biddle's

Salut Styx, je crois qu'on est sur la bonne voie, il n'y a plus de pop-up pour l'instant. voici le rapport [07/07/2007, 12:42:39] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Agathe\Bureau\VirtumundoBeGone.exe" ) [07/07/2007, 12:42:43] - Detected System Information: [07/07/2007, 12:42:43] - Windows Version: 5.1.2600, Service Pack 2 [07/07/2007, 12:42:43] - Current Username: Agathe (Admin) [07/07/2007, 12:42:43] - Windows is in NORMAL mode. [07/07/2007, 12:42:43] - Searching for Browser Helper Objects: [07/07/2007, 12:42:43] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [07/07/2007, 12:42:43] - BHO 2: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper) [07/07/2007, 12:42:43] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} () [07/07/2007, 12:42:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/07/2007, 12:42:43] - Checking for HKLM\...\Winlogon\Notify\SDHelper [07/07/2007, 12:42:43] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [07/07/2007, 12:42:43] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [07/07/2007, 12:42:43] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [07/07/2007, 12:42:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/07/2007, 12:42:43] - No filename found. Continuing. [07/07/2007, 12:42:43] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [07/07/2007, 12:42:43] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [07/07/2007, 12:42:43] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper) [07/07/2007, 12:42:43] - BHO 9: {C034EC11-FA2D-4202-AB79-98570A956917} () [07/07/2007, 12:42:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/07/2007, 12:42:43] - Checking for HKLM\...\Winlogon\Notify\jkklm [07/07/2007, 12:42:43] - Key not found: HKLM\...\Winlogon\Notify\jkklm, continuing. [07/07/2007, 12:42:43] - BHO 10: {E12BFF69-38A7-406e-A8EF-2738107A7831} () [07/07/2007, 12:42:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/07/2007, 12:42:43] - Checking for HKLM\...\Winlogon\Notify\dxxmbxyw [07/07/2007, 12:42:43] - Key not found: HKLM\...\Winlogon\Notify\dxxmbxyw, continuing. [07/07/2007, 12:42:43] - Finished Searching Browser Helper Objects [07/07/2007, 12:42:43] - Finishing up... [07/07/2007, 12:42:43] - Nothing found! Exiting... [07/07/2007, 12:43:12] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Agathe\Bureau\VirtumundoBeGone.exe" ) [07/07/2007, 12:43:15] - Detected System Information: [07/07/2007, 12:43:15] - Windows Version: 5.1.2600, Service Pack 2 [07/07/2007, 12:43:15] - Current Username: Agathe (Admin) [07/07/2007, 12:43:15] - Windows is in NORMAL mode. [07/07/2007, 12:43:15] - Searching for Browser Helper Objects: [07/07/2007, 12:43:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [07/07/2007, 12:43:15] - BHO 2: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper) [07/07/2007, 12:43:15] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} () [07/07/2007, 12:43:15] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/07/2007, 12:43:15] - Checking for HKLM\...\Winlogon\Notify\SDHelper [07/07/2007, 12:43:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [07/07/2007, 12:43:15] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [07/07/2007, 12:43:15] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [07/07/2007, 12:43:15] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/07/2007, 12:43:15] - No filename found. Continuing. [07/07/2007, 12:43:15] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [07/07/2007, 12:43:15] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [07/07/2007, 12:43:15] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper) [07/07/2007, 12:43:15] - BHO 9: {C034EC11-FA2D-4202-AB79-98570A956917} () [07/07/2007, 12:43:15] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/07/2007, 12:43:15] - Checking for HKLM\...\Winlogon\Notify\jkklm [07/07/2007, 12:43:15] - Key not found: HKLM\...\Winlogon\Notify\jkklm, continuing. [07/07/2007, 12:43:15] - BHO 10: {E12BFF69-38A7-406e-A8EF-2738107A7831} () [07/07/2007, 12:43:15] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/07/2007, 12:43:15] - Checking for HKLM\...\Winlogon\Notify\dxxmbxyw [07/07/2007, 12:43:15] - Key not found: HKLM\...\Winlogon\Notify\dxxmbxyw, continuing. [07/07/2007, 12:43:15] - Finished Searching Browser Helper Objects [07/07/2007, 12:43:15] - Finishing up... [07/07/2007, 12:43:15] - Nothing found! Exiting... [07/07/2007, 13:00:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Agathe\Bureau\VirtumundoBeGone.exe" ) [07/07/2007, 13:00:12] - Detected System Information: [07/07/2007, 13:00:12] - Windows Version: 5.1.2600, Service Pack 2 [07/07/2007, 13:00:12] - Current Username: Agathe (Admin) [07/07/2007, 13:00:12] - Windows is in SAFE mode with Networking. [07/07/2007, 13:00:12] - Searching for Browser Helper Objects: [07/07/2007, 13:00:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [07/07/2007, 13:00:12] - BHO 2: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper) [07/07/2007, 13:00:12] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} () [07/07/2007, 13:00:12] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/07/2007, 13:00:12] - Checking for HKLM\...\Winlogon\Notify\SDHelper [07/07/2007, 13:00:12] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [07/07/2007, 13:00:12] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [07/07/2007, 13:00:12] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [07/07/2007, 13:00:12] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/07/2007, 13:00:12] - No filename found. Continuing. [07/07/2007, 13:00:12] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [07/07/2007, 13:00:12] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [07/07/2007, 13:00:12] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper) [07/07/2007, 13:00:12] - BHO 9: {C034EC11-FA2D-4202-AB79-98570A956917} () [07/07/2007, 13:00:12] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/07/2007, 13:00:12] - Checking for HKLM\...\Winlogon\Notify\jkklm [07/07/2007, 13:00:12] - Key not found: HKLM\...\Winlogon\Notify\jkklm, continuing. [07/07/2007, 13:00:12] - BHO 10: {E12BFF69-38A7-406e-A8EF-2738107A7831} () [07/07/2007, 13:00:12] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/07/2007, 13:00:12] - Checking for HKLM\...\Winlogon\Notify\dxxmbxyw [07/07/2007, 13:00:12] - Key not found: HKLM\...\Winlogon\Notify\dxxmbxyw, continuing. [07/07/2007, 13:00:12] - Finished Searching Browser Helper Objects [07/07/2007, 13:00:12] - Finishing up... [07/07/2007, 13:00:12] - Nothing found! Exiting...

Me revoici, revoila me rapport Incident Statut Analyse Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\system32\esusstvf.dll Adware:adware/webattaker No Désinfecté c:\windows\UNIQ Adware:adware/wupd No Désinfecté Registre Windows Virus:Trj/Lowzones.TP Désinfecté C:\WINDOWS\SYSTEM32\LPCBMJRI.EXE Virus:Trj/Lowzones.TP Désinfecté C:\WINDOWS\SYSTEM32\JTLSAFEX.EXE Virus:Trj/Lowzones.TP Désinfecté C:\WINDOWS\SYSTEM32\QXIMHJFW.EXE Spyware:Spyware/Vundo No Désinfecté C:\WINDOWS\SYSTEM32\JBNDAKWT.DLL Virus:Trj/Lowzones.TP Désinfecté C:\WINDOWS\SYSTEM32\GRUYCEXF.EXE Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\SYSTEM32\Process.exe Outil indésirable:Application/Winantivirus2006 No Désinfecté C:\Documents and Settings\Agathe\Local Settings\Temporary Internet Files\Content.IE5\EHSP8PY7\WinAntiVirusPro2007FreeInstall[1].cab[uWA7P_0001_N91M0809NetInstaller.exe] Adware:Adware/WinAntivirus2006 No Désinfecté C:\Documents and Settings\Agathe\Local Settings\Temp\TINSKHED.DLL Adware:Adware/WinAntivirus2006 No Désinfecté C:\Documents and Settings\Agathe\Local Settings\Temp\XFQRUVCW.DLL Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Agathe\Bureau\SmitfraudFix\SmitfraudFix.zip[smitfraudFix/Process.exe] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Agathe\Bureau\SmitfraudFix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Agathe\Bureau\Nouveau dossier\Process.exe Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@zedo[1].txt Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@mediaplex[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@xiti[1].txt Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@stats1.reliablestats[2].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@doubleclick[1].txt Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@atdmt[2].txt Spyware:Cookie/Winantivirus No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@winantivirus[2].txt Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@ad.yieldmanager[2].txt Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@statcounter[2].txt Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\byxyyxu.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\dpnsfqnp.dll.bad Spyware:Spyware/Vundo No Désinfecté C:\VundoFix Backups\ecwfjrom.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\efcyxyx(2).dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\fccdcyx.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\idiesmhd.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\mljhigf.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\mljijji.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\opnnmlk.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\rqrqqro.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\tuvspmn.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\tuvspnm.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\yayyyxy.dll.bad

Salut Styx, méchante job ce virus là. voici le rapport: Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\system32\esusstvf.dll Adware:adware/webattaker No Désinfecté c:\windows\UNIQ Adware:adware/wupd No Désinfecté Registre Windows Virus:Trj/Lowzones.TP Désinfecté C:\WINDOWS\SYSTEM32\LPCBMJRI.EXE Virus:Trj/Lowzones.TP Désinfecté C:\WINDOWS\SYSTEM32\JTLSAFEX.EXE Virus:Trj/Lowzones.TP Désinfecté C:\WINDOWS\SYSTEM32\QXIMHJFW.EXE Spyware:Spyware/Vundo No Désinfecté C:\WINDOWS\SYSTEM32\JBNDAKWT.DLL Virus:Trj/Lowzones.TP Désinfecté C:\WINDOWS\SYSTEM32\GRUYCEXF.EXE Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\SYSTEM32\Process.exe Outil indésirable:Application/Winantivirus2006 No Désinfecté C:\Documents and Settings\Agathe\Local Settings\Temporary Internet Files\Content.IE5\EHSP8PY7\WinAntiVirusPro2007FreeInstall[1].cab[uWA7P_0001_N91M0809NetInstaller.exe] Adware:Adware/WinAntivirus2006 No Désinfecté C:\Documents and Settings\Agathe\Local Settings\Temp\TINSKHED.DLL Adware:Adware/WinAntivirus2006 No Désinfecté C:\Documents and Settings\Agathe\Local Settings\Temp\XFQRUVCW.DLL Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Agathe\Bureau\SmitfraudFix\SmitfraudFix.zip[smitfraudFix/Process.exe] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Agathe\Bureau\SmitfraudFix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Agathe\Bureau\Nouveau dossier\Process.exe Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@zedo[1].txt Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@mediaplex[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@xiti[1].txt Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@stats1.reliablestats[2].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@doubleclick[1].txt Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@atdmt[2].txt Spyware:Cookie/Winantivirus No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@winantivirus[2].txt Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@ad.yieldmanager[2].txt Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@statcounter[2].txt Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\byxyyxu.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\dpnsfqnp.dll.bad Spyware:Spyware/Vundo No Désinfecté C:\VundoFix Backups\ecwfjrom.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\efcyxyx(2).dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\fccdcyx.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\idiesmhd.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\mljhigf.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\mljijji.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\opnnmlk.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\rqrqqro.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\tuvspmn.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\tuvspnm.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\yayyyxy.dll.bad

Bonsoir, Voici le navilog Search Navipromo version 2.0.3 commencé le 09/06/2007 à 21:16:57.71 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\Agathe\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR ====================================== Copyright 2005-2006 F-Secure Corporation. All rights reserved. This is a beta version. It will expire on 1st of April, 2007. Version information: 2.2.1061. [+] Started on 06/09/07 at 21:17:00. [+] Initializing ... [+] Starting scan, press Ctrl-C to abort. [+] Scanning for hidden items .................. [+] Scan complete. [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming. [+] Exited on 06/09/07 at 21:17:27 (return code = 0). *** Recherche fichiers *** *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: C:\WINDOWS\system32\ghhkj.bak1 trouvé ! infection Vundo possible non traité par cet outil ! 2)Recherche Heuristique : * ** *** **** ***** ****** ******* ******** *** Analyse Terminé le 09/06/2007 à 21:18:00.50 ***

Salut Styx! Je suis de retour, donc voici pour commencé le scan en ligne Incident Statut Analyse Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\system32\esusstvf.dll Adware:adware/webattaker No Désinfecté c:\windows\UNIQ Adware:adware/wupd No Désinfecté Registre Windows Virus:Trj/Lowzones.TP Désinfecté C:\WINDOWS\SYSTEM32\LPCBMJRI.EXE Virus:Trj/Lowzones.TP Désinfecté C:\WINDOWS\SYSTEM32\JTLSAFEX.EXE Virus:Trj/Lowzones.TP Désinfecté C:\WINDOWS\SYSTEM32\QXIMHJFW.EXE Spyware:Spyware/Vundo No Désinfecté C:\WINDOWS\SYSTEM32\JBNDAKWT.DLL Virus:Trj/Lowzones.TP Désinfecté C:\WINDOWS\SYSTEM32\GRUYCEXF.EXE Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\SYSTEM32\Process.exe Outil indésirable:Application/Winantivirus2006 No Désinfecté C:\Documents and Settings\Agathe\Local Settings\Temporary Internet Files\Content.IE5\EHSP8PY7\WinAntiVirusPro2007FreeInstall[1].cab[uWA7P_0001_N91M0809NetInstaller.exe] Adware:Adware/WinAntivirus2006 No Désinfecté C:\Documents and Settings\Agathe\Local Settings\Temp\TINSKHED.DLL Adware:Adware/WinAntivirus2006 No Désinfecté C:\Documents and Settings\Agathe\Local Settings\Temp\XFQRUVCW.DLL Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Agathe\Bureau\SmitfraudFix\SmitfraudFix.zip[smitfraudFix/Process.exe] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Agathe\Bureau\SmitfraudFix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Agathe\Bureau\Nouveau dossier\Process.exe Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@zedo[1].txt Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@mediaplex[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@xiti[1].txt Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@stats1.reliablestats[2].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@doubleclick[1].txt Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@atdmt[2].txt Spyware:Cookie/Winantivirus No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@winantivirus[2].txt Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@ad.yieldmanager[2].txt Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\Agathe\Cookies\agathe@statcounter[2].txt Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\byxyyxu.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\dpnsfqnp.dll.bad Spyware:Spyware/Vundo No Désinfecté C:\VundoFix Backups\ecwfjrom.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\efcyxyx(2).dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\fccdcyx.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\idiesmhd.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\mljhigf.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\mljijji.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\opnnmlk.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\rqrqqro.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\tuvspmn.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\tuvspnm.dll.bad Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\yayyyxy.dll.bad Suivi du Vundo fix (que jé fais 3 fois) VundoFix V6.4.2 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 12:18:16 AM 04/06/2007 Listing files found while scanning.... C:\WINDOWS\system32\byxyyxu.dll C:\WINDOWS\system32\dhmseidi.ini C:\WINDOWS\system32\dpnsfqnp.dll C:\WINDOWS\system32\ecwfjrom.dll C:\WINDOWS\system32\efcyxyx(2).dll C:\WINDOWS\system32\fccdcyx.dll C:\WINDOWS\system32\idiesmhd.dll C:\WINDOWS\system32\jkklm.dll C:\WINDOWS\system32\mljhigf.dll C:\WINDOWS\system32\mljijji.dll C:\WINDOWS\system32\mlkkj.bak1 C:\WINDOWS\system32\mlkkj.bak2 C:\WINDOWS\system32\mlkkj.ini C:\WINDOWS\system32\opnnmlk.dll C:\WINDOWS\system32\pnqfsnpd.ini C:\WINDOWS\system32\rqrqqro.dll C:\WINDOWS\system32\tuvspmn.dll C:\WINDOWS\system32\tuvspnm.dll C:\WINDOWS\system32\wmxsglwe.dll C:\WINDOWS\system32\yayyyxy.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\byxyyxu.dll C:\WINDOWS\system32\byxyyxu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\dhmseidi.ini C:\WINDOWS\system32\dhmseidi.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\dpnsfqnp.dll C:\WINDOWS\system32\dpnsfqnp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ecwfjrom.dll C:\WINDOWS\system32\ecwfjrom.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\efcyxyx(2).dll C:\WINDOWS\system32\efcyxyx(2).dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fccdcyx.dll C:\WINDOWS\system32\fccdcyx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\idiesmhd.dll C:\WINDOWS\system32\idiesmhd.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\jkklm.dll C:\WINDOWS\system32\jkklm.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\mljhigf.dll C:\WINDOWS\system32\mljhigf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mljijji.dll C:\WINDOWS\system32\mljijji.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mlkkj.bak1 C:\WINDOWS\system32\mlkkj.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\mlkkj.bak2 C:\WINDOWS\system32\mlkkj.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\mlkkj.ini C:\WINDOWS\system32\mlkkj.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\opnnmlk.dll C:\WINDOWS\system32\opnnmlk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pnqfsnpd.ini C:\WINDOWS\system32\pnqfsnpd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\rqrqqro.dll C:\WINDOWS\system32\rqrqqro.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\tuvspmn.dll C:\WINDOWS\system32\tuvspmn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tuvspnm.dll C:\WINDOWS\system32\tuvspnm.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\yayyyxy.dll C:\WINDOWS\system32\yayyyxy.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.4.2 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 12:53:46 PM 04/06/2007 Listing files found while scanning.... C:\WINDOWS\system32\ecwfjrom.dll C:\WINDOWS\system32\idiesmhd.dll C:\WINDOWS\system32\jkklm.dll C:\WINDOWS\system32\mlkkj.ini C:\WINDOWS\system32\rqrqqro.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\ecwfjrom.dll C:\WINDOWS\system32\ecwfjrom.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\idiesmhd.dll C:\WINDOWS\system32\idiesmhd.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jkklm.dll C:\WINDOWS\system32\jkklm.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\mlkkj.ini C:\WINDOWS\system32\mlkkj.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\rqrqqro.dll C:\WINDOWS\system32\rqrqqro.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.4.2 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 1:37:22 PM 09/06/2007 Listing files found while scanning.... C:\WINDOWS\system32\esusstvf.dll C:\WINDOWS\system32\fvtssuse.ini C:\WINDOWS\system32\jkklm.dll C:\WINDOWS\system32\mlkkj.bak1 C:\WINDOWS\system32\mlkkj.bak2 C:\WINDOWS\system32\mlkkj.ini C:\WINDOWS\system32\rqrqqro.dll C:\WINDOWS\system32\xvufeqwb.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\esusstvf.dll C:\WINDOWS\system32\esusstvf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fvtssuse.ini C:\WINDOWS\system32\fvtssuse.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\jkklm.dll C:\WINDOWS\system32\jkklm.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mlkkj.bak1 C:\WINDOWS\system32\mlkkj.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\mlkkj.bak2 C:\WINDOWS\system32\mlkkj.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\mlkkj.ini C:\WINDOWS\system32\mlkkj.ini Has been deleted! Performing Repairs to the registry. Done! Merci de me répondre, Maintenant des fenetre ouvre meme quand mon fureteur est fermé

Merci de me répondre Styx, tu ne m'a pas dit s'il te fallait le scan en mode sans échecs ou non. je t'envoie donc les 2 scans, le premier étant en mode normal et le second en mode sans échecs Logfile of HijackThis v1.99.1 Scan saved at 10:01:02 AM, on 03/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\idiesmhd.dll",realset O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?932a7a0fc2f74f299663c2dda580f029 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?932a7a0fc2f74f299663c2dda580f029 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128920725687 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe Logfile of HijackThis v1.99.1 Scan saved at 10:08:51 AM, on 03/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\WINDOWS\Explorer.EXE C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\idiesmhd.dll",realset O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?932a7a0fc2f74f299663c2dda580f029 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?932a7a0fc2f74f299663c2dda580f029 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128920725687 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe En espérant que ca va t'etre utile

Bonjour a tous, je suis présentement infecté par le !@#$? smitfraud-c toolbar888 je vois que j'ai réellement besoin d'aide pour ca. Ya t'il qqn qui peut m'aider S.V.P. Ce sera tres apprécié Merci