Sujet Précédent Sujet Suivant

[Virus] Infecté par divers virus et spyware

Résolu/Fermé
seb057 Messages postés 8 Date d'inscription mardi 31 juillet 2007 Statut Membre Dernière intervention 3 août 2007 - 31 juil. 2007 à 15:37
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 3 août 2007 à 19:46
Bonjour,

Mon pc est infesté de virus, pourriez vous m'aider à m'en debarrasser ?

voici le rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15:31:27, on 31/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\update\update.exe
C:\Documents and Settings\Sébastien\Bureau\VundoFix.exe
C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE
c:\windows\$hf_mig$\KB890859\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {5A4A2D56-931A-4733-9121-033A2D95A274} - C:\WINDOWS\System32\efcayab.dll
O2 - BHO: (no name) - {D9861FF4-9DE7-4AB8-888B-89DBB06DA294} - C:\WINDOWS\System32\pmnll.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: sockspy.dll sockspy.dll
O20 - Winlogon Notify: efcayab - C:\WINDOWS\SYSTEM32\efcayab.dll
O20 - Winlogon Notify: pmnll - C:\WINDOWS\System32\pmnll.dll
O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe


Merci d'avance

Sébastien

16 réponses

Réponse 1 / 16
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
31 juil. 2007 à 16:24
Salut

Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commende annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

++
0
Réponse 2 / 16
seb057 Messages postés 8 Date d'inscription mardi 31 juillet 2007 Statut Membre Dernière intervention 3 août 2007
31 juil. 2007 à 16:28
Salut !

Voila le rapport:


VundoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 15:11:36 31/07/2007

Listing files found while scanning....

C:\WINDOWS\System32\llnmp.bak1
C:\WINDOWS\System32\llnmp.ini
C:\WINDOWS\System32\pmnll.dll

VundoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 16:17:30 31/07/2007

Listing files found while scanning....

C:\WINDOWS\System32\llnmp.bak1
C:\WINDOWS\System32\llnmp.ini
C:\WINDOWS\System32\pmnll.dll

Beginning removal...

Attempting to delete C:\WINDOWS\System32\llnmp.bak1
C:\WINDOWS\System32\llnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\llnmp.ini
C:\WINDOWS\System32\llnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\pmnll.dll
C:\WINDOWS\System32\pmnll.dll Has been deleted!

Performing Repairs to the registry.
Done!
0
Réponse 3 / 16
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
31 juil. 2007 à 16:42
ok,

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++
0
Réponse 4 / 16
seb057 Messages postés 8 Date d'inscription mardi 31 juillet 2007 Statut Membre Dernière intervention 3 août 2007
31 juil. 2007 à 16:57
Voila ce nouveau rapport:

ComboFix 07-07-30.2 - "S‚bastien" 2007-07-31 16:47:57.1 [GMT 2:00] - NTFS [SAFE MODE]
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.Vrai


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\mljjjhe.dll
C:\WINDOWS\system32\winmyy32.dll
C:\WINDOWS\system32\cbadd.bak1
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\efcayab.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\efcayab.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))


2007-07-31 16:52 <REP> d-------- C:\WINDOWS\system32\tmp00002374
2007-07-31 16:46 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-31 16:45 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-31 16:45 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2007-07-31 16:45 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2007-07-31 16:45 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2007-07-31 16:45 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
2007-07-31 16:45 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
2007-07-31 16:45 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
2007-07-31 16:45 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
2007-07-31 16:29 228,960 --------- C:\WINDOWS\system32\ddabc.dll
2007-07-31 16:18 <REP> d-------- C:\DOCUME~1\SBASTI~1\Contacts
2007-07-31 16:17 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-31 16:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
2007-07-31 16:14 <REP> d-------- C:\Program Files\Windows Live
2007-07-31 16:13 <REP> d-------- C:\DOCUME~1\LOCALS~1\Menu D‚marrer
2007-07-31 16:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2007-07-31 16:10 <REP> d-------- C:\WINDOWS\Prefetch
2007-07-31 15:30 <REP> d-------- C:\Hijackthis
2007-07-31 15:20 <REP> d-------- C:\Program Files\messenger
2007-07-31 15:19 <REP> d-------- C:\WINDOWS\provisioning
2007-07-31 15:19 <REP> d-------- C:\WINDOWS\peernet
2007-07-31 15:16 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-07-31 15:11 <REP> d-------- C:\VundoFix Backups
2007-07-31 15:03 <REP> d-------- C:\WINDOWS\EHome
2007-07-31 14:49 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-07-31 14:49 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-07-31 14:35 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-07-31 14:17 <REP> d-------- C:\DOCUME~1\SBASTI~1\APPLIC~1\Thunderbird
2007-07-31 11:53 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-31 11:47 <REP> d-------- C:\Program Files\CCleaner
2007-07-31 11:38 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-07-31 11:38 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2007-07-31 11:38 332,800 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-07-31 11:36 88,576 --a------ C:\WINDOWS\system32\netsh.exe
2007-07-31 11:36 82,944 --a------ C:\WINDOWS\system32\ws2_32.dll
2007-07-31 11:36 59,904 --a------ C:\WINDOWS\system32\ipv6mon.dll
2007-07-31 11:36 53,760 --a------ C:\WINDOWS\system32\ipv6.exe
2007-07-31 11:36 33,280 --a------ C:\WINDOWS\system32\inetmib1.dll
2007-07-31 11:36 14,336 --a------ C:\WINDOWS\system32\wship6.dll
2007-07-31 11:36 12,416 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2007-07-31 11:36 100,352 --a------ C:\WINDOWS\system32\6to4svc.dll
2007-07-31 11:33 68,096 --a------ C:\WINDOWS\system32\webclnt.dll
2007-07-31 11:33 <REP> d--h----- C:\WINDOWS\PIF
2007-07-31 11:32 295,936 --a------ C:\WINDOWS\system32\kerberos.dll
2007-07-31 11:32 1,097,728 --a------ C:\WINDOWS\system32\esent.dll
2007-07-31 11:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-31 11:18 70,312 --a------ C:\Program Files\codec_setup.exe
2007-07-31 11:17 31,254 --------- C:\WINDOWS\system32\efcayab.dll
2007-07-31 11:15 <REP> d-------- C:\Program Files\PowerArchiver
2007-07-31 11:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ConeXware
2007-07-31 11:10 88,064 --a------ C:\WINDOWS\system32\fldrclnr.dll
2007-07-31 11:10 716,800 --a------ C:\WINDOWS\system32\sxs.dll
2007-07-31 11:10 197,632 --a------ C:\WINDOWS\system32\netman.dll
2007-07-31 11:09 124,928 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2007-07-31 10:54 <REP> d-------- C:\Program Files\MSI
2007-07-31 09:26 <REP> d-------- C:\Program Files\fde
2007-07-31 09:18 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-07-31 09:18 <REP> d-------- C:\Program Files\SBox FreeWare
2007-07-31 09:14 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-07-31 09:14 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-07-31 09:14 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-07-31 09:13 <REP> d-------- C:\WINDOWS\system32\bits
2007-07-31 09:04 14 --a------ C:\DOCUME~1\SBASTI~1\getfile.dat
2007-07-31 09:00 <REP> d---s---- C:\DOCUME~1\SBASTI~1\UserData
2007-07-31 08:56 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-07-31 08:56 75,264 --a------ C:\WINDOWS\system32\olecli32.dll
2007-07-31 08:56 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-07-31 08:56 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-07-31 08:56 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-07-31 08:56 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-07-31 08:56 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe
2007-07-31 08:56 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-07-31 08:56 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2007-07-31 08:56 388,096 --a------ C:\WINDOWS\system32\ipsmsnap.dll
2007-07-31 08:56 361,472 --a------ C:\WINDOWS\system32\ipsecsnp.dll
2007-07-31 08:56 32,768 --a------ C:\WINDOWS\system32\winipsec.dll
2007-07-31 08:56 267,776 --a------ C:\WINDOWS\system32\oakley.dll
2007-07-31 08:56 243,200 --a------ C:\WINDOWS\system32\es.dll
2007-07-31 08:56 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-07-31 08:56 19,968 --a------ C:\WINDOWS\system32\linkinfo.dll
2007-07-31 08:56 184,320 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2007-07-31 08:56 106,496 --a------ C:\WINDOWS\system32\polstore.dll
2007-07-31 08:56 1,284,608 --a------ C:\WINDOWS\system32\ole32.dll
2007-07-31 08:56 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-07-30 16:55 <REP> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-07-30 16:55 <REP> dr--s---- C:\WINDOWS\Fonts
2007-07-30 16:55 <REP> dr------- C:\WINDOWS\Web
2007-07-30 16:55 <REP> d--h----- C:\WINDOWS\inf
2007-07-30 16:55 <REP> d-------- C:\WINDOWS\WinSxS
2007-07-30 16:55 <REP> d-------- C:\WINDOWS\twain_32
2007-07-30 16:55 <REP> d-------- C:\WINDOWS\system32\wins
2007-07-30 16:55 <REP> d-------- C:\WINDOWS\system32\wbem
2007-07-30 16:55 <REP> d-------- C:\WINDOWS\system32\usmt
2007-07-30 16:55 <REP> d-------- C:\WINDOWS\system32\spool
2007-07-30 16:55 <REP> d-------- C:\WINDOWS\system32\ShellExt
2007-07-30 16:55 <REP> d-------- C:\WINDOWS\system32\Setup
2007-07-30 16:55 <REP> d-------- C:\WINDOWS\system32\ras
2007-07-30 16:55 <REP> d-------- C:\WINDOWS\system32\oobe
2007-07-30 16:55 <REP> d-------- C:\WINDOWS\system32\npp


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-31 16:14 48616 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-07-31 16:14 367658 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-05-17 13:09 51568 --a------ C:\WINDOWS\system32\sirenacm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A4A2D56-931A-4733-9121-033A2D95A274}]
2007-07-31 11:17 31254 --------- C:\WINDOWS\system32\efcayab.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E3EE9C5-9693-4D16-9D96-605553655492}]
C:\WINDOWS\System32\pmnll.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB24D500-CCCF-472D-8D7B-0C183F1F4416}]
2007-07-31 16:29 228960 --------- C:\WINDOWS\system32\ddabc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-31 21:05]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-07-30 15:48]
"BDSwitchAgent"="C:\Program Files\Softwin\BitDefender8\\bdswitch.exe" [2007-07-30 15:48]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2007-07-30 15:48]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-05-17 13:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5A4A2D56-931A-4733-9121-033A2D95A274}"= C:\WINDOWS\system32\efcayab.dll [2007-07-31 11:17 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddabc]
C:\WINDOWS\system32\ddabc.dll 2007-07-31 16:29 228960 C:\WINDOWS\system32\ddabc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcayab]
efcayab.dll 2007-07-31 11:17 31254 C:\WINDOWS\system32\efcayab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= sockspy.dll sockspy.dll sockspy.dll

R2 FILESpy;FILESpy;\??\C:\Program Files\Softwin\BitDefender8\filespy.sys
R2 REGSpy;REGSpy;\??\C:\Program Files\Softwin\BitDefender8\regspy.sys
R3 senfilt;senfilt;C:\WINDOWS\system32\drivers\senfilt.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-31 16:54:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-31 16:56:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-31 16:56

--- E O F ---
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
31 juil. 2007 à 17:03
ok, poste un nouveau hijack stp

++
0
Réponse 6 / 16
seb057 Messages postés 8 Date d'inscription mardi 31 juillet 2007 Statut Membre Dernière intervention 3 août 2007
31 juil. 2007 à 17:05
Le voila:

Logfile of HijackThis v1.99.1
Scan saved at 17:05:19, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {5A4A2D56-931A-4733-9121-033A2D95A274} - C:\WINDOWS\system32\efcayab.dll
O2 - BHO: (no name) - {7E3EE9C5-9693-4D16-9D96-605553655492} - C:\WINDOWS\System32\pmnll.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\ucjgvwao.dll
O2 - BHO: (no name) - {CB24D500-CCCF-472D-8D7B-0C183F1F4416} - C:\WINDOWS\system32\ddabc.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: ddabc - C:\WINDOWS\system32\ddabc.dll
O20 - Winlogon Notify: efcayab - C:\WINDOWS\SYSTEM32\efcayab.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 7 / 16
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
31 juil. 2007 à 17:08
ok,

Télécharger VirtumundoBegone sur le bureau: http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe


Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau , poste le stp, avec un nouveau hijack
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu)

++
0
Réponse 8 / 16
olivier
31 juil. 2007 à 17:20
Bonjour a tous ,
N'étant pas un aficionados des manipulations de dévirusage je me permets de vous demander de l' aide.
En effet j ai été informé par avast de l'infection de mon ordinateur par un troyen de type win 32 agent .
Je pensais qu' avast avait réussi à le suprimer mais apparemment ce n'est pas le cas puisque j ai eu de nouveaux messages d'alerte .
J'ai donc télécharger Hijack this pour pouvoir nettoyer les fichiers infectés mais comme vous le savez ce logiciel n'est pas très explicite et demande un certain apprentissage pour détecter les fichiers dangereux.
J ai essayé de me débrouiller par moi meme en recherchant les classifications des logs mais j'ai peur d'endommager des fichiers .
Pourriez m'expliciter les résultats du scan ou tt du moins m'indiquer un programme qui puisse me dire clairement quels fichiers il faut que je fix.
Merci d'avance pour votre aide .

Ci-joint le rapport de scan:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [Cobian Backup 6] "C:\Program Files\Cobian Backup 6\CobBU.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [OBSWATCH] C:\PROGRA~1\OrangeBs\Watch.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSMSGNER] C:\WINDOWS\system32\a.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSN] msnmsgr.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Global Startup: Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{97AEA73F-7A69-401C-8806-3131AB46633D}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
31 juil. 2007 à 17:25
Salut Olivier

ce poste étant en cours, merci d'ouvrir le tien ;-)

http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

++
0
Réponse 9 / 16
seb057 Messages postés 8 Date d'inscription mardi 31 juillet 2007 Statut Membre Dernière intervention 3 août 2007
31 juil. 2007 à 17:24
Les voila

VirtumundoBegone:
[07/31/2007, 17:17:55] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Sébastien\Bureau\VirtumundoBeGone.exe" )
[07/31/2007, 17:18:06] - Detected System Information:
[07/31/2007, 17:18:06] - Windows Version: 5.1.2600, Service Pack 2
[07/31/2007, 17:18:06] - Current Username: Sébastien (Admin)
[07/31/2007, 17:18:06] - Windows is in NORMAL mode.
[07/31/2007, 17:18:06] - Searching for Browser Helper Objects:
[07/31/2007, 17:18:06] - BHO 1: {5A4A2D56-931A-4733-9121-033A2D95A274} ()
[07/31/2007, 17:18:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 17:18:06] - Checking for HKLM\...\Winlogon\Notify\efcayab
[07/31/2007, 17:18:06] - Found: HKLM\...\Winlogon\Notify\efcayab - This is probably Virtumundo.
[07/31/2007, 17:18:06] - Assigning {5A4A2D56-931A-4733-9121-033A2D95A274} MSEvents Object
[07/31/2007, 17:18:06] - BHO list has been changed! Starting over...
[07/31/2007, 17:18:06] - BHO 1: {5A4A2D56-931A-4733-9121-033A2D95A274} (MSEvents Object)
[07/31/2007, 17:18:06] - ALERT: Found MSEvents Object!
[07/31/2007, 17:18:06] - BHO 2: {7E3EE9C5-9693-4D16-9D96-605553655492} ()
[07/31/2007, 17:18:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 17:18:06] - Checking for HKLM\...\Winlogon\Notify\pmnll
[07/31/2007, 17:18:06] - Key not found: HKLM\...\Winlogon\Notify\pmnll, continuing.
[07/31/2007, 17:18:06] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/31/2007, 17:18:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 17:18:06] - No filename found. Continuing.
[07/31/2007, 17:18:06] - BHO 4: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/31/2007, 17:18:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 17:18:06] - Checking for HKLM\...\Winlogon\Notify\ucjgvwao
[07/31/2007, 17:18:06] - Key not found: HKLM\...\Winlogon\Notify\ucjgvwao, continuing.
[07/31/2007, 17:18:06] - BHO 5: {CB24D500-CCCF-472D-8D7B-0C183F1F4416} ()
[07/31/2007, 17:18:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 17:18:06] - Checking for HKLM\...\Winlogon\Notify\ddabc
[07/31/2007, 17:18:06] - Found: HKLM\...\Winlogon\Notify\ddabc - This is probably Virtumundo.
[07/31/2007, 17:18:06] - Assigning {CB24D500-CCCF-472D-8D7B-0C183F1F4416} MSEvents Object
[07/31/2007, 17:18:06] - BHO list has been changed! Starting over...
[07/31/2007, 17:18:06] - BHO 1: {5A4A2D56-931A-4733-9121-033A2D95A274} (MSEvents Object)
[07/31/2007, 17:18:06] - ALERT: Found MSEvents Object!
[07/31/2007, 17:18:06] - BHO 2: {7E3EE9C5-9693-4D16-9D96-605553655492} ()
[07/31/2007, 17:18:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 17:18:06] - Checking for HKLM\...\Winlogon\Notify\pmnll
[07/31/2007, 17:18:06] - Key not found: HKLM\...\Winlogon\Notify\pmnll, continuing.
[07/31/2007, 17:18:06] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/31/2007, 17:18:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 17:18:06] - No filename found. Continuing.
[07/31/2007, 17:18:06] - BHO 4: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/31/2007, 17:18:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 17:18:06] - Checking for HKLM\...\Winlogon\Notify\ucjgvwao
[07/31/2007, 17:18:06] - Key not found: HKLM\...\Winlogon\Notify\ucjgvwao, continuing.
[07/31/2007, 17:18:06] - BHO 5: {CB24D500-CCCF-472D-8D7B-0C183F1F4416} (MSEvents Object)
[07/31/2007, 17:18:06] - ALERT: Found MSEvents Object!
[07/31/2007, 17:18:06] - Finished Searching Browser Helper Objects
[07/31/2007, 17:18:06] - *** Detected MSEvents Object
[07/31/2007, 17:18:06] - Trying to remove MSEvents Object...
[07/31/2007, 17:18:07] - Terminating Process: IEXPLORE.EXE
[07/31/2007, 17:18:08] - Terminating Process: RUNDLL32.EXE
[07/31/2007, 17:18:08] - Disabling Automatic Shell Restart
[07/31/2007, 17:18:08] - Terminating Process: EXPLORER.EXE
[07/31/2007, 17:18:08] - Suspending the NT Session Manager System Service
[07/31/2007, 17:18:08] - Terminating Windows NT Logon/Logoff Manager
[07/31/2007, 17:18:09] - Re-enabling Automatic Shell Restart
[07/31/2007, 17:18:09] - File to disable: C:\WINDOWS\system32\efcayab.dll
[07/31/2007, 17:18:09] - Renaming C:\WINDOWS\system32\efcayab.dll -> C:\WINDOWS\system32\efcayab.dll.vir
[07/31/2007, 17:18:09] - ! File rename was unsucessful.
[07/31/2007, 17:18:09] - Attempting to Deny Access to C:\WINDOWS\system32\efcayab.dll
[07/31/2007, 17:18:09] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[07/31/2007, 17:18:09] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.

[07/31/2007, 17:18:09] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[07/31/2007, 17:18:09] - Removing HKLM\...\Browser Helper Objects\{5A4A2D56-931A-4733-9121-033A2D95A274}
[07/31/2007, 17:18:09] - Removing HKCR\CLSID\{5A4A2D56-931A-4733-9121-033A2D95A274}
[07/31/2007, 17:18:09] - Adding Kill Bit for ActiveX for GUID: {5A4A2D56-931A-4733-9121-033A2D95A274}
[07/31/2007, 17:18:09] - Deleting ATLEvents/MSEvents Registry entries
[07/31/2007, 17:18:09] - Removing HKLM\...\Winlogon\Notify\efcayab
[07/31/2007, 17:18:09] - Searching for Browser Helper Objects:
[07/31/2007, 17:18:09] - BHO 1: {7E3EE9C5-9693-4D16-9D96-605553655492} ()
[07/31/2007, 17:18:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 17:18:09] - Checking for HKLM\...\Winlogon\Notify\pmnll
[07/31/2007, 17:18:09] - Key not found: HKLM\...\Winlogon\Notify\pmnll, continuing.
[07/31/2007, 17:18:09] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/31/2007, 17:18:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 17:18:09] - No filename found. Continuing.
[07/31/2007, 17:18:09] - BHO 3: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/31/2007, 17:18:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 17:18:09] - Checking for HKLM\...\Winlogon\Notify\ucjgvwao
[07/31/2007, 17:18:09] - Key not found: HKLM\...\Winlogon\Notify\ucjgvwao, continuing.
[07/31/2007, 17:18:09] - BHO 4: {CB24D500-CCCF-472D-8D7B-0C183F1F4416} (MSEvents Object)
[07/31/2007, 17:18:09] - ALERT: Found MSEvents Object!
[07/31/2007, 17:18:09] - Finished Searching Browser Helper Objects
[07/31/2007, 17:18:09] - *** Detected MSEvents Object
[07/31/2007, 17:18:09] - Trying to remove MSEvents Object...
[07/31/2007, 17:18:10] - Terminating Process: IEXPLORE.EXE
[07/31/2007, 17:18:10] - Terminating Process: RUNDLL32.EXE
[07/31/2007, 17:18:10] - Disabling Automatic Shell Restart
[07/31/2007, 17:18:10] - Terminating Process: EXPLORER.EXE
[07/31/2007, 17:18:10] - Suspending the NT Session Manager System Service
[07/31/2007, 17:18:11] - Terminating Windows NT Logon/Logoff Manager
[07/31/2007, 17:18:11] - Re-enabling Automatic Shell Restart
[07/31/2007, 17:18:11] - File to disable: C:\WINDOWS\system32\ddabc.dll
[07/31/2007, 17:18:11] - Renaming C:\WINDOWS\system32\ddabc.dll -> C:\WINDOWS\system32\ddabc.dll.vir
[07/31/2007, 17:18:11] - ! File rename was unsucessful.
[07/31/2007, 17:18:11] - Attempting to Deny Access to C:\WINDOWS\system32\ddabc.dll
[07/31/2007, 17:18:11] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[07/31/2007, 17:18:11] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.

[07/31/2007, 17:18:11] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[07/31/2007, 17:18:11] - Removing HKLM\...\Browser Helper Objects\{CB24D500-CCCF-472D-8D7B-0C183F1F4416}
[07/31/2007, 17:18:11] - Removing HKCR\CLSID\{CB24D500-CCCF-472D-8D7B-0C183F1F4416}
[07/31/2007, 17:18:11] - Adding Kill Bit for ActiveX for GUID: {CB24D500-CCCF-472D-8D7B-0C183F1F4416}
[07/31/2007, 17:18:11] - Deleting ATLEvents/MSEvents Registry entries
[07/31/2007, 17:18:11] - Removing HKLM\...\Winlogon\Notify\ddabc
[07/31/2007, 17:18:11] - Searching for Browser Helper Objects:
[07/31/2007, 17:18:11] - BHO 1: {7E3EE9C5-9693-4D16-9D96-605553655492} ()
[07/31/2007, 17:18:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 17:18:11] - Checking for HKLM\...\Winlogon\Notify\pmnll
[07/31/2007, 17:18:11] - Key not found: HKLM\...\Winlogon\Notify\pmnll, continuing.
[07/31/2007, 17:18:11] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/31/2007, 17:18:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 17:18:11] - No filename found. Continuing.
[07/31/2007, 17:18:11] - BHO 3: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/31/2007, 17:18:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 17:18:11] - Checking for HKLM\...\Winlogon\Notify\ucjgvwao
[07/31/2007, 17:18:11] - Key not found: HKLM\...\Winlogon\Notify\ucjgvwao, continuing.
[07/31/2007, 17:18:11] - Finished Searching Browser Helper Objects
[07/31/2007, 17:18:11] - Finishing up...
[07/31/2007, 17:18:11] - A restart is needed.
[07/31/2007, 17:18:11] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[07/31/2007, 17:18:16] - Attempting to Restart via STOP error (Blue Screen!)


HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 17:23:44, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {7E3EE9C5-9693-4D16-9D96-605553655492} - C:\WINDOWS\System32\pmnll.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\ucjgvwao.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 10 / 16
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
31 juil. 2007 à 17:29
ok,

Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe


- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Dézipper l2mfix.exe sur le bureau ;
- Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
- Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
=> Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.

++
0
Réponse 11 / 16
seb057 Messages postés 8 Date d'inscription mardi 31 juillet 2007 Statut Membre Dernière intervention 3 août 2007
31 juil. 2007 à 17:37
L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v7"
"{0286030B-070D-11D3-B35B-00805F010AA5}"="SBoxLight20.ShIco"
"{02860309-070D-11D3-B35B-00805F010AA5}"="SBoxLight20.ShDropIco"
"{02860308-070D-11D3-B35B-00805F010AA5}"="SBoxLight20.ShCtxMnu"
"{0286030C-070D-11D3-B35B-00805F010AA5}"="SBoxLight20.ShPropSheet"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
efcayab.dll Tue 31 Jul 2007 11:17:40 ..... 31 254 30,52 K
rvkfdrlg.dll Tue 31 Jul 2007 17:01:34 A.... 125 504 122,56 K
sirenacm.dll Thu 17 May 2007 13:09:54 A.... 51 568 50,36 K
sockspy.dll Mon 30 Jul 2007 15:48:42 A.... 61 440 60,00 K
ucjgvwao.dll Tue 31 Jul 2007 16:58:34 A.... 69 184 67,56 K
wbhelp2.dll Mon 11 Jun 2007 18:32:00 A.... 56 360 55,04 K

6 items found: 6 files, 0 directories.
Total of file sizes: 395 310 bytes 386,04 K
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7CB1-B63C

R‚pertoire de C:\WINDOWS\System32

31/07/2007 17:18 739ÿ486 cbadd.ini
31/07/2007 17:01 1ÿ176ÿ615 glrdfkvr.ini
31/07/2007 16:09 <REP> dllcache
30/07/2007 15:30 <REP> Microsoft
2 fichier(s) 1ÿ916ÿ101 octets
2 R‚p(s) 42ÿ333ÿ282ÿ304 octets libres
0
Réponse 12 / 16
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
31 juil. 2007 à 17:42
ok,

Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Double-cliquer sur l2mfix.bat ;
- Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
- A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
=> Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.


ensuite, fais ce qui est indiqué ici stp :

virus methode preliminaire de desinfection version fr

++
0
Réponse 13 / 16
seb057 Messages postés 8 Date d'inscription mardi 31 juillet 2007 Statut Membre Dernière intervention 3 août 2007
1 août 2007 à 11:27
Bonjour,

Voici les 3 rapports:

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 10:42:22 01/08/2007

+ Résultat de l'analyse:



:mozilla.18:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.19:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.20:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.10:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.233:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.59:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.9:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.79:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.80:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.228:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.11:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.113:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.121:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Com : Nettoyé.
:mozilla.92:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.93:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.94:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.21:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.136:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.229:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.230:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.231:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.232:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.159:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.160:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.161:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.118:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.44:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.45:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.60:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé.
:mozilla.212:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.213:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.214:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.215:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.216:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.217:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.39:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.40:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.41:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.55:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
:mozilla.56:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
:mozilla.57:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
:mozilla.58:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
:mozilla.222:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.38:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.42:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.43:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.220:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\w5oyfynm.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.


Fin du rapport


BitDefender Online Scanner

Rapport d'analyse généré à: Wed, Aug 01, 2007 - 11:21:24

Voie d'analyse: C:\;D:\;E:\;F:\;



Statistiques

Temps


00:24:27

Fichiers


72806

Directoires


2488

Secteurs de boot


6

Archives


1079

Paquets programmes


3424


Résultats

Virus identifiés


3
Fichiers infectés


3

Fichiers suspects


0

Avertissements


0

Désinfectés


0

Fichiers effacés


3



Info sur les moteurs

Définition virus


642130

Version des moteurs


AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Analyse des plugins


14

Archive des plugins


38

Unpack des plugins


6

E-mail plugins


6

Système plugins


1



Paramètres d'analyse

Première action


Désinfecté

Seconde Action


Supprimé

Heuristique


Oui

Acceptez les avertissements


Oui

Extensions analysées


*;

Excludez les extensions




Analyse d'emails


Oui

Analyse des Archives


Oui

Analyser paquets programmes


Oui

Analyse des fichiers


Oui

Analyse de boot


Oui


Fichier analysé


Statut

C:\Program Files\codec_setup.exe=>(NSIS o)=>lzma_solid_nsis0006


Infecté par: Trojan.Downloader.Zlob.AAEE

C:\Program Files\codec_setup.exe=>(NSIS o)=>lzma_solid_nsis0006


Echec de la désinfection

C:\Program Files\codec_setup.exe=>(NSIS o)=>lzma_solid_nsis0006


Supprimé

C:\Program Files\codec_setup.exe=>(NSIS o)


Echec de la mise à jour

C:\Program Files\fde\old\003.part=>Setup.exe


Infecté par: Win32.Worm.P2P.Puce.G

C:\Program Files\fde\old\003.part=>Setup.exe


Echec de la désinfection

C:\Program Files\fde\old\003.part=>Setup.exe


Supprimé

C:\Program Files\fde\old\003.part


Mis à jour

C:\System Volume Information\_restore{E90B93F3-AE7D-4EF9-A6B2-6C1A3B11A598}\RP123\A0008456.dll


Détecté avec: Adware.Virtumonde.GFZ

C:\System Volume Information\_restore{E90B93F3-AE7D-4EF9-A6B2-6C1A3B11A598}\RP123\A0008456.dll


Echec de la désinfection

C:\System Volume Information\_restore{E90B93F3-AE7D-4EF9-A6B2-6C1A3B11A598}\RP123\A0008456.dll


Supprimé


Logfile of HijackThis v1.99.1
Scan saved at 11:26:42, on 01/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E3EE9C5-9693-4D16-9D96-605553655492} - C:\WINDOWS\System32\pmnll.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
0
Réponse 14 / 16
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
1 août 2007 à 17:48
Salut

ok, où en sont tes soucis ??

++
0
Réponse 15 / 16
seb057 Messages postés 8 Date d'inscription mardi 31 juillet 2007 Statut Membre Dernière intervention 3 août 2007
3 août 2007 à 17:31
Salut,

J'ai refais une analyse bitdefender en ligne, il n'a pas détécté de virus
tout a l'air ok

Merci beaucoup
0
Réponse 16 / 16
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
3 août 2007 à 19:46
Salut

ok,

dernier détail :

Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :


O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll


et installe un parefeu !!!

voir ici : securite proteger un ordinateur contre les malwares d internet

@+

;-))
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
je viens de recevoir une alerte aux virus sur mon iphone
Hugoboss23 -
zoulou33 -

6 réponses