Aller au contenu

alfgus

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Arménien

alfgus's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. alfgus
    Merci charles pour ton aide. Voici le rapport: ComboFix 07-12-02.6 - ass 2007-12-05 19:36:25.1 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.123 [GMT 1:00] Running from: C:\Documents and Settings\ass\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\ass\Application Data\tmp1C.tmp.exe C:\Documents and Settings\ass\Application Data\tmp1D.tmp.exe C:\Documents and Settings\ass\Application Data\tmp2.tmp.exe C:\Documents and Settings\ass\Application Data\tmp20.tmp.exe C:\Documents and Settings\ass\Application Data\tmp3.tmp.exe C:\Documents and Settings\ass\Application Data\tmp8.tmp.exe C:\WINDOWS\cookies.ini C:\WINDOWS\system32\awtss.dll C:\WINDOWS\system32\ddabx.dll C:\WINDOWS\system32\nbyorhn.dat C:\WINDOWS\system32\nbyorhn.exe C:\WINDOWS\system32\nbyorhn_nav.dat c:\WINDOWS\system32\nbyorhn_navps.dat C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\utvwa.bak1 C:\WINDOWS\system32\utvwa.bak2 C:\WINDOWS\system32\utvwa.ini C:\WINDOWS\system32\vturo.dll C:\WINDOWS\system32\vturs.dll C:\WINDOWS\system32\xycdd.bak1 C:\WINDOWS\system32\xycdd.bak2 C:\WINDOWS\system32\xycdd.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))))))) . 2007-11-21 20:30 . 2007-11-21 20:30 433 ---hs---- C:\WINDOWS\system32\ggjlm.ini 2007-11-21 20:20 . 2007-11-21 20:20 <REP> d-------- C:\Documents and Settings\ass\Application Data\Grisoft 2007-11-21 20:20 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-21 20:15 . 2007-11-21 20:15 <REP> d-------- C:\WINDOWS\LastGood.Tmp 2007-11-16 12:37 . 2007-11-16 12:37 <REP> d-------- C:\Program Files\Alwil Software 2007-11-16 12:37 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-11-16 12:37 . 2007-09-06 12:09 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-11-16 12:37 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-11-16 12:37 . 2007-09-06 12:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-11-16 12:37 . 2007-09-06 12:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-11-16 12:37 . 2007-09-06 12:05 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-11-16 12:37 . 2007-09-06 12:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-11-16 12:37 . 2007-09-06 12:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-11-16 12:22 . 2007-11-16 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-11-14 21:39 . 2007-11-14 21:39 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise 2007-11-14 21:34 . 2007-11-14 21:34 151 --a------ C:\Documents 2007-11-14 20:16 . 2004-08-03 14:00 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-11-14 20:16 . 2004-08-03 13:59 170,776 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-11-14 20:16 . 2004-08-03 14:02 169,240 --a------ C:\WINDOWS\system32\wuaucpl.cpl 2007-11-14 19:50 . 2001-08-28 13:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex 2007-11-14 19:49 . 2001-08-28 13:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll 2007-11-14 19:34 . 2001-08-28 13:00 15,872 --a------ C:\WINDOWS\system32\dllcache\chgport.exe 2007-11-14 19:34 . 2001-08-28 13:00 14,848 --a------ C:\WINDOWS\system32\dllcache\chgusr.exe 2007-11-14 19:34 . 2001-08-28 13:00 13,824 --a------ C:\WINDOWS\system32\dllcache\chglogon.exe 2007-11-14 19:34 . 2001-08-28 13:00 10,240 --a------ C:\WINDOWS\system32\dllcache\change.exe 2007-11-14 19:30 . 2007-11-14 19:30 <REP> d-------- C:\Documents and Settings\Default User\Application Data\AVG7 2007-11-14 19:29 . 2007-11-14 19:29 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2007-11-14 19:29 . 2007-11-14 19:29 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2007-11-14 19:29 . 2007-11-14 19:29 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2007-11-14 19:29 . 2007-11-14 19:29 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2007-11-14 19:29 . 2007-11-14 19:29 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2007-11-14 19:29 . 2007-11-14 19:29 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2007-11-14 19:26 . 2002-08-29 10:44 1,268,224 --a------ C:\WINDOWS\system32\dllcache\cimwin32.dll 2007-11-14 19:25 . 2002-08-29 01:32 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-11-14 19:24 . 2001-08-17 20:11 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys 2007-11-14 19:24 . 2002-08-29 11:23 57,728 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-11-14 19:23 . 2002-08-29 01:06 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-11-14 19:23 . 2002-08-29 11:45 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-11-14 19:15 . 2007-11-14 19:15 <REP> d-------- C:\WINDOWS\msapps 2007-11-09 11:00 . 2007-11-09 11:00 340,480 --a------ C:\WINDOWS\system32\pmnomnn.dll 2007-11-08 14:55 . 2007-11-09 11:00 5 --ah----- C:\WINDOWS\system32\mciadsw.dns . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-14 20:39 --------- d-----w C:\Program Files\Hijackthis Version Française 2007-11-14 18:31 558,142 ----a-w C:\WINDOWS\java\Packages\ZH7B5VJV.ZIP 2007-11-14 18:31 155,995 ----a-w C:\WINDOWS\java\Packages\WNN3D3TN.ZIP 2007-08-23 19:49 6,526 --sh--w C:\WINDOWS\system32\ututv.bak2 2007-08-21 16:19 6,486 --sh--w C:\WINDOWS\system32\ututv.bak1 2007-07-24 19:44 724,449 --sh--w C:\WINDOWS\system32\bdeeg.bak2 2007-07-24 19:44 724,993 --sh--w C:\WINDOWS\system32\bdeeg.bak1 . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1674A64F-972C-468F-B69B-8C4FF05D1251}] C:\WINDOWS\System32\vtutu.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23FE8CEB-FE79-42CD-898B-54794C6159FC}] C:\WINDOWS\System32\ddcyx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CC4052A-6BC9-4C7E-B027-732DE8334EC7}] C:\WINDOWS\System32\geedb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}] 2007-11-09 11:00 340480 --a------ C:\WINDOWS\system32\pmnomnn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74165201-DCC2-43C5-B516-2335D808BCF3}] C:\WINDOWS\System32\mljgg.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 09:45] "Armenian NLS Keyboard"="C:\Program Files\Armenian NLS\armnls.exe" [2006-04-25 09:19] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 09:45] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\pmnomnn.dll [2007-11-09 11:00 340480] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedb] C:\WINDOWS\System32\geedb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggdecc] hggdecc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mciadsw] mciadsw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkijj] pmnkijj.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnomnn] pmnomnn.dll 2007-11-09 11:00 340480 C:\WINDOWS\system32\pmnomnn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutu] C:\WINDOWS\System32\vtutu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\ddcyaxu.dll R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\System32\DRIVERS\wg111v2.sys *Newly Created Service* - ALG *Newly Created Service* - IPNAT . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 19:40:08 Windows 5.1.2600 Service Pack 1 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-05 19:41:05 - machine was rebooted . --- E O F ---
  2. alfgus
    Merci, mais je comprends pas ? ce que je dois faire... J ai essayé de faire un scan en mode sans échecs mais pas de resulats.. J ai desinstallé AVG pour AVAST mais toujours rien.. J ai une alerte de spyware pour le fichier suivant: mljgg.dll Merci de votre aide, je ne sais pas quoi faire ?
  3. alfgus
    Bonsoir à tous, Désolé de mon post s'il n est pas au bon endroit mais je n'arrive pas à me debarrasser de ce "malware" qui me lance des fenetres intempestives Mozilla avec des pubs... J'ai lancé le logiciel hijackthis (pas en mode sans échecs) et voici le rapport. Que dois je faire en plus ? Merci. Logfile of HijackThis v1.99.1 Scan saved at 21:56:36, on 14/11/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Armenian NLS\nlsload.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Hijackthis Version Française\hijackthis vf.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {070E3D6D-E8A7-44A8-8708-764D21CCB10A} - C:\WINDOWS\System32\awvtu.dll O2 - BHO: (no name) - {1674A64F-972C-468F-B69B-8C4FF05D1251} - C:\WINDOWS\System32\vtutu.dll (file missing) O2 - BHO: (no name) - {23FE8CEB-FE79-42CD-898B-54794C6159FC} - C:\WINDOWS\System32\ddcyx.dll (file missing) O2 - BHO: (no name) - {3CC4052A-6BC9-4C7E-B027-732DE8334EC7} - C:\WINDOWS\System32\geedb.dll (file missing) O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\pmnomnn.dll O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\System32\tmp75.tmp.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\mlmmlj.dll",forkonce O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Armenian NLS Keyboard] C:\Program Files\Armenian NLS\armnls.exe /load O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191433897953 O20 - AppInit_DLLs: c:\windows\system32\ddcyaxu.dll O20 - Winlogon Notify: geedb - C:\WINDOWS\System32\geedb.dll (file missing) O20 - Winlogon Notify: hggdecc - hggdecc.dll (file missing) O20 - Winlogon Notify: mciadsw - mciadsw.dll (file missing) O20 - Winlogon Notify: pmnkijj - pmnkijj.dll (file missing) O20 - Winlogon Notify: pmnomnn - C:\WINDOWS\SYSTEM32\pmnomnn.dll O20 - Winlogon Notify: vtutu - C:\WINDOWS\System32\vtutu.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\qwerty12.exe (file missing) O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
×
×
  • Créer...