am013
-
Compteur de contenus
29 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Messages posté(e)s par am013
-
-
Bonsoir Lien Rag,
Voici le rapport que j'obtiens;
LoadLibrary failed for C:\WINDOWS\SYSTEM32\tuvvutq.dll
C:\WINDOWS\SYSTEM32\tuvvutq.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\tuvvutq.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\vturo.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\vturo.dll scheduled to be moved on reboot.
Created on 08/02/2007 00:29:05
-
merci de controler C:\WINDOWS\system32\vturo.dll
1) Click sur "Distribute" une fois pour obtenir un trait rouge barrant l'icône :
2) Click ensuite sur le bouton "Parcourir..." pour récupérer le fichier à scanner. en gras :
C:\WINDOWS\system32\vturo.dll
3) Pour finir, click sur "Send" pour faire analyser ce fichier. Laisses mouliner.
4) Copie-colle à la fin le rapport dans une réponse.
Voila la reponse que j'obtiens :s
0 bytes size received / Se ha recibido un archivo vacio
-
Et le dernier HijackThis
Merci a toi pour ton aide
Logfile of HijackThis v1.99.1
Scan saved at 20:24:19, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Admin\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07E28EC0-23EA-4541-84E1-D4EFE6E2CB9C} - C:\WINDOWS\system32\vturo.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {1CF8C455-6664-4BEE-BBB1-238F26D90EBF} - C:\WINDOWS\system32\geebc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92656D96-3403-4246-80A9-F589A4BA5509} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O2 - BHO: (no name) - {B61D26B7-E69D-431E-95A9-2BCA55D1FDAA} - C:\WINDOWS\system32\ssttu.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\tuvvutq.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [bDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?921f74258d18415387940328e3e1ba25
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?921f74258d18415387940328e3e1ba25
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: tuvvutq - C:\WINDOWS\SYSTEM32\tuvvutq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
-
Voici le rapport virtumundo;
[07/31/2007, 20:18:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Admin\Bureau\VirtumundoBeGone.exe" )
[07/31/2007, 20:18:07] - Detected System Information:
[07/31/2007, 20:18:07] - Windows Version: 5.1.2600, Service Pack 2
[07/31/2007, 20:18:07] - Current Username: Admin (Admin)
[07/31/2007, 20:18:07] - Windows is in NORMAL mode.
[07/31/2007, 20:18:07] - Searching for Browser Helper Objects:
[07/31/2007, 20:18:07] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/31/2007, 20:18:07] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/31/2007, 20:18:07] - BHO 3: {07E28EC0-23EA-4541-84E1-D4EFE6E2CB9C} ()
[07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\vturo
[07/31/2007, 20:18:07] - Key not found: HKLM\...\Winlogon\Notify\vturo, continuing.
[07/31/2007, 20:18:07] - BHO 4: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[07/31/2007, 20:18:07] - BHO 5: {1CF8C455-6664-4BEE-BBB1-238F26D90EBF} ()
[07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\geebc
[07/31/2007, 20:18:07] - Key not found: HKLM\...\Winlogon\Notify\geebc, continuing.
[07/31/2007, 20:18:07] - BHO 6: {1FB63E52-4D6E-48C1-A08F-F630FE50F337} ()
[07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\jkkkhhf
[07/31/2007, 20:18:07] - Found: HKLM\...\Winlogon\Notify\jkkkhhf - This is probably Virtumundo.
[07/31/2007, 20:18:07] - Assigning {1FB63E52-4D6E-48C1-A08F-F630FE50F337} MSEvents Object
[07/31/2007, 20:18:07] - BHO list has been changed! Starting over...
[07/31/2007, 20:18:07] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/31/2007, 20:18:07] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/31/2007, 20:18:07] - BHO 3: {07E28EC0-23EA-4541-84E1-D4EFE6E2CB9C} ()
[07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\vturo
[07/31/2007, 20:18:07] - Key not found: HKLM\...\Winlogon\Notify\vturo, continuing.
[07/31/2007, 20:18:07] - BHO 4: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[07/31/2007, 20:18:07] - BHO 5: {1CF8C455-6664-4BEE-BBB1-238F26D90EBF} ()
[07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\geebc
[07/31/2007, 20:18:07] - Key not found: HKLM\...\Winlogon\Notify\geebc, continuing.
[07/31/2007, 20:18:07] - BHO 6: {1FB63E52-4D6E-48C1-A08F-F630FE50F337} (MSEvents Object)
[07/31/2007, 20:18:07] - ALERT: Found MSEvents Object!
[07/31/2007, 20:18:07] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/31/2007, 20:18:07] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/31/2007, 20:18:07] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/31/2007, 20:18:07] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/31/2007, 20:18:07] - BHO 10: {92656D96-3403-4246-80A9-F589A4BA5509} ()
[07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\ddcyw
[07/31/2007, 20:18:07] - Key not found: HKLM\...\Winlogon\Notify\ddcyw, continuing.
[07/31/2007, 20:18:07] - BHO 11: {B61D26B7-E69D-431E-95A9-2BCA55D1FDAA} ()
[07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\ssttu
[07/31/2007, 20:18:07] - Key not found: HKLM\...\Winlogon\Notify\ssttu, continuing.
[07/31/2007, 20:18:07] - BHO 12: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/31/2007, 20:18:07] - Finished Searching Browser Helper Objects
[07/31/2007, 20:18:07] - *** Detected MSEvents Object
[07/31/2007, 20:18:07] - Trying to remove MSEvents Object...
[07/31/2007, 20:18:08] - Terminating Process: IEXPLORE.EXE
[07/31/2007, 20:18:09] - Terminating Process: RUNDLL32.EXE
[07/31/2007, 20:18:09] - Disabling Automatic Shell Restart
[07/31/2007, 20:18:09] - Terminating Process: EXPLORER.EXE
[07/31/2007, 20:18:09] - Suspending the NT Session Manager System Service
[07/31/2007, 20:18:10] - Terminating Windows NT Logon/Logoff Manager
[07/31/2007, 20:18:10] - Re-enabling Automatic Shell Restart
[07/31/2007, 20:18:10] - File to disable: C:\WINDOWS\system32\jkkkhhf.dll
[07/31/2007, 20:18:10] - Renaming C:\WINDOWS\system32\jkkkhhf.dll -> C:\WINDOWS\system32\jkkkhhf.dll.vir
[07/31/2007, 20:18:10] - File successfully renamed!
[07/31/2007, 20:18:10] - Removing HKLM\...\Browser Helper Objects\{1FB63E52-4D6E-48C1-A08F-F630FE50F337}
[07/31/2007, 20:18:10] - Removing HKCR\CLSID\{1FB63E52-4D6E-48C1-A08F-F630FE50F337}
[07/31/2007, 20:18:10] - Adding Kill Bit for ActiveX for GUID: {1FB63E52-4D6E-48C1-A08F-F630FE50F337}
[07/31/2007, 20:18:10] - Deleting ATLEvents/MSEvents Registry entries
[07/31/2007, 20:18:10] - Removing HKLM\...\Winlogon\Notify\jkkkhhf
[07/31/2007, 20:18:10] - Searching for Browser Helper Objects:
[07/31/2007, 20:18:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/31/2007, 20:18:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/31/2007, 20:18:10] - BHO 3: {07E28EC0-23EA-4541-84E1-D4EFE6E2CB9C} ()
[07/31/2007, 20:18:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 20:18:10] - Checking for HKLM\...\Winlogon\Notify\vturo
[07/31/2007, 20:18:10] - Key not found: HKLM\...\Winlogon\Notify\vturo, continuing.
[07/31/2007, 20:18:10] - BHO 4: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[07/31/2007, 20:18:10] - BHO 5: {1CF8C455-6664-4BEE-BBB1-238F26D90EBF} ()
[07/31/2007, 20:18:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 20:18:10] - Checking for HKLM\...\Winlogon\Notify\geebc
[07/31/2007, 20:18:10] - Key not found: HKLM\...\Winlogon\Notify\geebc, continuing.
[07/31/2007, 20:18:10] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/31/2007, 20:18:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 20:18:10] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/31/2007, 20:18:10] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/31/2007, 20:18:10] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/31/2007, 20:18:10] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/31/2007, 20:18:10] - BHO 9: {92656D96-3403-4246-80A9-F589A4BA5509} ()
[07/31/2007, 20:18:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 20:18:10] - Checking for HKLM\...\Winlogon\Notify\ddcyw
[07/31/2007, 20:18:10] - Key not found: HKLM\...\Winlogon\Notify\ddcyw, continuing.
[07/31/2007, 20:18:10] - BHO 10: {B61D26B7-E69D-431E-95A9-2BCA55D1FDAA} ()
[07/31/2007, 20:18:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 20:18:10] - Checking for HKLM\...\Winlogon\Notify\ssttu
[07/31/2007, 20:18:10] - Key not found: HKLM\...\Winlogon\Notify\ssttu, continuing.
[07/31/2007, 20:18:10] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/31/2007, 20:18:10] - Finished Searching Browser Helper Objects
[07/31/2007, 20:18:10] - Finishing up...
[07/31/2007, 20:18:10] - A restart is needed.
[07/31/2007, 20:18:10] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[07/31/2007, 20:18:25] - Attempting to Restart via STOP error (Blue Screen!)
-
Voila deja le rapport vundofix;
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Scan started at 17:29:46 27/07/2007
Listing files found while scanning....
C:\windows\system32\apeflwcb.ini
C:\windows\system32\bcwlfepa.dll
C:\windows\system32\bhsvgdfl.ini
C:\windows\system32\dmpvuice.dll
C:\windows\system32\eapddxuj.ini
C:\windows\system32\eciuvpmd.ini
C:\windows\system32\eephbtht.dll
C:\WINDOWS\system32\efcdaxx.dll
C:\windows\system32\foqbdwos.dll
C:\windows\system32\jclacigr.ini
C:\windows\system32\juxddpae.dll
C:\windows\system32\laoukffn.dll
C:\windows\system32\lfdgvshb.dll
C:\windows\system32\luvweydv.dll
C:\windows\system32\nffkuoal.ini
C:\windows\system32\rgicalcj.dll
C:\windows\system32\rraerisw.dll
C:\windows\system32\sowdbqof.ini
C:\windows\system32\thtbhpee.ini
C:\windows\system32\vdyewvul.ini
C:\WINDOWS\system32\vturo.dll
C:\windows\system32\wsirearr.ini
Beginning removal...
Attempting to delete C:\windows\system32\apeflwcb.ini
C:\windows\system32\apeflwcb.ini Has been deleted!
Attempting to delete C:\windows\system32\bcwlfepa.dll
C:\windows\system32\bcwlfepa.dll Has been deleted!
Attempting to delete C:\windows\system32\bhsvgdfl.ini
C:\windows\system32\bhsvgdfl.ini Has been deleted!
Attempting to delete C:\windows\system32\dmpvuice.dll
C:\windows\system32\dmpvuice.dll Has been deleted!
Attempting to delete C:\windows\system32\eapddxuj.ini
C:\windows\system32\eapddxuj.ini Has been deleted!
Attempting to delete C:\windows\system32\eciuvpmd.ini
C:\windows\system32\eciuvpmd.ini Has been deleted!
Attempting to delete C:\windows\system32\eephbtht.dll
C:\windows\system32\eephbtht.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcdaxx.dll
C:\WINDOWS\system32\efcdaxx.dll Could not be deleted.
Attempting to delete C:\windows\system32\foqbdwos.dll
C:\windows\system32\foqbdwos.dll Has been deleted!
Attempting to delete C:\windows\system32\jclacigr.ini
C:\windows\system32\jclacigr.ini Has been deleted!
Attempting to delete C:\windows\system32\juxddpae.dll
C:\windows\system32\juxddpae.dll Has been deleted!
Attempting to delete C:\windows\system32\laoukffn.dll
C:\windows\system32\laoukffn.dll Has been deleted!
Attempting to delete C:\windows\system32\lfdgvshb.dll
C:\windows\system32\lfdgvshb.dll Has been deleted!
Attempting to delete C:\windows\system32\luvweydv.dll
C:\windows\system32\luvweydv.dll Has been deleted!
Attempting to delete C:\windows\system32\nffkuoal.ini
C:\windows\system32\nffkuoal.ini Has been deleted!
Attempting to delete C:\windows\system32\rgicalcj.dll
C:\windows\system32\rgicalcj.dll Has been deleted!
Attempting to delete C:\windows\system32\rraerisw.dll
C:\windows\system32\rraerisw.dll Has been deleted!
Attempting to delete C:\windows\system32\sowdbqof.ini
C:\windows\system32\sowdbqof.ini Has been deleted!
Attempting to delete C:\windows\system32\thtbhpee.ini
C:\windows\system32\thtbhpee.ini Has been deleted!
Attempting to delete C:\windows\system32\vdyewvul.ini
C:\windows\system32\vdyewvul.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\vturo.dll Could not be deleted.
Attempting to delete C:\windows\system32\wsirearr.ini
C:\windows\system32\wsirearr.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Scan started at 23:15:00 29/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\cbeeg.bak1
C:\WINDOWS\system32\cbeeg.bak2
C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\geebc.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cbeeg.bak1
C:\WINDOWS\system32\cbeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbeeg.bak2
C:\WINDOWS\system32\cbeeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\geebc.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Scan started at 00:47:01 30/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ddcyw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Scan started at 19:33:47 30/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.bak2
C:\WINDOWS\system32\uttss.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\ssttu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\uttss.bak2
C:\WINDOWS\system32\uttss.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Scan started at 20:08:37 31/07/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
-
Bonsoir Lien Rag,
Voici mon tapport hijackThis...
Merci a toi:)
Logfile of HijackThis v1.99.1
Scan saved at 19:34:45, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Documents and Settings\Admin\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07E28EC0-23EA-4541-84E1-D4EFE6E2CB9C} - C:\WINDOWS\system32\vturo.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {1CF8C455-6664-4BEE-BBB1-238F26D90EBF} - C:\WINDOWS\system32\geebc.dll (file missing)
O2 - BHO: (no name) - {1FB63E52-4D6E-48C1-A08F-F630FE50F337} - C:\WINDOWS\system32\jkkkhhf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92656D96-3403-4246-80A9-F589A4BA5509} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O2 - BHO: (no name) - {B61D26B7-E69D-431E-95A9-2BCA55D1FDAA} - C:\WINDOWS\system32\ssttu.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [bDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?921f74258d18415387940328e3e1ba25
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?921f74258d18415387940328e3e1ba25
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkkkhhf - C:\WINDOWS\SYSTEM32\jkkkhhf.dll
O20 - Winlogon Notify: tuvvutq - C:\WINDOWS\SYSTEM32\tuvvutq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
-
Personne ne peut m'aider??
-
Bonjour a tous...
Malgre plusieurs tentatives je n'arrive toujours pas a eliminer ce virus.
Je ne connais pas gd chose
Qqu'un peut jetter un oeil a mes derniers rapports ds mon article precedent "Help lectures rapports" svp et juste mme dire si il existe une solution..
Merci d'avance.
-
Ya t'il encore qque chose a tenter??
J'ai l'impression que rien ne peut enlever ce virus du nom de trojan virtumonde..
:P:P -
Voici le dernier rapport hijackthis:
Scan saved at 01:19:52, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07E28EC0-23EA-4541-84E1-D4EFE6E2CB9C} - C:\WINDOWS\system32\vturo.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {1CF8C455-6664-4BEE-BBB1-238F26D90EBF} - C:\WINDOWS\system32\geebc.dll (file missing)
O2 - BHO: (no name) - {1FB63E52-4D6E-48C1-A08F-F630FE50F337} - C:\WINDOWS\system32\jkkkhhf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92656D96-3403-4246-80A9-F589A4BA5509} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O2 - BHO: (no name) - {B61D26B7-E69D-431E-95A9-2BCA55D1FDAA} - C:\WINDOWS\system32\ssttu.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [bDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?921f74258d18415387940328e3e1ba25
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?921f74258d18415387940328e3e1ba25
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: jkkkhhf - C:\WINDOWS\SYSTEM32\jkkkhhf.dll
O20 - Winlogon Notify: tuvvutq - C:\WINDOWS\SYSTEM32\tuvvutq.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 9229 bytes
-
Bonsoir Styx,
Il y a un fichier que je n'ai pas trouve;
msimg 323dll
Et impossible de supprimer My web search.. message d'erreur: impossible de lire a partir du fichier ou de la disquette locale.
Voici deja le rapport combo fix:
ComboFix 07-07-30.2 - "Admin" 2007-07-31 1:02:02.1 [GMT 2:00] - NTFS
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.Vrai
* Created a new restore point
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\rcbjqheo.dll
C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\orutv.bak1
C:\WINDOWS\system32\orutv.bak2
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\orutv.tmp
C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\orutv.bak1
C:\WINDOWS\system32\orutv.bak2
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\orutv.tmp
C:\WINDOWS\system32\ssqrq.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Admin\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\Admin\APPLIC~1\WinAntiVirus Pro 2007\AVScheduler.dat
C:\DOCUME~1\Admin\APPLIC~1\WinAntiVirus Pro 2007\avtasks.dat
C:\DOCUME~1\Admin\APPLIC~1\WinAntiVirus Pro 2007\history.db
C:\DOCUME~1\Admin\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\DOCUME~1\Admin\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log
C:\DOCUME~1\Admin\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode
C:\Documents and Settings\Admin.\err.log
C:\Documents and Settings\Admin.\ResErrors.log
C:\Program Files\DriveCleaner Free\is-OI8HM.tmp
C:\Program Files\Fichiers communs\winantivirus pro 2007
C:\Program Files\Fichiers communs\winantivirus pro 2007\err.log
C:\Program Files\Fichiers communs\winantivirus pro 2007\mfc71.dll
C:\Program Files\Fichiers communs\winantivirus pro 2007\msvcp71.dll
C:\Program Files\Fichiers communs\winantivirus pro 2007\msvcr71.dll
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\winantivirus pro 2007\is-82529.tmp
C:\Program Files\winantivirus pro 2007\is-EBARC.tmp
C:\Program Files\winantivirus pro 2007\is-EOMHM.tmp
C:\Program Files\winantivirus pro 2007\is-HA65U.tmp
C:\Program Files\winantivirus pro 2007\is-NJTOR.tmp
C:\Program Files\winantivirus pro 2007\is-VCR8A.tmp
C:\Program Files\winantivirus pro 2007\is-VFB2H.tmp
C:\Program Files\winantivirus pro 2007\plugins\is-6K37T.tmp
C:\Program Files\winantivirus pro 2007\plugins\is-FE30R.tmp
C:\WINDOWS\system32\g.exe
C:\WINDOWS\system32\stera.log
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_FOPN
-------\NPF
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))
2007-07-31 01:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-31 00:37 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-07-31 00:26 <REP> d-------- C:\Program Files\Yahoo!
2007-07-31 00:26 <REP> d-------- C:\Program Files\CCleaner
2007-07-30 21:58 <REP> d-------- C:\DOCUME~1\Admin\.housecall6.6
2007-07-30 19:50 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-30 19:20 125,504 --a------ C:\WINDOWS\system32\vamhmmkb.dll
2007-07-30 00:22 <REP> d-------- C:\!KillBox
2007-07-29 22:25 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-29 20:22 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-29 19:21 126,016 --a------ C:\WINDOWS\system32\hshvvyhx.dll
2007-07-29 19:17 <REP> d--hs---- C:\UWA7PV
2007-07-29 18:54 <REP> d-------- C:\Program Files\Trend Micro
2007-07-29 18:27 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-07-29 17:48 126,016 --a------ C:\WINDOWS\system32\tcqdfyuq.dll
2007-07-29 15:40 126,016 --a------ C:\WINDOWS\system32\wybyfctu.dll
2007-07-29 15:33 38,925 --a------ C:\winlsd.exe
2007-07-28 12:31 126,016 --a------ C:\WINDOWS\system32\thjatuyt.dll
2007-07-27 18:29 706,770 --------- C:\WINDOWS\system32\fhhkj.bak2
2007-07-27 17:39 262,708 --a------ C:\WINDOWS\system32\ddayv.dll
2007-07-27 17:29 <REP> d-------- C:\VundoFix Backups
2007-07-27 14:10 66,068 --a------ C:\WINDOWS\system32\qpyholyd.exe
2007-07-27 14:10 4,628 --a------ C:\WINDOWS\system32\vlgbkggv.exe
2007-07-26 18:08 38,925 --a------ C:\wincgt.exe
2007-07-23 08:29 38,413 --a------ C:\winsec.exe
2007-07-23 08:29 31,254 --a------ C:\WINDOWS\system32\mljjkhe.dll
2007-07-22 22:12 90,112 --a------ C:\WINDOWS\system32\lam2.exe
2007-07-22 22:12 33,792 --a------ C:\WINDOWS\system32\d.dll
2007-07-22 22:12 31,744 --a------ C:\WINDOWS\system32\lam5.exe
2007-07-22 22:12 19,968 --a------ C:\WINDOWS\system32\lam3.exe
2007-07-22 22:12 17,408 --a------ C:\WINDOWS\system32\lam4.exe
2007-07-22 22:12 <REP> d-------- C:\WINDOWS\system32\sounds
2007-07-22 22:12 <REP> d-------- C:\WINDOWS\system32\logs
2007-07-22 22:12 <REP> d-------- C:\WINDOWS\system32\download
2007-07-22 22:11 838,942 --a------ C:\winxs.exe
2007-07-22 20:12 66,068 --a------ C:\WINDOWS\system32\sdyvheus.exe
2007-07-22 20:05 31,254 --a------ C:\WINDOWS\system32\yayywxw.dll
2007-07-19 11:30 31,254 --a------ C:\WINDOWS\system32\xxyxvus.dll
2007-07-19 11:14 31,254 --a------ C:\WINDOWS\system32\jkkkhhf.dll
2007-07-19 09:03 38,413 --a------ C:\winptrs.exe
2007-07-17 20:14 209,539 --a------ C:\winsys.exe
2007-07-13 12:51 66,580 --a------ C:\WINDOWS\system32\ybsrjsxu.dll
2007-07-13 12:51 4,628 --a------ C:\WINDOWS\system32\imqahnkv.exe
2007-07-13 12:44 26,171 --a------ C:\WINDOWS\system32\gebywvu.dll
2007-07-10 12:26 209,539 --a------ C:\winspur.exe
2007-07-09 23:20 26,171 --a------ C:\WINDOWS\system32\tuvvutq.dll
2007-07-09 13:12 26,171 --a------ C:\WINDOWS\system32\qomjjji.dll
2007-07-09 09:10 262,708 ---hs---- C:\WINDOWS\system32\vturo.dll
2007-07-09 09:05 26,171 --a------ C:\WINDOWS\system32\efcdaxx.dll
2007-07-09 09:05 209,539 --a------ C:\winpga.exe
2007-07-04 10:23 209,533 --a------ C:\winsfr.exe
2007-07-03 23:44 30,770 --a------ C:\postfix.exe
2007-07-03 19:17 209,533 --a------ C:\winbbs.exe
2007-07-02 20:22 30,770 --a------ C:\winfocus.exe
2007-07-02 20:13 209,453 --a------ C:\winsdns.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-31 01:11 --------- d-------- C:\DOCUME~1\Admin\APPLIC~1\OpenOffice.org2
2007-07-31 01:09 --------- d-------- C:\Program Files\Google
2007-07-31 01:08 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-31 00:12 32 --a------ C:\WINDOWS\system32\getfile.dat
2007-07-30 23:45 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-07-30 23:42 --------- d-------- C:\Program Files\QuickTime
2007-07-30 23:38 --------- d-------- C:\Program Files\iTunes
2007-07-15 15:08 --------- d-------- C:\DOCUME~1\Admin\APPLIC~1\AdobeUM
2007-05-29 21:00 --------- d-------- C:\DOCUME~1\Admin\APPLIC~1\Google
2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-08-03 16:15 461 --a------ C:\Program Files\INSTALL.LOG
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07E28EC0-23EA-4541-84E1-D4EFE6E2CB9C}]
2007-07-09 09:10 262708 ---hs---- C:\WINDOWS\system32\vturo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CF8C455-6664-4BEE-BBB1-238F26D90EBF}]
C:\WINDOWS\system32\geebc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB63E52-4D6E-48C1-A08F-F630FE50F337}]
2007-07-19 11:14 31254 --a------ C:\WINDOWS\system32\jkkkhhf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92656D96-3403-4246-80A9-F589A4BA5509}]
C:\WINDOWS\system32\ddcyw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B61D26B7-E69D-431E-95A9-2BCA55D1FDAA}]
C:\WINDOWS\system32\ssttu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2005-12-10 04:06 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-09-20 16:50]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 14:28]
"BDMCon"="c:\progra~1\softwin\bitdef~1\bdmcon.exe" [2006-04-28 11:41]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 19:53]
"BDSwitchAgent"="C:\progra~1\softwin\bitdef~1\bdswitch.exe" [2005-04-06 15:09]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 15:24]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 13:55]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Config"=%systemroot%\system32\run.cmd
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
C:\Documents and Settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 18:01:20]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-01-23 14:15:19]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=01000000
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=01000000
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1FB63E52-4D6E-48C1-A08F-F630FE50F337}"= C:\WINDOWS\system32\jkkkhhf.dll [2007-07-19 11:14 31254]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkhhf]
jkkkhhf.dll 2007-07-19 11:14 31254 C:\WINDOWS\system32\jkkkhhf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvutq]
tuvvutq.dll 2007-07-09 23:20 26171 C:\WINDOWS\system32\tuvvutq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs
R2 NWCWorkstation;Service client pour NetWare;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R3 BDRsDrv;BDRsDrv;\??\C:\Program Files\Softwin\BitDefender9\bdrsdrv.sys
R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 NWRDR;NetWare Rdr;C:\WINDOWS\system32\DRIVERS\nwrdr.sys
R3 senfilt;senfilt;C:\WINDOWS\system32\drivers\senfilt.sys
S3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys
S3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
S3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys
S3 BthEnum;Pilote de bloc de demande Bluetooth;C:\WINDOWS\system32\DRIVERS\BthEnum.sys
S3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys
S3 BTHMODEM;Pilote de communication s‚rie Bluetooth;C:\WINDOWS\system32\DRIVERS\bthmodem.sys
S3 BthPan;P‚riph‚rique Bluetooth (r‚seau personnel);C:\WINDOWS\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Pilote de port Bluetooth;C:\WINDOWS\system32\Drivers\BTHport.sys
S3 BTHUSB;Pilote USB radio Bluetooth;C:\WINDOWS\system32\Drivers\BTHUSB.sys
S3 CTSFSYN;Creative SoundFont Synth;C:\WINDOWS\system32\drivers\ctsfsyn.sys
S3 HidBth;Miniport HID Microsoft Bluetooth;C:\WINDOWS\system32\DRIVERS\hidbth.sys
S3 jnv4_mib;jnv4_mib;\??\C:\DOCUME~1\Admin\LOCALS~1\Temp\jnv4_mib.sys
S3 MidiSyn;MidiSyn;C:\WINDOWS\system32\drivers\MidiSyn.sys
S3 RFCOMM;P‚riph‚rique Bluetooth (TDI protocole RFCOMM);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
S3 RT73;ASUS USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt73.sys
S3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys
S3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
Contents of the 'Scheduled Tasks' folder
2007-07-15 12:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-07-30 22:17:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-31 01:10:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-31 1:12:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-31 01:12
--- E O F ---
-
Re,
Ca y est j'ai reussi a le telecharger..
Voici le rapport;
Incident Statut Analyse
Adware:Adware/SweetBar No Désinfecté C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
Outil indésirable:application/mywebsearch No Désinfecté c:\program files\MyWebSearch
Virus:W32/IrcBot.BAW.worm Désinfecté C:\Documents and Settings\Admin\Bureau\MSNFix\backup\winbash.exe
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Admin\Bureau\MSNFix\incl\Process.exe
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Admin\Cookies\admin@atdmt[1].txt
Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Admin\Cookies\admin@xiti[1].txt
Spyware:Spyware/Virtumonde No Désinfecté C:\Documents and Settings\Admin\Local Settings\Temp\jtywqqgp.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\Documents and Settings\Admin\Local Settings\Temp\kyijdgrx.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\Documents and Settings\Admin\Local Settings\Temp\lstldvfm.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\Documents and Settings\Admin\Local Settings\Temp\mauxosoi.dll
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Admin\Local Settings\Temp\nsjA.tmp
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Admin\Local Settings\Temp\nso13.tmp
Spyware:Spyware/Virtumonde No Désinfecté C:\Documents and Settings\Admin\Local Settings\Temp\odovlgrc.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\Documents and Settings\Admin\Local Settings\Temp\rtcwlaoh.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\Documents and Settings\Admin\Local Settings\Temp\txreeqde.dll
Virus:W32/IrcBot.BAW.worm Désinfecté C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M1C7SX0F\setup[1].exe
Virus:W32/IrcBot.BAW.worm Désinfecté C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U125KTM1\setup[1].exe
Virus:W32/IrcBot.BAW.worm Désinfecté C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U125KTM1\setup[2].exe
Outil indésirable:Application/MyWebSearch No Désinfecté C:\Program Files\Internet Explorer\msimg32.dll
Adware:Adware/SweetBar No Désinfecté C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
Outil indésirable:Application/Processor No Désinfecté C:\Program Files\Navilog1\Process.exe
Virus:W32/IrcBot.BAW.worm Désinfecté C:\winbck.exe
Virus:W32/IrcBot.BAW.worm Désinfecté C:\wincrt.exe
Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\system32\Process.exe
Am.
-
Oui je suis sur IE..
G lance le scan, je demandais si je devais choisir la version java, c'est ce que j'ai fait..
C'est normal que ce soit long? 50 min :s
Ou je trouve le rapport quand c termine?
Merci pour ton aide
-
-
Ok je v essayer mais je choisis par java?
-
Merci
J'ai deja un poste ds cette section mais je suis bloquee a cause de ca...
Vraiment je suis perdue
Oui il commence le telechargement puis me donne le message d'erreur..
-
Bonsoir Falka,
J'ai suivi tes instructions mais c pareil, il ne veut pas aller o bout du chargement et me dit de reessayer...
Cause probable: ne pas autoriser active scan durant le telechargement
:P:P -
Re....
Please aidez-moi j'ai vraiment besoin de savoir comment faire pour pouvoir terminer d'eliminer ce trojan....
Merci....
-
Bonsoir a tous..
Je dois telecharger panda mais je n'arrive pas a cause de "activeX"
J'avoue ne pas connaitre gd chose
Quelqu'un peut-il m'aider?
Merci
-
-
Impossible de telecharger panda...
Apparement je n'arrive pas a activer active x.
-
Hello Styx
Oui j'avais redemarre le pc...
Voici deja le rapport vundofix;
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Scan started at 17:29:46 27/07/2007
Listing files found while scanning....
C:\windows\system32\apeflwcb.ini
C:\windows\system32\bcwlfepa.dll
C:\windows\system32\bhsvgdfl.ini
C:\windows\system32\dmpvuice.dll
C:\windows\system32\eapddxuj.ini
C:\windows\system32\eciuvpmd.ini
C:\windows\system32\eephbtht.dll
C:\WINDOWS\system32\efcdaxx.dll
C:\windows\system32\foqbdwos.dll
C:\windows\system32\jclacigr.ini
C:\windows\system32\juxddpae.dll
C:\windows\system32\laoukffn.dll
C:\windows\system32\lfdgvshb.dll
C:\windows\system32\luvweydv.dll
C:\windows\system32\nffkuoal.ini
C:\windows\system32\rgicalcj.dll
C:\windows\system32\rraerisw.dll
C:\windows\system32\sowdbqof.ini
C:\windows\system32\thtbhpee.ini
C:\windows\system32\vdyewvul.ini
C:\WINDOWS\system32\vturo.dll
C:\windows\system32\wsirearr.ini
Beginning removal...
Attempting to delete C:\windows\system32\apeflwcb.ini
C:\windows\system32\apeflwcb.ini Has been deleted!
Attempting to delete C:\windows\system32\bcwlfepa.dll
C:\windows\system32\bcwlfepa.dll Has been deleted!
Attempting to delete C:\windows\system32\bhsvgdfl.ini
C:\windows\system32\bhsvgdfl.ini Has been deleted!
Attempting to delete C:\windows\system32\dmpvuice.dll
C:\windows\system32\dmpvuice.dll Has been deleted!
Attempting to delete C:\windows\system32\eapddxuj.ini
C:\windows\system32\eapddxuj.ini Has been deleted!
Attempting to delete C:\windows\system32\eciuvpmd.ini
C:\windows\system32\eciuvpmd.ini Has been deleted!
Attempting to delete C:\windows\system32\eephbtht.dll
C:\windows\system32\eephbtht.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcdaxx.dll
C:\WINDOWS\system32\efcdaxx.dll Could not be deleted.
Attempting to delete C:\windows\system32\foqbdwos.dll
C:\windows\system32\foqbdwos.dll Has been deleted!
Attempting to delete C:\windows\system32\jclacigr.ini
C:\windows\system32\jclacigr.ini Has been deleted!
Attempting to delete C:\windows\system32\juxddpae.dll
C:\windows\system32\juxddpae.dll Has been deleted!
Attempting to delete C:\windows\system32\laoukffn.dll
C:\windows\system32\laoukffn.dll Has been deleted!
Attempting to delete C:\windows\system32\lfdgvshb.dll
C:\windows\system32\lfdgvshb.dll Has been deleted!
Attempting to delete C:\windows\system32\luvweydv.dll
C:\windows\system32\luvweydv.dll Has been deleted!
Attempting to delete C:\windows\system32\nffkuoal.ini
C:\windows\system32\nffkuoal.ini Has been deleted!
Attempting to delete C:\windows\system32\rgicalcj.dll
C:\windows\system32\rgicalcj.dll Has been deleted!
Attempting to delete C:\windows\system32\rraerisw.dll
C:\windows\system32\rraerisw.dll Has been deleted!
Attempting to delete C:\windows\system32\sowdbqof.ini
C:\windows\system32\sowdbqof.ini Has been deleted!
Attempting to delete C:\windows\system32\thtbhpee.ini
C:\windows\system32\thtbhpee.ini Has been deleted!
Attempting to delete C:\windows\system32\vdyewvul.ini
C:\windows\system32\vdyewvul.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\vturo.dll Could not be deleted.
Attempting to delete C:\windows\system32\wsirearr.ini
C:\windows\system32\wsirearr.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Scan started at 23:15:00 29/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\cbeeg.bak1
C:\WINDOWS\system32\cbeeg.bak2
C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\geebc.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cbeeg.bak1
C:\WINDOWS\system32\cbeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbeeg.bak2
C:\WINDOWS\system32\cbeeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\geebc.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Scan started at 00:47:01 30/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ddcyw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Scan started at 19:33:47 30/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.bak2
C:\WINDOWS\system32\uttss.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\ssttu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\uttss.bak2
C:\WINDOWS\system32\uttss.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini Has been deleted!
Performing Repairs to the registry.
Je ne pense pas que ce soit resolu, j'ai de plus en plus d'alertes bit defender me signalant "trojan virtumonde detecte"..
Je lance le scan panda maintenant.
Done!
-
...
Je pense que ca n'a pas fonctionne
Voici les rapports
LoadLibrary failed for C:\WINDOWS\system32\efcdaxx.dll
C:\WINDOWS\system32\efcdaxx.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\efcdaxx.dll scheduled to be moved on reboot.
Created on 07/30/2007 01:09:38
LoadLibrary failed for C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\vturo.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\vturo.dll scheduled to be moved on reboot.
Created on 07/30/2007 01:18:29
Je te souhaite une bonne nuit egalement... et merci pour ton aide.
Am
-
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Scan started at 17:29:46 27/07/2007
Listing files found while scanning....
C:\windows\system32\apeflwcb.ini
C:\windows\system32\bcwlfepa.dll
C:\windows\system32\bhsvgdfl.ini
C:\windows\system32\dmpvuice.dll
C:\windows\system32\eapddxuj.ini
C:\windows\system32\eciuvpmd.ini
C:\windows\system32\eephbtht.dll
C:\WINDOWS\system32\efcdaxx.dll
C:\windows\system32\foqbdwos.dll
C:\windows\system32\jclacigr.ini
C:\windows\system32\juxddpae.dll
C:\windows\system32\laoukffn.dll
C:\windows\system32\lfdgvshb.dll
C:\windows\system32\luvweydv.dll
C:\windows\system32\nffkuoal.ini
C:\windows\system32\rgicalcj.dll
C:\windows\system32\rraerisw.dll
C:\windows\system32\sowdbqof.ini
C:\windows\system32\thtbhpee.ini
C:\windows\system32\vdyewvul.ini
C:\WINDOWS\system32\vturo.dll
C:\windows\system32\wsirearr.ini
Beginning removal...
Attempting to delete C:\windows\system32\apeflwcb.ini
C:\windows\system32\apeflwcb.ini Has been deleted!
Attempting to delete C:\windows\system32\bcwlfepa.dll
C:\windows\system32\bcwlfepa.dll Has been deleted!
Attempting to delete C:\windows\system32\bhsvgdfl.ini
C:\windows\system32\bhsvgdfl.ini Has been deleted!
Attempting to delete C:\windows\system32\dmpvuice.dll
C:\windows\system32\dmpvuice.dll Has been deleted!
Attempting to delete C:\windows\system32\eapddxuj.ini
C:\windows\system32\eapddxuj.ini Has been deleted!
Attempting to delete C:\windows\system32\eciuvpmd.ini
C:\windows\system32\eciuvpmd.ini Has been deleted!
Attempting to delete C:\windows\system32\eephbtht.dll
C:\windows\system32\eephbtht.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcdaxx.dll
C:\WINDOWS\system32\efcdaxx.dll Could not be deleted.
Attempting to delete C:\windows\system32\foqbdwos.dll
C:\windows\system32\foqbdwos.dll Has been deleted!
Attempting to delete C:\windows\system32\jclacigr.ini
C:\windows\system32\jclacigr.ini Has been deleted!
Attempting to delete C:\windows\system32\juxddpae.dll
C:\windows\system32\juxddpae.dll Has been deleted!
Attempting to delete C:\windows\system32\laoukffn.dll
C:\windows\system32\laoukffn.dll Has been deleted!
Attempting to delete C:\windows\system32\lfdgvshb.dll
C:\windows\system32\lfdgvshb.dll Has been deleted!
Attempting to delete C:\windows\system32\luvweydv.dll
C:\windows\system32\luvweydv.dll Has been deleted!
Attempting to delete C:\windows\system32\nffkuoal.ini
C:\windows\system32\nffkuoal.ini Has been deleted!
Attempting to delete C:\windows\system32\rgicalcj.dll
C:\windows\system32\rgicalcj.dll Has been deleted!
Attempting to delete C:\windows\system32\rraerisw.dll
C:\windows\system32\rraerisw.dll Has been deleted!
Attempting to delete C:\windows\system32\sowdbqof.ini
C:\windows\system32\sowdbqof.ini Has been deleted!
Attempting to delete C:\windows\system32\thtbhpee.ini
C:\windows\system32\thtbhpee.ini Has been deleted!
Attempting to delete C:\windows\system32\vdyewvul.ini
C:\windows\system32\vdyewvul.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\vturo.dll Could not be deleted.
Attempting to delete C:\windows\system32\wsirearr.ini
C:\windows\system32\wsirearr.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Scan started at 23:15:00 29/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\cbeeg.bak1
C:\WINDOWS\system32\cbeeg.bak2
C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\geebc.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cbeeg.bak1
C:\WINDOWS\system32\cbeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbeeg.bak2
C:\WINDOWS\system32\cbeeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\geebc.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Scan started at 00:47:01 30/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ddcyw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
Virus trojan virtumonde
dans Analyses et éradication malwares
Posté(e)
Bonsoir Lien Rag,
Voici le dernier rapport HijackThis;
Scan saved at 19:16:28, on 02/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Documents and Settings\Admin\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\tuvvutq.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [bDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?921f74258d18415387940328e3e1ba25
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?921f74258d18415387940328e3e1ba25
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: tuvvutq - C:\WINDOWS\SYSTEM32\tuvvutq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)