Sujet Précédent Sujet Suivant

Spam hijackthis

Fermé
byllu - 29 juin 2007 à 00:22
 Utilisateur anonyme - 29 juin 2007 à 23:01
probléme de spam et voila mon rapport avechijackthis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:20:09, on 29/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\fkodyniv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\thierry\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\fdoeiuos.dll
O2 - BHO: (no name) - {6FD54A05-9C2B-43CB-A3A3-70C6F45B3D76} - C:\WINDOWS\system32\geebc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\khfcaxy.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\lgqysrxh.dll",forkonce
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{862868BD-48ED-4285-A79A-19E8FB5B983B}: NameServer = 212.151.136.242 212.151.137.170
O20 - Winlogon Notify: geebc - C:\WINDOWS\system32\geebc.dll
O20 - Winlogon Notify: khfcaxy - C:\WINDOWS\SYSTEM32\khfcaxy.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\fkodyniv.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
A voir également:

12 réponses

Réponse 1 / 12
Utilisateur anonyme
29 juin 2007 à 04:02
"que dois-je faire par la suite?"


Apprendre la politesse ;-)
0
Réponse 2 / 12
byllu
29 juin 2007 à 09:42
Oui désoler il est vrai que mon message un peu cru et manque de politesse je m'en excuse!
mais que ddois-je supprimer pour supprimer mon spam?
merci!
0
Réponse 3 / 12
Utilisateur anonyme
29 juin 2007 à 15:27
Du spam ou de la pub intenpestive ? :-)
0
Réponse 4 / 12
byllu
29 juin 2007 à 15:30
c'est pa la même chose?
et peut tu me dire ce que je dois supprimer dans mon rapport?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
Utilisateur anonyme
29 juin 2007 à 15:37
Non ce n'est pas la même chose.
Du spam c'est des messages (mails) non désirés que tu reçois sur ta boîte réservée à cet effet
De la pub intenpestive, qui s'affiche à l'écran n'importe quand

A toi de me dire quel est ton problème
0
Réponse 6 / 12
byllu
29 juin 2007 à 15:39
ah ok alors j'ai de la pub intenpestive!

et le rapport qu'il y a dans mon 1ere message qui est "cru" et le rapport généré avec hijackthis et je ne sais pas quoi supprimer pour enlever cet pub!
0
Réponse 7 / 12
Utilisateur anonyme
29 juin 2007 à 15:44
Voilà, c'est plus explicatif ainsi ;-)


¤ Télécharge VundoFix
---> http://www.atribune.org/ccount/click.php?id=4

Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..

double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer si non, fais le par toi même
Une fois qu'il a redémarré colle le rapport C:\vundofix.txt


ET


¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
http://www.suspectfile.com/systemscan/

* Coche uniquement ces cases, décoche tout le reste :

- Recent Files, 60 days

Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
0
Réponse 8 / 12
byllu
29 juin 2007 à 21:04
re
donc pour l'instant j'ai utilisé vundofix et voila le rapport qu'il a généré:

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 20:26:29 29/06/2007

Listing files found while scanning....

C:\windows\system32\byxvsqo.dll
C:\windows\system32\byxxusq.dll
C:\WINDOWS\system32\cbeeg.bak1
C:\WINDOWS\system32\cbeeg.ini
C:\windows\system32\cfmxpmsw.exe
C:\windows\system32\ddcbyvs.dll
C:\windows\system32\ddcyabc.dll
C:\windows\system32\ekdqypbd.exe
C:\windows\system32\fccdeef.dll
C:\WINDOWS\system32\fdoeiuos.dll
C:\windows\system32\fkodyniv.exe
C:\windows\system32\gebxywu.dll
C:\WINDOWS\system32\geebc.dll
C:\windows\system32\hggecyw.dll
C:\WINDOWS\system32\khfcaxy.dll
C:\windows\system32\khfgdec.dll
C:\windows\system32\ljjkigh.dll
C:\windows\system32\luqohjro.ini
C:\windows\system32\nwlwprkw.exe
C:\windows\system32\oebwucqv.exe
C:\windows\system32\opnlige.dll
C:\windows\system32\opnomki.dll
C:\WINDOWS\system32\orjhoqul.dll
C:\windows\system32\pcugrtee.exe
C:\windows\system32\pmnlkli.dll
C:\windows\system32\pmnolml.dll
C:\windows\system32\qomjkhf.dll
C:\windows\system32\rqrqroo.dll
C:\windows\system32\tuvstuv.dll
C:\windows\system32\tuvuusp.dll
C:\windows\system32\urqpppp.dll
C:\windows\system32\urqqqrp.dll
C:\windows\system32\urqqrqo.dll
C:\windows\system32\vturspq.dll
C:\windows\system32\vtusrqn.dll
C:\windows\system32\wvuttuv.dll
C:\windows\system32\xxywurs.dll
C:\windows\system32\yayxuvw.dll

Beginning removal...

Attempting to delete C:\windows\system32\byxvsqo.dll
C:\windows\system32\byxvsqo.dll Has been deleted!

Attempting to delete C:\windows\system32\byxxusq.dll
C:\windows\system32\byxxusq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbeeg.bak1
C:\WINDOWS\system32\cbeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini Has been deleted!

Attempting to delete C:\windows\system32\cfmxpmsw.exe
C:\windows\system32\cfmxpmsw.exe Has been deleted!

Attempting to delete C:\windows\system32\ddcbyvs.dll
C:\windows\system32\ddcbyvs.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcyabc.dll
C:\windows\system32\ddcyabc.dll Has been deleted!

Attempting to delete C:\windows\system32\ekdqypbd.exe
C:\windows\system32\ekdqypbd.exe Has been deleted!

Attempting to delete C:\windows\system32\fccdeef.dll
C:\windows\system32\fccdeef.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fdoeiuos.dll
C:\WINDOWS\system32\fdoeiuos.dll Has been deleted!

Attempting to delete C:\windows\system32\fkodyniv.exe
C:\windows\system32\fkodyniv.exe Has been deleted!

Attempting to delete C:\windows\system32\gebxywu.dll
C:\windows\system32\gebxywu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\geebc.dll Could not be deleted.

Attempting to delete C:\windows\system32\hggecyw.dll
C:\windows\system32\hggecyw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcaxy.dll
C:\WINDOWS\system32\khfcaxy.dll Could not be deleted.

Attempting to delete C:\windows\system32\khfgdec.dll
C:\windows\system32\khfgdec.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjkigh.dll
C:\windows\system32\ljjkigh.dll Has been deleted!

Attempting to delete C:\windows\system32\luqohjro.ini
C:\windows\system32\luqohjro.ini Has been deleted!

Attempting to delete C:\windows\system32\nwlwprkw.exe
C:\windows\system32\nwlwprkw.exe Has been deleted!

Attempting to delete C:\windows\system32\oebwucqv.exe
C:\windows\system32\oebwucqv.exe Has been deleted!

Attempting to delete C:\windows\system32\opnlige.dll
C:\windows\system32\opnlige.dll Has been deleted!

Attempting to delete C:\windows\system32\opnomki.dll
C:\windows\system32\opnomki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\orjhoqul.dll
C:\WINDOWS\system32\orjhoqul.dll Has been deleted!

Attempting to delete C:\windows\system32\pcugrtee.exe
C:\windows\system32\pcugrtee.exe Has been deleted!

Attempting to delete C:\windows\system32\pmnlkli.dll
C:\windows\system32\pmnlkli.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnolml.dll
C:\windows\system32\pmnolml.dll Has been deleted!

Attempting to delete C:\windows\system32\qomjkhf.dll
C:\windows\system32\qomjkhf.dll Has been deleted!

Attempting to delete C:\windows\system32\rqrqroo.dll
C:\windows\system32\rqrqroo.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvstuv.dll
C:\windows\system32\tuvstuv.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvuusp.dll
C:\windows\system32\tuvuusp.dll Has been deleted!

Attempting to delete C:\windows\system32\urqpppp.dll
C:\windows\system32\urqpppp.dll Has been deleted!

Attempting to delete C:\windows\system32\urqqqrp.dll
C:\windows\system32\urqqqrp.dll Has been deleted!

Attempting to delete C:\windows\system32\urqqrqo.dll
C:\windows\system32\urqqrqo.dll Has been deleted!

Attempting to delete C:\windows\system32\vturspq.dll
C:\windows\system32\vturspq.dll Has been deleted!

Attempting to delete C:\windows\system32\vtusrqn.dll
C:\windows\system32\vtusrqn.dll Has been deleted!

Attempting to delete C:\windows\system32\wvuttuv.dll
C:\windows\system32\wvuttuv.dll Has been deleted!

Attempting to delete C:\windows\system32\xxywurs.dll
C:\windows\system32\xxywurs.dll Has been deleted!

Attempting to delete C:\windows\system32\yayxuvw.dll
C:\windows\system32\yayxuvw.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\geebc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcaxy.dll
C:\WINDOWS\system32\khfcaxy.dll Has been deleted!

Performing Repairs to the registry.
Done!

Et la je vais utilisé suspecfile.
0
Réponse 9 / 12
byllu
29 juin 2007 à 21:08
et voila le rapport de suspecfile:


VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 20:26:29 29/06/2007

Listing files found while scanning....

C:\windows\system32\byxvsqo.dll
C:\windows\system32\byxxusq.dll
C:\WINDOWS\system32\cbeeg.bak1
C:\WINDOWS\system32\cbeeg.ini
C:\windows\system32\cfmxpmsw.exe
C:\windows\system32\ddcbyvs.dll
C:\windows\system32\ddcyabc.dll
C:\windows\system32\ekdqypbd.exe
C:\windows\system32\fccdeef.dll
C:\WINDOWS\system32\fdoeiuos.dll
C:\windows\system32\fkodyniv.exe
C:\windows\system32\gebxywu.dll
C:\WINDOWS\system32\geebc.dll
C:\windows\system32\hggecyw.dll
C:\WINDOWS\system32\khfcaxy.dll
C:\windows\system32\khfgdec.dll
C:\windows\system32\ljjkigh.dll
C:\windows\system32\luqohjro.ini
C:\windows\system32\nwlwprkw.exe
C:\windows\system32\oebwucqv.exe
C:\windows\system32\opnlige.dll
C:\windows\system32\opnomki.dll
C:\WINDOWS\system32\orjhoqul.dll
C:\windows\system32\pcugrtee.exe
C:\windows\system32\pmnlkli.dll
C:\windows\system32\pmnolml.dll
C:\windows\system32\qomjkhf.dll
C:\windows\system32\rqrqroo.dll
C:\windows\system32\tuvstuv.dll
C:\windows\system32\tuvuusp.dll
C:\windows\system32\urqpppp.dll
C:\windows\system32\urqqqrp.dll
C:\windows\system32\urqqrqo.dll
C:\windows\system32\vturspq.dll
C:\windows\system32\vtusrqn.dll
C:\windows\system32\wvuttuv.dll
C:\windows\system32\xxywurs.dll
C:\windows\system32\yayxuvw.dll

Beginning removal...

Attempting to delete C:\windows\system32\byxvsqo.dll
C:\windows\system32\byxvsqo.dll Has been deleted!

Attempting to delete C:\windows\system32\byxxusq.dll
C:\windows\system32\byxxusq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbeeg.bak1
C:\WINDOWS\system32\cbeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini Has been deleted!

Attempting to delete C:\windows\system32\cfmxpmsw.exe
C:\windows\system32\cfmxpmsw.exe Has been deleted!

Attempting to delete C:\windows\system32\ddcbyvs.dll
C:\windows\system32\ddcbyvs.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcyabc.dll
C:\windows\system32\ddcyabc.dll Has been deleted!

Attempting to delete C:\windows\system32\ekdqypbd.exe
C:\windows\system32\ekdqypbd.exe Has been deleted!

Attempting to delete C:\windows\system32\fccdeef.dll
C:\windows\system32\fccdeef.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fdoeiuos.dll
C:\WINDOWS\system32\fdoeiuos.dll Has been deleted!

Attempting to delete C:\windows\system32\fkodyniv.exe
C:\windows\system32\fkodyniv.exe Has been deleted!

Attempting to delete C:\windows\system32\gebxywu.dll
C:\windows\system32\gebxywu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\geebc.dll Could not be deleted.

Attempting to delete C:\windows\system32\hggecyw.dll
C:\windows\system32\hggecyw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcaxy.dll
C:\WINDOWS\system32\khfcaxy.dll Could not be deleted.

Attempting to delete C:\windows\system32\khfgdec.dll
C:\windows\system32\khfgdec.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjkigh.dll
C:\windows\system32\ljjkigh.dll Has been deleted!

Attempting to delete C:\windows\system32\luqohjro.ini
C:\windows\system32\luqohjro.ini Has been deleted!

Attempting to delete C:\windows\system32\nwlwprkw.exe
C:\windows\system32\nwlwprkw.exe Has been deleted!

Attempting to delete C:\windows\system32\oebwucqv.exe
C:\windows\system32\oebwucqv.exe Has been deleted!

Attempting to delete C:\windows\system32\opnlige.dll
C:\windows\system32\opnlige.dll Has been deleted!

Attempting to delete C:\windows\system32\opnomki.dll
C:\windows\system32\opnomki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\orjhoqul.dll
C:\WINDOWS\system32\orjhoqul.dll Has been deleted!

Attempting to delete C:\windows\system32\pcugrtee.exe
C:\windows\system32\pcugrtee.exe Has been deleted!

Attempting to delete C:\windows\system32\pmnlkli.dll
C:\windows\system32\pmnlkli.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnolml.dll
C:\windows\system32\pmnolml.dll Has been deleted!

Attempting to delete C:\windows\system32\qomjkhf.dll
C:\windows\system32\qomjkhf.dll Has been deleted!

Attempting to delete C:\windows\system32\rqrqroo.dll
C:\windows\system32\rqrqroo.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvstuv.dll
C:\windows\system32\tuvstuv.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvuusp.dll
C:\windows\system32\tuvuusp.dll Has been deleted!

Attempting to delete C:\windows\system32\urqpppp.dll
C:\windows\system32\urqpppp.dll Has been deleted!

Attempting to delete C:\windows\system32\urqqqrp.dll
C:\windows\system32\urqqqrp.dll Has been deleted!

Attempting to delete C:\windows\system32\urqqrqo.dll
C:\windows\system32\urqqrqo.dll Has been deleted!

Attempting to delete C:\windows\system32\vturspq.dll
C:\windows\system32\vturspq.dll Has been deleted!

Attempting to delete C:\windows\system32\vtusrqn.dll
C:\windows\system32\vtusrqn.dll Has been deleted!

Attempting to delete C:\windows\system32\wvuttuv.dll
C:\windows\system32\wvuttuv.dll Has been deleted!

Attempting to delete C:\windows\system32\xxywurs.dll
C:\windows\system32\xxywurs.dll Has been deleted!

Attempting to delete C:\windows\system32\yayxuvw.dll
C:\windows\system32\yayxuvw.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\geebc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcaxy.dll
C:\WINDOWS\system32\khfcaxy.dll Has been deleted!

Performing Repairs to the registry.
Done!


Suis-je débarasser de cette *****?
mais en tout un grand MERCI pour ton aide!
0
Réponse 10 / 12
Utilisateur anonyme
29 juin 2007 à 21:59
Tu as posté deux fois le même rapport ;-)
0
Réponse 11 / 12
byllu
29 juin 2007 à 22:22
a oui désler donc voila le second:


SystemScan - www.suspectfile.com - ver. 3.1.2

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 29/06/2007
Time: 22:16:58

Output limited to:
-Recent files

===================== Recent files (60 days old)=====================

----- recent files in C:\
15/05/2007 19:08:10 (DIR) 0 byte 45 days old -- RECYCLER
20/05/2007 20:41:42 (DIR) 0 byte 40 days old -- Documents and Settings
29/06/2007 20:57:50 (DIR) 0 byte 0 days old -- VundoFix Backups
29/06/2007 20:59:19 6080 byte 0 days old -- VundoFix.txt
29/06/2007 21:20:46 805306368 byte 0 days old -- pagefile.sys
29/06/2007 21:31:42 (DIR) 0 byte 0 days old -- WINDOWS
29/06/2007 21:34:44 (DIR) 0 byte 0 days old -- Program Files
29/06/2007 22:16:58 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
08/05/2007 10:27:38 (DIR) 0 byte 52 days old -- Sun
11/05/2007 18:51:46 (DIR) 0 byte 49 days old -- ShellNew
11/05/2007 18:53:01 (DIR) 0 byte 49 days old -- Fonts
11/05/2007 18:53:03 541 byte 49 days old -- win.ini
13/05/2007 16:07:28 7850 byte 47 days old -- ADVPCB99SE.INI
13/05/2007 16:07:29 5495 byte 47 days old -- PCBPrint99SE.Ini
13/05/2007 16:45:51 281696 byte 47 days old -- CLIENT99SE.~cs
13/05/2007 16:45:51 8924 byte 47 days old -- CLIENT99SE.~af
13/05/2007 18:02:37 929 byte 47 days old -- ProHelp99SE.INI
13/05/2007 19:35:59 282292 byte 47 days old -- CLIENT99SE.rcs
13/05/2007 19:35:59 3036 byte 47 days old -- CLIENT99SE.ndr
13/05/2007 19:36:00 8924 byte 47 days old -- CLIENT99SE.raf
13/05/2007 19:36:04 2618 byte 47 days old -- AdvSch99SE.dft
13/05/2007 19:36:05 142 byte 47 days old -- SimView99SE.INI
16/05/2007 19:37:45 0 byte 44 days old -- setuperr.log
16/05/2007 19:38:05 9648 byte 44 days old -- Wudf01000UnInst.log
16/05/2007 19:38:05 1374 byte 44 days old -- imsins.BAK
16/05/2007 20:38:23 1523 byte 44 days old -- OEWABLog.txt
18/05/2007 17:50:56 (DIR) 0 byte 42 days old -- Network Diagnostic
18/05/2007 18:14:01 (DIR) 0 byte 42 days old -- T2I
20/05/2007 20:47:29 (DIR) 0 byte 40 days old -- assembly
20/05/2007 20:58:04 21 byte 40 days old -- realb42.ini
22/05/2007 13:00:50 385 byte 38 days old -- ODBC.INI
10/06/2007 17:19:01 0 byte 19 days old -- err.txt
16/06/2007 16:05:27 336 byte 13 days old -- nsw.log
16/06/2007 16:42:26 139264 byte 13 days old -- War3Unin.exe
16/06/2007 16:42:26 2829 byte 13 days old -- War3Unin.pif
16/06/2007 16:45:28 80695 byte 13 days old -- War3Unin.dat
22/06/2007 16:25:44 (DIR) 0 byte 7 days old -- inf
26/06/2007 12:48:03 (DIR) 0 byte 3 days old -- Downloaded Program Files
26/06/2007 13:06:25 107 byte 3 days old -- HelpAdvisor99SE.ini
26/06/2007 13:06:25 10 byte 3 days old -- AdvSIM99SE.INI
26/06/2007 13:06:25 3306 byte 3 days old -- AdvSch99SE.ini
26/06/2007 13:06:48 6841 byte 3 days old -- Client99SE.INI
26/06/2007 14:38:10 680 byte 3 days old -- AUTOLNCH.REG
26/06/2007 16:14:59 16574 byte 3 days old -- EPISMF00.SWB
26/06/2007 16:22:23 4 byte 3 days old -- windebug.log
27/06/2007 11:30:46 400 byte 2 days old -- regopt.log
27/06/2007 20:12:52 43640 byte 2 days old -- msmqinst.log
27/06/2007 20:13:09 58918 byte 2 days old -- tsoc.log
27/06/2007 20:13:09 4566 byte 2 days old -- imsins.log
27/06/2007 20:13:09 41192 byte 2 days old -- comsetup.log
27/06/2007 20:13:09 38454 byte 2 days old -- ocgen.log
27/06/2007 20:13:09 160572 byte 2 days old -- iis6.log
27/06/2007 20:13:09 122766 byte 2 days old -- FaxSetup.log
27/06/2007 20:13:09 25861 byte 2 days old -- ntdtcsetup.log
27/06/2007 20:13:44 2565 byte 2 days old -- wmsetup.log
27/06/2007 20:16:11 1054 byte 2 days old -- setupact.log
27/06/2007 20:29:38 (DIR) 0 byte 2 days old -- Help
28/06/2007 23:57:59 1158671 byte 1 days old -- setupapi.log
29/06/2007 16:12:31 0 byte 0 days old -- MEMORY.DMP
29/06/2007 20:56:46 1486170 byte 0 days old -- ntbtlog.txt
29/06/2007 21:14:23 116 byte 0 days old -- NeroDigital.ini
29/06/2007 21:20:06 32566 byte 0 days old -- SchedLgU.Txt
29/06/2007 21:20:48 2048 byte 0 days old -- bootstat.dat
29/06/2007 21:21:13 50 byte 0 days old -- wiaservc.log
29/06/2007 21:21:14 157 byte 0 days old -- wiadebug.log
29/06/2007 21:21:15 0 byte 0 days old -- 0.log
29/06/2007 21:21:41 (DIR) 0 byte 0 days old -- system32
29/06/2007 21:21:42 (DIR) 0 byte 0 days old -- WinSxS
29/06/2007 21:21:46 14822 byte 0 days old -- DPINST.LOG
29/06/2007 21:21:50 (DIR) 0 byte 0 days old -- Installer
29/06/2007 21:32:33 (DIR) 0 byte 0 days old -- Temp
29/06/2007 21:33:15 1252736 byte 0 days old -- WindowsUpdate.log

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
04/05/2007 10:53:09 3121 byte 56 days old -- CONFIG.NT
05/05/2007 22:54:53 4136 byte 55 days old -- jupdate-1.6.0_01-b06.log
08/05/2007 12:08:31 (DIR) 0 byte 52 days old -- FxsTmp
12/05/2007 05:10:40 727888 byte 48 days old -- FNTCACHE.DAT
16/05/2007 21:48:23 1222 byte 44 days old -- mapisvc.inf
20/05/2007 20:47:58 (DIR) 0 byte 40 days old -- appmgmt
07/06/2007 13:14:04 3437 byte 22 days old -- qtplugin.log
21/06/2007 15:06:06 (DIR) 0 byte 8 days old -- SoftwareDistribution
24/06/2007 19:09:10 2228 byte 5 days old -- wpa.dbl
26/06/2007 12:18:00 4672 byte 3 days old -- kuoayjfg.exe
26/06/2007 13:07:13 (DIR) 0 byte 3 days old -- QuickTime
27/06/2007 20:13:06 402406 byte 2 days old -- perfh009.dat
27/06/2007 20:13:06 76136 byte 2 days old -- perfc00C.dat
27/06/2007 20:13:06 1021406 byte 2 days old -- PerfStringBackup.INI
27/06/2007 20:13:06 469622 byte 2 days old -- perfh00C.dat
27/06/2007 20:13:06 63016 byte 2 days old -- perfc009.dat
27/06/2007 23:20:40 765 byte 2 days old -- anvibarj.ini
28/06/2007 10:42:31 (DIR) 0 byte 1 days old -- drivers
28/06/2007 10:43:50 (DIR) 0 byte 1 days old -- oodag
28/06/2007 20:11:47 960557 byte 1 days old -- tfrtjdkm.ini
28/06/2007 22:16:53 98304 byte 1 days old -- CmdLineExt.dll
28/06/2007 23:57:52 (DIR) 0 byte 1 days old -- CatRoot2
29/06/2007 12:06:43 961036 byte 0 days old -- hxrsyqgl.ini
29/06/2007 21:20:45 4656 byte 0 days old -- OODBS.lor
29/06/2007 21:20:59 0 byte 0 days old -- NvApps.xml

----- recent files in C:\WINDOWS\system32\drivers\
14/05/2007 22:21:00 (DIR) 0 byte 46 days old -- etc
16/06/2007 22:37:02 25544 byte 13 days old -- hamachi.sys

----- recent files in C:\WINDOWS\temp\
29/06/2007 20:04:22 0 byte 0 days old -- T30DebugLogFile.txt
29/06/2007 20:57:47 16384 byte 0 days old -- Perflib_Perfdata_7dc.dat
29/06/2007 21:20:57 16384 byte 0 days old -- Perflib_Perfdata_6d8.dat
29/06/2007 22:15:36 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Program Files\
05/05/2007 22:54:53 (DIR) 0 byte 55 days old -- Java
11/05/2007 18:53:02 (DIR) 0 byte 49 days old -- Microsoft Picture It!
13/05/2007 22:28:13 (DIR) 0 byte 47 days old -- Pochette Express 2
28/05/2007 11:29:38 (DIR) 0 byte 32 days old -- Kooner
13/06/2007 17:59:33 (DIR) 0 byte 16 days old -- DVD Shrink
16/06/2007 22:37:41 (DIR) 0 byte 13 days old -- Hamachi
17/06/2007 02:58:14 (DIR) 0 byte 12 days old -- Valve Lan
26/06/2007 13:06:24 (DIR) 0 byte 3 days old -- Design Explorer 99 SE
26/06/2007 13:54:44 (DIR) 0 byte 3 days old -- Warcraft III
26/06/2007 18:08:05 (DIR) 0 byte 3 days old -- Gta Save
26/06/2007 20:21:14 (DIR) 0 byte 3 days old -- eMule
27/06/2007 20:29:37 (DIR) 0 byte 2 days old -- OO Software
28/06/2007 10:42:33 (DIR) 0 byte 1 days old -- Fichiers communs
29/06/2007 21:23:51 (DIR) 0 byte 0 days old -- InstallShield Installation Information
29/06/2007 21:34:44 (DIR) 0 byte 0 days old -- Windows Live
29/06/2007 21:34:44 (DIR) 0 byte 0 days old -- MSN Messenger
29/06/2007 21:34:46 (DIR) 0 byte 0 days old -- Messenger Plus! Live

----- recent files in C:\Program Files\Fichiers communs\
18/05/2007 18:56:33 (DIR) 0 byte 42 days old -- Ahead

==========================================
Scan completed in 0 minutes
End of report
0
Réponse 12 / 12
Utilisateur anonyme
29 juin 2007 à 23:01
Fais un clic droit sur ce lien :Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 4 et valide.

Le fix va te demander de saisir le nom de fichier.
Saisies ce qui est en gras ci-dessous et rien d'autre puis valide:

kuoayjfg

Le fix va te demander de le resaisir, fais-le et valide

Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaitre

PS: Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Cliques en haut à gauche sur fichiers et choisis "exécuter"
Tapes explorer et valides. Celà te fera apparaitre ton bureau
0

Discussions similaires

Appel depuis le numéro 789
salah -
inwifan -

3 réponses
Snap par sms
Landy -
Cpassimple -

10 réponses
Comment savoir si les messages provenant de Vosmms.com sont fiables ?
.:.:Thomas:.:. -
Alex -

30 réponses
Boîte mail piratée ?
mike the llama -
mike the llama -

4 réponses
Spam tinder
Souffle_3700 -
Radinoz -

1 réponse