\pskt.ini C:\WINDOWS\system32\bbadd.ini C:\WINDOWS\system32\bbadd.ini2 C:\WINDOWS\system32\cbxwwxv.dll C:\WINDOWS\system32\ebbpebvuhs.dat C:\WINDOWS\system32\ebbpebvuhs.exe C:\WINDOWS\system32\ebbpebvuhs_nav.dat C:\WINDOWS\system32\ebbpebvuhs_navps.dat C:\WINDOWS\system32\ehqvsdul.dll C:\WINDOWS\system32\ghkmp.ini C:\WINDOWS\system32\ghkmp.ini2 C:\WINDOWS\system32\glbrqexc.dll C:\WINDOWS\system32\iifdbay.dll C:\WINDOWS\system32\jkkkhee.dll C:\WINDOWS\system32\khfdedd.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mnnmp.ini2 C:\WINDOWS\system32 vs2.inf C:\WINDOWS\system32\opnllif.dll C:\WINDOWS\system32\opqss.ini C:\WINDOWS\system32\opqss.ini2 C:\WINDOWS\system32\pyyjdhrc.dll C:\WINDOWS\system32\qomjjhf.dll C:\WINDOWS\system32 qrooli.dll C:\WINDOWS\system32\ssqnmjj.dll C:\WINDOWS\system32 stwa.ini2 C:\WINDOWS\system32\vtutqnn.dll C:\WINDOWS\system32\wwuooyoq.dll C:\WINDOWS\system32\yayabca.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))))))) . 2008-03-08 15:20 . 2008-03-08 16:20 d-------- C:\Program Files\Hijackthis Version Française 2008-03-08 14:41 . 2008-03-08 15:22 d-------- C:\VundoFix Backups 2008-03-07 14:21 . 2008-03-07 18:59 1,307,681 ---hs---- C:\WINDOWS\system32\xfgvbvib.ini 2008-03-05 15:56 . 2008-03-05 15:56 d-------- C:\Program Files\Fichiers communs\Skype 2008-03-05 14:01 . 2008-03-05 14:06 1,304,880 ---hs---- C:\WINDOWS\system32\grawudpi.ini 2008-03-04 18:08 . 2008-03-04 18:11 1,302,900 ---hs---- C:\WINDOWS\system32\dtnwuysy.ini 2008-03-04 15:46 . 2008-03-04 17:08 1,302,900 ---hs---- C:\WINDOWS\system32\axsrgyol.ini 2008-03-02 20:05 . 2008-03-02 13:30 75,264 -r-hs---- C:\WINDOWS\system32\dpcsvc.exe 2008-03-02 17:10 . 2008-03-02 17:10 159,744 --a------ C:\WINDOWS\system32\MSPCA32.DLL 2008-03-02 17:10 . 2008-03-02 17:10 766 --a------ C:\WINDOWS\system32\msblk.ico 2008-02-17 12:58 . 2008-02-17 12:58 d-------- C:\Documents and Settings\Angélique\Application Data\Printer Info Cache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-08 15:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-08 14:26 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys 2008-03-07 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-03-06 19:37 --------- d-----w C:\Program Files\Spyware Doctor 2008-03-05 15:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-27 21:03 --------- d-----w C:\Program Files\Windows Live 2008-02-17 12:02 --------- d-----w C:\Documents and Settings\Angélique\Application Data\Image Zone Express 2008-02-17 11:58 --------- d-----w C:\Program Files\Fichiers communs\HP 2008-02-14 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-02-09 18:42 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-02-04 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-03 18:22 --------- d-----w C:\Documents and Settings\Fanny\Application Data\DivX 2008-02-01 11:55 42,376 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-01-29 19:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-29 19:26 --------- d-----w C:\Program Files\SCi 2008-01-29 19:24 --------- d-----w C:\Program Files\directx 2008-01-29 18:06 --------- d-----w C:\Program Files\Eidos Interactive 2008-01-24 13:57 --------- d-----w C:\Program Files\MSECache 2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56EF9AEB-9F18-4CA9-9D41-60F24CEA4A80}] 2008-03-02 17:10 159744 --a------ C:\WINDOWS\system32\MSPCA32.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F35945DE-D89B-4C06-B76A-0932CE1ECDE8}] C:\WINDOWS\system32\mljgh.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 17:12 90112] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 22:22 577536 C:\WINDOWS\soundman.exe] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [ ] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [ ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 09:52 36975] "Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 19:03 310272] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-12 19:10 98304] "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 05:00 98304] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 16:16 376912] "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 14:41 438359] "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-10-09 14:52 185632] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "LoadMSPCA"="C:\WINDOWS\system32\MSPCA32.DLL" [2008-03-02 17:10 159744] "Disk Panel Configuration"="dpcsvc.exe" [2008-03-02 13:30 75264 C:\WINDOWS\system32\dpcsvc.exe] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2007-07-29 13:09:24 217088] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-08 13:30:17 126136] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\byxvtrq] byxvtrq.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify qrqqol] rqrqqol.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\vtuttus] vtuttus.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"= "C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"= "C:\Program Files\AOL 9.0\waol.exe"= "C:\Program Files\Skype\Phone\Skype.exe"= "C:\Program Files\IncrediMail\bin\ImpCnt.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Messenger\msmsgs.exe"= R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-03-08 15:26] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-24 13:00] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7e9fd71-9b89-11dc-b5bb-00038a000015}] \Shell\AutoRun\command - J:\startup.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-08 15:06:13 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-08 16:49:12 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-08 16:51:34 ComboFix-quarantined-files.txt 2008-03-08 15:51:30 . 2008-02-27 21:04:10 --- E O F ---

jlpjlp · Answer

Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

elfique · Answer

Search Navipromo version 3.5.0 commencé le 08/03/2008 à 17:07:23,53

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180 
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Angélique\applic~1" *** 



*** Recherche dossiers dans "C:\Documents and Settings\Angélique\locals~1\applic~1" *** 



*** Recherche dossiers dans "C:\Documents and Settings\Angélique\menudm~1\progra~1" *** 


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

Fichiers trouvés :

gifalfofc.exe trouvé ! 

* Recherche dans "C:\Documents and Settings\Angélique\locals~1\applic~1" * 



*** Recherche fichiers *** 




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\Angélique\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !

4)Recherche fichiers connus :



*** Analyse terminée le 08/03/2008 à 17:14:12,50 ***

jlpjlp · Answer

relance navilog et fais l'option 2 et colle moi le raport

elfique · Answer

Voilà le 2eme rapport Navilog


Clean Navipromo version 3.5.0 commencé le 08/03/2008 à 19:27:43,09

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

gifalfofc.exe trouvé !
Copie gifalfofc.exe réalisée avec succès !
gifalfofc.exe supprimé !


* Suppression dans "C:\Documents and Settings\AngÚlique\locals~1\applic~1" * 



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***


*** Suppression dossiers dans "C:\Documents and Settings\AngÚlique\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\AngÚlique\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\AngÚlique\menudm~1\progra~1" *** 


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Angélique\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans C:\WINDOWS\system32 *


* Dans "C:\Documents and Settings\AngÚlique\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !

*** Nettoyage terminé le 08/03/2008 à 19:35:15,17 ***

jlpjlp · Answer

colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr


_______________

recolle hijakchtis et dis tes soucis actuels

elfique · Answer

le rapport du scan Bitdefender

BitDefender Online Scanner - Rapport virus en temps réel
  
  
 
Généré à: Sat, Mar 08, 2008 - 20:36:33
 

--------------------------------------------------------------------------------

 
  
  
 
Info d'analyse
  
  
 
Fichiers scannés
 79688
 
Infectés Fichiers
 7
 
  
  
 
 
  
  
 
Virus Détectés
  
  
 
Adware.Navipromo.BZC
 1
 
Trojan.Vundo.DVS
 6
 
  
  
 
 
  
  
 
 

--------------------------------------------------------------------------------
  
  
 
Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde. 
  
  

Et le scan Hijacktchis



Logfile of HijackThis v1.99.1
Scan saved at 20:38:45, on 08/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dpcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top15music.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search4top.net/040C/ie.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ASH Class - {014541E0-B57C-45E2-A24B-87A847C1E4A5} - C:\WINDOWS\system32\MSPCA32.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PU Class - {56EF9AEB-9F18-4CA9-9D41-60F24CEA4A80} - C:\WINDOWS\system32\MSPCA32.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F35945DE-D89B-4C06-B76A-0932CE1ECDE8} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {F501C2AB-834A-4B9D-A86B-A1EADA760B00} - C:\WINDOWS\system32\cbxyxwx.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LoadMSPCA] rundll32.exe C:\WINDOWS\system32\MSPCA32.DLL,MSPCA32
O4 - HKLM\..\Run: [Disk Panel Configuration] dpcsvc.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?dfdaba6ce6e74cfcb6e57fef4b65d629
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?dfdaba6ce6e74cfcb6e57fef4b65d629
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxvtrq - byxvtrq.dll (file missing)
O20 - Winlogon Notify: cbxyxwx - C:\WINDOWS\SYSTEM32\cbxyxwx.dll
O20 - Winlogon Notify: rqrqqol - rqrqqol.dll (file missing)
O20 - Winlogon Notify: vtuttus - vtuttus.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)

elfique · Answer

le rapport du scan Bitdefender

BitDefender Online Scanner - Rapport virus en temps réel
  
  
 
Généré à: Sat, Mar 08, 2008 - 20:36:33
 

--------------------------------------------------------------------------------

 
  
  
 
Info d'analyse
  
  
 
Fichiers scannés
 79688
 
Infectés Fichiers
 7
 
  
  
 
 
  
  
 
Virus Détectés
  
  
 
Adware.Navipromo.BZC
 1
 
Trojan.Vundo.DVS
 6
 
  
  
 
 
  
  
 
 

--------------------------------------------------------------------------------
  
  
 
Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde. 
  
  

Et le scan Hijacktchis



Logfile of HijackThis v1.99.1
Scan saved at 20:38:45, on 08/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dpcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top15music.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search4top.net/040C/ie.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ASH Class - {014541E0-B57C-45E2-A24B-87A847C1E4A5} - C:\WINDOWS\system32\MSPCA32.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PU Class - {56EF9AEB-9F18-4CA9-9D41-60F24CEA4A80} - C:\WINDOWS\system32\MSPCA32.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F35945DE-D89B-4C06-B76A-0932CE1ECDE8} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {F501C2AB-834A-4B9D-A86B-A1EADA760B00} - C:\WINDOWS\system32\cbxyxwx.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LoadMSPCA] rundll32.exe C:\WINDOWS\system32\MSPCA32.DLL,MSPCA32
O4 - HKLM\..\Run: [Disk Panel Configuration] dpcsvc.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?dfdaba6ce6e74cfcb6e57fef4b65d629
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?dfdaba6ce6e74cfcb6e57fef4b65d629
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxvtrq - byxvtrq.dll (file missing)
O20 - Winlogon Notify: cbxyxwx - C:\WINDOWS\SYSTEM32\cbxyxwx.dll
O20 - Winlogon Notify: rqrqqol - rqrqqol.dll (file missing)
O20 - Winlogon Notify: vtuttus - vtuttus.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)

jlpjlp · Answer

ok

vas sur ce lien puis insère ceci dans la recherche                  014541E0-B57C-45E2-A24B-87A847C1E4A5


http://www.castlecops.com/CLSID.html


puis
peux tu pour faire evoluer les helper envoyer ce fichier infécté 



ce fichier:



C:\WINDOWS\system32\MSPCA32.DLL 











je prepare pendant ce temps la fin de la desinfection de ton ordi

jlpjlp · Answer

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 

R3 - URLSearchHook: ASH Class - {014541E0-B57C-45E2-A24B-87A847C1E4A5} - C:\WINDOWS\system32\MSPCA32.DLL
O2 - BHO: PU Class - {56EF9AEB-9F18-4CA9-9D41-60F24CEA4A80} - C:\WINDOWS\system32\MSPCA32.DLL

O2 - BHO: (no name) - {F35945DE-D89B-4C06-B76A-0932CE1ECDE8} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {F501C2AB-834A-4B9D-A86B-A1EADA760B00} - C:\WINDOWS\system32\cbxyxwx.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O20 - Winlogon Notify: byxvtrq - byxvtrq.dll (file missing)
O20 - Winlogon Notify: cbxyxwx - C:\WINDOWS\SYSTEM32\cbxyxwx.dll
O20 - Winlogon Notify: rqrqqol - rqrqqol.dll (file missing)
O20 - Winlogon Notify: vtuttus - vtuttus.dll (file missing) 

___________________


pour fusionner: regarde ici pour comprendre pour la suite

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

__________________


Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :






Driver ::
mchInjDrv

File::
C:\WINDOWS\system32\MSPCA32.DLL 
C:\WINDOWS\system32\MSPCA32.DLL
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\Drivers\mchInjDrv.sys
C:\WINDOWS\system32\cbxyxwx.dll 

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56EF9AEB-9F18-4CA9-9D41-60F24CEA4A80}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F35945DE-D89B-4C06-B76A-0932CE1ECDE8}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\byxvtrq]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otifyqrqqol]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\vtuttus]







Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

elfique · Answer

Comme demandé, j'ai fais analyser le fichier C:\WINDOWS\system32\MSPCA32.DLL mais je n ai toujours rien reçu. 
Que faire?

jlpjlp · Answer

pas grave


passe au message 47

elfique · Answer

Impossible de pouvoir faire quelque chose sans que mon ecran "disparaisse"!
 par ailleur, j ai reçu les analyse voici le lien
http://www.castlecops.com/tk41027-ASH_Class.html

jlpjlp · Answer

tu ne peux faire mon message 47???





essaye ceci:


télécharge OTMoveIt 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.  Ou sur  https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 
C:\WINDOWS\system32\MSPCA32.DLL
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\cbxyxwx.dll 

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

elfique · Answer

J'aai pu faire le combofix enfin je crois, voila le rapport: ComboFix 08-03-09.1 - Angélique 2008-03-09 19:39:55.2 - NTFSx86 Endroit: C:\Documents and Settings\Angélique\Local Settings\Temporary Internet Files\Content.IE5\T5I9S4QI\ComboFix[1].exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMf700d0e6.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\amhjkuog.dll C:\WINDOWS\system32\byxxwxw.dll C:\WINDOWS\system32\cbxyxwx.dll C:\WINDOWS\system32\fccbcaa.dll C:\WINDOWS\system32\feqtmvkg.dll C:\WINDOWS\system32\gebayvw.dll C:\WINDOWS\system32\gebcayv.dll C:\WINDOWS\system32\gebccbx.dll C:\WINDOWS\system32\gjkmp.ini C:\WINDOWS\system32\gjkmp.ini2 C:\WINDOWS\system32\goukjhma.ini C:\WINDOWS\system32\iifefdb.dll C:\WINDOWS\system32\jkkkkjj.dll C:\WINDOWS\system32 nliijk.dll C:\WINDOWS\system32\opnnoml.dll C:\WINDOWS\system32\pmkjg.dll C:\WINDOWS\system32 pgohpbv.dll C:\WINDOWS\system32 uvurqn.dll C:\WINDOWS\system32\vtusrqq.dll C:\WINDOWS\system32\vtuvwxw.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))))))) . 2008-03-09 15:36 . 2008-03-09 15:36 3,072 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-03-08 20:05 . 2008-03-08 20:36 d-------- C:\WINDOWS\BDOSCAN8 2008-03-08 17:03 . 2008-03-08 19:35 d-------- C:\Program Files\Navilog1 2008-03-08 15:20 . 2008-03-09 17:11 d-------- C:\Program Files\Hijackthis Version Fran‡aise 2008-03-08 14:41 . 2008-03-08 15:22 d-------- C:\VundoFix Backups 2008-03-07 14:21 . 2008-03-07 18:59 1,307,681 ---hs---- C:\WINDOWS\system32\xfgvbvib.ini 2008-03-05 15:56 . 2008-03-05 15:56 d-------- C:\Program Files\Fichiers communs\Skype 2008-03-05 14:01 . 2008-03-05 14:06 1,304,880 ---hs---- C:\WINDOWS\system32\grawudpi.ini 2008-03-04 18:08 . 2008-03-04 18:11 1,302,900 ---hs---- C:\WINDOWS\system32\dtnwuysy.ini 2008-03-04 15:46 . 2008-03-04 17:08 1,302,900 ---hs---- C:\WINDOWS\system32\axsrgyol.ini 2008-03-02 20:05 . 2008-03-02 13:30 75,264 -r-hs---- C:\WINDOWS\system32\dpcsvc.exe 2008-03-02 17:10 . 2008-03-02 17:10 159,744 --a------ C:\WINDOWS\system32\MSPCA32.DLL 2008-03-02 17:10 . 2008-03-02 17:10 766 --a------ C:\WINDOWS\system32\msblk.ico . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-09 19:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-09 18:58 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys 2008-03-09 16:11 --------- d-----w C:\Program Files\Hijackthis Version Française 2008-03-07 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-03-06 19:37 --------- d-----w C:\Program Files\Spyware Doctor 2008-03-05 15:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-27 21:03 --------- d-----w C:\Program Files\Windows Live 2008-02-17 11:58 --------- d-----w C:\Program Files\Fichiers communs\HP 2008-02-14 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-02-09 18:42 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-02-04 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-03 18:22 --------- d-----w C:\Documents and Settings\Fanny\Application Data\DivX 2008-02-01 11:55 42,376 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-01-29 19:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-29 19:26 --------- d-----w C:\Program Files\SCi 2008-01-29 19:24 --------- d-----w C:\Program Files\directx 2008-01-29 18:06 --------- d-----w C:\Program Files\Eidos Interactive 2008-01-24 13:57 --------- d-----w C:\Program Files\MSECache . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 17:12 90112] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [ ] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [ ] "Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 19:03 310272] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 05:00 98304] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 16:16 376912] "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 14:41 438359] "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-10-09 14:52 185632] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "LoadMSPCA"="C:\WINDOWS\system32\MSPCA32.DLL" [2008-03-02 17:10 159744] "Disk Panel Configuration"="dpcsvc.exe" [2008-03-02 13:30 75264 C:\WINDOWS\system32\dpcsvc.exe] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\cbxyxwx] cbxyxwx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"= "C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"= "C:\Program Files\AOL 9.0\waol.exe"= "C:\Program Files\Skype\Phone\Skype.exe"= "C:\Program Files\IncrediMail\bin\ImpCnt.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Messenger\msmsgs.exe"= R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-03-09 19:58] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-24 13:00] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7e9fd71-9b89-11dc-b5bb-00038a000015}] \Shell\AutoRun\command - J:\startup.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-09 19:06:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" j espere que c'est bien ça!! ps: mon pc plante de plus en plus

jlpjlp · Answer

1/ # Télécharge RavAntivirus d'Evosla : http://ww25.evosla.com/compteur.php?soft=rav_antivirus # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau # Doucle-clique sur >> RAV.exe << afin de lancer l'outil. # Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles) # Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain . # Retire tes disques amovibles et redémarrez votre ordinateur. # Poste le rapport, si infection! 2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe Double-clique sur l’icône. Les icônes vont disparaître. C’est normal. Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite Redémarre ensuite le PC. __________________ refais: Ferme tout tes navigateurs (donc copie ou imprime les instructions avant) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : Driver :: mchInjDrv File:: C:\WINDOWS\system32\MSPCA32.DLL C:\WINDOWS\system32\MSPCA32.DLL C:\WINDOWS\system32\mljgh.dll C:\WINDOWS\system32\Drivers\mchInjDrv.sys C:\WINDOWS\system32\cbxyxwx.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56EF9AEB-9F18-4CA9-9D41-60F24CEA4A80}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F35945DE-D89B-4C06-B76A-0932CE1ECDE8}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\byxvtrq] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify qrqqol] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\vtuttus] Enregistre ce fichier sous le nom CFscript Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer. Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! Ne touche à rien tant que le scan n'est pas terminé. Une fois le scan achevé, un rapport va s'afficher: poste son contenu. Remets aussi un rapport Hijackthis Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

elfique · Answer

je n ai pas de disque dur externe, mais un Mp3 a port USB, ça fear l affaire?
A quoi cela consiste t'il? (juste par curiosité)

jlpjlp · Answer

il y a ecris  SI TU AS,  si tu n'as pas de ne mets aucun disque externe ou clé!!!

Bigg Meuj · Answer

Bonjour à tous,   Voilà moi aussi je suis infecté par virtumonde, avant j'avais une config AVG antivirus + Ad aware et Ccleaner et tt roulait, ensuite je suis ppassé à antivir ki m'a detecté après quelques temps un SASSER A et spybot m'a dit que j'avais unVIRTUMONDE que je supprime et qui revient a chaque scan. Bref je voulais savoir quels étaient les actions de ce trojan de *******  et si quelqu'unpouvait m'aider, merci bcp....

jlpjlp · Answer

slt

cré ton propre message et on t'aidera

snapepe · Answer

il semblerait que VUNDOFIX ne fouille pas dans les backups du programme DEMARRER car j'en ai trouvé plein sur mon PC qui avait eu ce probleme de Virtumonde il ya 4 mois... 

c'est en essayant le soft TROJAN REMOVER qui me les a denichés ..

Infecté par virtumonde

51 réponses

Discussions similaires

Newsletters