infesté (1/2)

Connexion au forum informatique de Sur-la-Toile

La discussion « infesté » se trouve dans le forum « Virus, troyens, etc... »

	infesté
	» Liste des Forums » Virus, troyens, etc... » Discussion

6 messages dans la rubrique Virus, troyens, etc...

Le 24-02-2007 à 10:22 #

Je suis depuis 72 h totalement infesté par de nombreux adwares et compagnie (mezzicodec, winantiviruspro ....)
Au moins une dizaine de differents
On dirair qu'ils se reproduisent ...
Merci de m'aider
Ci joint mon logfile hijack this :

Logfile of HijackThis v1.99.1
Scan saved at 09:56:19, on 24/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
E:\Avast4\aswUpdSv.exe
E:\Avast4\ashServ.exe
E:\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
E:\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
E:\Avast4\ashMaiSv.exe
E:\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Avast4\ashDisp.exe
C:\WINDOWS\vVX3000.exe
E:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
E:\a-squared Free\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Adobe\Reader\Reader\reader_sl.exe
C:\Program Files\Wireless\Client Manager\CmAGS.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\François\Bureau\Antivirus\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1AE3FAAA-9BBF-FC32-D313-0528AF98848A} - C:\WINDOWS\System32\mvrlfwg.dll
O2 - BHO: (no name) - {4E10113C-61C2-499A-B8E5-7234DB958683} - C:\WINDOWS\System32\vtsts.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55EC5306-2DFC-B6BC-298C-09D820A8BFC5} - C:\WINDOWS\System32\ewodkub.dll
O2 - BHO: (no name) - {668C4DB7-AE74-480F-9A23-65B2F47F5BCF} - C:\WINDOWS\System32\pmnlj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\System32\euehdfdc.dll (file missing)
O2 - BHO: (no name) - {EB56076C-EEB4-4FB9-BE89-04A5B6980A8E} - C:\WINDOWS\System32\tuvttqn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [avast!] E:\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S174.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [!ewido] "E:\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [fuxlbfj.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\François\Local Settings\Application Data\fuxlbfj.dll",qrfvbwd
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "E:\a-squared Free\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvrob.dll,startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Adobe\Reader\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Adobe\Reader\Reader\reader_sl.exe
O4 - Global Startup: Wireless Client Manager.lnk = C:\Program Files\Wireless\Client Manager\CmAGS.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://delphframb.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ljjgefc - ljjgefc.dll (file missing)
O20 - Winlogon Notify: tuvttqn - C:\WINDOWS\SYSTEM32\tuvttqn.dll
O20 - Winlogon Notify: vtsts - C:\WINDOWS\System32\vtsts.dll
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

12477 messages dans la rubrique Virus, troyens, etc...

399 messages dans la rubrique Dépannage Informatique

Le 24-02-2007 à 10:27 #

bonjour
infection Vundo

Télécharger sur le Bureau.
VundoFix

= Double-clic VundoFix.exe.
= Clic OK
=Attendre le redemarrage de Vundofix
=Clic Scan for Vundo
= le scan est assez long , à la fin
=Clic Remove Vundo
= Puis yes
= Le Bureau disparaît un moment lors de la suppression des fichiers.
=Message shutdown
=clic OK
=Redémarrage auto
Note : il peut y avoir plusieurs redémarrages
=copier le rapport qui est dans C:\vundofix.txt
+
un nouveau hijack

Le 24-02-2007 à 10:50 #

merci mais j'ai l'impression que ca suffit pas
j'ai encore eu a l'ouverture de windows des alertes avec "udial.exe" et "wintmp9.exe"

cijoint les logs

merci

VundoFix V6.3.8

Checking Java version...

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 10:41:43 24/02/2007

Listing files found while scanning....

C:\WINDOWS\System32\ststv.bak1
C:\WINDOWS\System32\ststv.ini
C:\WINDOWS\System32\vtsts.dll

Beginning removal...

Attempting to delete C:\WINDOWS\System32\ststv.bak1
C:\WINDOWS\System32\ststv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\ststv.ini
C:\WINDOWS\System32\ststv.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\vtsts.dll
C:\WINDOWS\System32\vtsts.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 10:51:57, on 24/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
E:\Avast4\aswUpdSv.exe
E:\Avast4\ashServ.exe
E:\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
E:\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\Avast4\ashWebSv.exe
E:\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Avast4\ashDisp.exe
C:\WINDOWS\vVX3000.exe
E:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
E:\a-squared Free\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Adobe\Reader\Reader\reader_sl.exe
C:\Program Files\Wireless\Client Manager\CmAGS.exe
E:\Mozilla firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\François\Bureau\Antivirus\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1AE3FAAA-9BBF-FC32-D313-0528AF98848A} - C:\WINDOWS\System32\mvrlfwg.dll
O2 - BHO: (no name) - {2103F793-9D46-4050-8242-F8BEA99FF000} - C:\WINDOWS\System32\vtsts.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55EC5306-2DFC-B6BC-298C-09D820A8BFC5} - C:\WINDOWS\System32\ewodkub.dll
O2 - BHO: (no name) - {668C4DB7-AE74-480F-9A23-65B2F47F5BCF} - C:\WINDOWS\System32\pmnlj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\System32\euehdfdc.dll (file missing)
O2 - BHO: (no name) - {EB56076C-EEB4-4FB9-BE89-04A5B6980A8E} - C:\WINDOWS\System32\tuvttqn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [avast!] E:\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S174.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [!ewido] "E:\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [fuxlbfj.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\François\Local Settings\Application Data\fuxlbfj.dll",qrfvbwd
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "E:\a-squared Free\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvrob.dll,startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Adobe\Reader\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Adobe\Reader\Reader\reader_sl.exe
O4 - Global Startup: Wireless Client Manager.lnk = C:\Program Files\Wireless\Client Manager\CmAGS.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://delphframb.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ljjgefc - ljjgefc.dll (file missing)
O20 - Winlogon Notify: tuvttqn - C:\WINDOWS\SYSTEM32\tuvttqn.dll
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

453 messages dans la rubrique Virus, troyens, etc...

35 ans.

Le 24-02-2007 à 10:53 #

salut
Télécharges VirtumundoBegone et mets-le sur ton bureau
VirtumundoBeGone.exe
Lances VirtumundoBeGone en double cliquant sur VirtumundoBeGone.exe et suis les instrcutions qui s'affichent.
Ne t inquiétes pas si tu vois un message bleu "erreur fatale" c'est normal !
Une fois l'opération terminée, redémarres ton pc !
et post le rapport VBG.TXT qui est sur le bureau avec un nouveau hijackthis

a+

Le 24-02-2007 à 10:53 #

il en reste encore

Télécharger sur le bureau
VirtumondoBegone
VirtumondoBegone

=Double clic sur VirtumundoBeGone.exe
=clic Continue ==> clic Start
=clic Oui
=A la fin si Vundo est présent , le PC s’éteint et redémarre

Si Ecran bleu et message : Erreur fatale .. pas de problème

=Poster le rapport VBG.TXT qui est sur le bureau
=============================
+
un hijack

Le 24-02-2007 à 11:18 #

fait

tjrs mezzicodec et win32 trojan gen

les logs :

merci

[02/24/2007, 11:14:44] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\François\Bureau\VirtumundoBeGone.exe" )
[02/24/2007, 11:14:55] - Detected System Information:
[02/24/2007, 11:14:55] - Windows Version: 5.1.2600, Service Pack 1
[02/24/2007, 11:14:55] - Current Username: François (Admin)
[02/24/2007, 11:14:55] - Windows is in NORMAL mode.
[02/24/2007, 11:14:55] - Searching for Browser Helper Objects:
[02/24/2007, 11:14:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[02/24/2007, 11:14:55] - BHO 2: {1AE3FAAA-9BBF-FC32-D313-0528AF98848A} ()
[02/24/2007, 11:14:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:14:55] - Checking for HKLM\...\Winlogon\Notify\mvrlfwg
[02/24/2007, 11:14:55] - Key not found: HKLM\...\Winlogon\Notify\mvrlfwg, continuing.
[02/24/2007, 11:14:55] - BHO 3: {2103F793-9D46-4050-8242-F8BEA99FF000} ()
[02/24/2007, 11:14:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:14:55] - Checking for HKLM\...\Winlogon\Notify\vtsts
[02/24/2007, 11:14:55] - Key not found: HKLM\...\Winlogon\Notify\vtsts, continuing.
[02/24/2007, 11:14:55] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/24/2007, 11:14:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:14:55] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/24/2007, 11:14:55] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/24/2007, 11:14:55] - BHO 5: {55EC5306-2DFC-B6BC-298C-09D820A8BFC5} ()
[02/24/2007, 11:14:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:14:55] - Checking for HKLM\...\Winlogon\Notify\ewodkub
[02/24/2007, 11:14:55] - Key not found: HKLM\...\Winlogon\Notify\ewodkub, continuing.
[02/24/2007, 11:14:55] - BHO 6: {668C4DB7-AE74-480F-9A23-65B2F47F5BCF} ()
[02/24/2007, 11:14:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:14:55] - Checking for HKLM\...\Winlogon\Notify\pmnlj
[02/24/2007, 11:14:56] - Key not found: HKLM\...\Winlogon\Notify\pmnlj, continuing.
[02/24/2007, 11:14:56] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/24/2007, 11:14:56] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/24/2007, 11:14:56] - BHO 9: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/24/2007, 11:14:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:14:56] - Checking for HKLM\...\Winlogon\Notify\euehdfdc
[02/24/2007, 11:14:56] - Key not found: HKLM\...\Winlogon\Notify\euehdfdc, continuing.
[02/24/2007, 11:14:56] - BHO 10: {EB56076C-EEB4-4FB9-BE89-04A5B6980A8E} ()
[02/24/2007, 11:14:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:14:56] - Checking for HKLM\...\Winlogon\Notify\tuvttqn
[02/24/2007, 11:14:56] - Found: HKLM\...\Winlogon\Notify\tuvttqn - This is probably Virtumundo.
[02/24/2007, 11:14:56] - Assigning {EB56076C-EEB4-4FB9-BE89-04A5B6980A8E} MSEvents Object
[02/24/2007, 11:14:56] - BHO list has been changed! Starting over...
[02/24/2007, 11:14:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[02/24/2007, 11:14:56] - BHO 2: {1AE3FAAA-9BBF-FC32-D313-0528AF98848A} ()
[02/24/2007, 11:14:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:14:56] - Checking for HKLM\...\Winlogon\Notify\mvrlfwg
[02/24/2007, 11:14:56] - Key not found: HKLM\...\Winlogon\Notify\mvrlfwg, continuing.
[02/24/2007, 11:14:56] - BHO 3: {2103F793-9D46-4050-8242-F8BEA99FF000} ()
[02/24/2007, 11:14:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:14:56] - Checking for HKLM\...\Winlogon\Notify\vtsts
[02/24/2007, 11:14:56] - Key not found: HKLM\...\Winlogon\Notify\vtsts, continuing.
[02/24/2007, 11:14:56] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/24/2007, 11:14:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:14:56] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/24/2007, 11:14:56] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/24/2007, 11:14:56] - BHO 5: {55EC5306-2DFC-B6BC-298C-09D820A8BFC5} ()
[02/24/2007, 11:14:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:14:56] - Checking for HKLM\...\Winlogon\Notify\ewodkub
[02/24/2007, 11:14:56] - Key not found: HKLM\...\Winlogon\Notify\ewodkub, continuing.
[02/24/2007, 11:14:56] - BHO 6: {668C4DB7-AE74-480F-9A23-65B2F47F5BCF} ()
[02/24/2007, 11:14:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:14:56] - Checking for HKLM\...\Winlogon\Notify\pmnlj
[02/24/2007, 11:14:56] - Key not found: HKLM\...\Winlogon\Notify\pmnlj, continuing.
[02/24/2007, 11:14:56] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/24/2007, 11:14:56] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/24/2007, 11:14:57] - BHO 9: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/24/2007, 11:14:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:14:57] - Checking for HKLM\...\Winlogon\Notify\euehdfdc
[02/24/2007, 11:14:57] - Key not found: HKLM\...\Winlogon\Notify\euehdfdc, continuing.
[02/24/2007, 11:14:57] - BHO 10: {EB56076C-EEB4-4FB9-BE89-04A5B6980A8E} (MSEvents Object)
[02/24/2007, 11:14:57] - ALERT: Found MSEvents Object!
[02/24/2007, 11:14:57] - Finished Searching Browser Helper Objects
[02/24/2007, 11:14:57] - *** Detected MSEvents Object
[02/24/2007, 11:14:57] - Trying to remove MSEvents Object...
[02/24/2007, 11:14:58] - Terminating Process: IEXPLORE.EXE
[02/24/2007, 11:14:58] - Terminating Process: RUNDLL32.EXE
[02/24/2007, 11:14:58] - Disabling Automatic Shell Restart
[02/24/2007, 11:14:58] - Terminating Process: EXPLORER.EXE
[02/24/2007, 11:14:59] - Suspending the NT Session Manager System Service
[02/24/2007, 11:14:59] - Terminating Windows NT Logon/Logoff Manager
[02/24/2007, 11:14:59] - Re-enabling Automatic Shell Restart
[02/24/2007, 11:14:59] - File to disable: C:\WINDOWS\System32\tuvttqn.dll
[02/24/2007, 11:14:59] - Renaming C:\WINDOWS\System32\tuvttqn.dll -> C:\WINDOWS\System32\tuvttqn.dll.vir
[02/24/2007, 11:14:59] - File successfully renamed!
[02/24/2007, 11:14:59] - Removing HKLM\...\Browser Helper Objects\{EB56076C-EEB4-4FB9-BE89-04A5B6980A8E}
[02/24/2007, 11:14:59] - Removing HKCR\CLSID\{EB56076C-EEB4-4FB9-BE89-04A5B6980A8E}
[02/24/2007, 11:14:59] - Adding Kill Bit for ActiveX for GUID: {EB56076C-EEB4-4FB9-BE89-04A5B6980A8E}
[02/24/2007, 11:14:59] - Deleting ATLEvents/MSEvents Registry entries
[02/24/2007, 11:14:59] - Removing HKLM\...\Winlogon\Notify\tuvttqn
[02/24/2007, 11:14:59] - Searching for Browser Helper Objects:
[02/24/2007, 11:14:59] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[02/24/2007, 11:15:00] - BHO 2: {1AE3FAAA-9BBF-FC32-D313-0528AF98848A} ()
[02/24/2007, 11:15:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:15:00] - Checking for HKLM\...\Winlogon\Notify\mvrlfwg
[02/24/2007, 11:15:00] - Key not found: HKLM\...\Winlogon\Notify\mvrlfwg, continuing.
[02/24/2007, 11:15:00] - BHO 3: {2103F793-9D46-4050-8242-F8BEA99FF000} ()
[02/24/2007, 11:15:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:15:00] - Checking for HKLM\...\Winlogon\Notify\vtsts
[02/24/2007, 11:15:00] - Key not found: HKLM\...\Winlogon\Notify\vtsts, continuing.
[02/24/2007, 11:15:00] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/24/2007, 11:15:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:15:00] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/24/2007, 11:15:00] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/24/2007, 11:15:00] - BHO 5: {55EC5306-2DFC-B6BC-298C-09D820A8BFC5} ()
[02/24/2007, 11:15:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:15:00] - Checking for HKLM\...\Winlogon\Notify\ewodkub
[02/24/2007, 11:15:00] - Key not found: HKLM\...\Winlogon\Notify\ewodkub, continuing.
[02/24/2007, 11:15:00] - BHO 6: {668C4DB7-AE74-480F-9A23-65B2F47F5BCF} ()
[02/24/2007, 11:15:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:15:00] - Checking for HKLM\...\Winlogon\Notify\pmnlj
[02/24/2007, 11:15:00] - Key not found: HKLM\...\Winlogon\Notify\pmnlj, continuing.
[02/24/2007, 11:15:01] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/24/2007, 11:15:01] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/24/2007, 11:15:01] - BHO 9: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/24/2007, 11:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:15:01] - Checking for HKLM\...\Winlogon\Notify\euehdfdc
[02/24/2007, 11:15:01] - Key not found: HKLM\...\Winlogon\Notify\euehdfdc, continuing.
[02/24/2007, 11:15:01] - Finished Searching Browser Helper Objects
[02/24/2007, 11:15:01] - Finishing up...
[02/24/2007, 11:15:01] - A restart is needed.
[02/24/2007, 11:15:11] - Attempting to Restart via STOP error (Blue Screen!)

[02/24/2007, 11:17:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\François\Bureau\VirtumundoBeGone.exe" )
[02/24/2007, 11:17:34] - Detected System Information:
[02/24/2007, 11:17:34] - Windows Version: 5.1.2600, Service Pack 1
[02/24/2007, 11:17:35] - Current Username: François (Admin)
[02/24/2007, 11:17:35] - Windows is in NORMAL mode.
[02/24/2007, 11:17:35] - Searching for Browser Helper Objects:
[02/24/2007, 11:17:35] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[02/24/2007, 11:17:35] - BHO 2: {1AE3FAAA-9BBF-FC32-D313-0528AF98848A} ()
[02/24/2007, 11:17:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:17:35] - Checking for HKLM\...\Winlogon\Notify\mvrlfwg
[02/24/2007, 11:17:35] - Key not found: HKLM\...\Winlogon\Notify\mvrlfwg, continuing.
[02/24/2007, 11:17:35] - BHO 3: {2103F793-9D46-4050-8242-F8BEA99FF000} ()
[02/24/2007, 11:17:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:17:35] - Checking for HKLM\...\Winlogon\Notify\vtsts
[02/24/2007, 11:17:35] - Key not found: HKLM\...\Winlogon\Notify\vtsts, continuing.
[02/24/2007, 11:17:35] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/24/2007, 11:17:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:17:35] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/24/2007, 11:17:35] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/24/2007, 11:17:35] - BHO 5: {55EC5306-2DFC-B6BC-298C-09D820A8BFC5} ()
[02/24/2007, 11:17:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:17:35] - Checking for HKLM\...\Winlogon\Notify\ewodkub
[02/24/2007, 11:17:35] - Key not found: HKLM\...\Winlogon\Notify\ewodkub, continuing.
[02/24/2007, 11:17:35] - BHO 6: {668C4DB7-AE74-480F-9A23-65B2F47F5BCF} ()
[02/24/2007, 11:17:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:17:36] - Checking for HKLM\...\Winlogon\Notify\pmnlj
[02/24/2007, 11:17:36] - Key not found: HKLM\...\Winlogon\Notify\pmnlj, continuing.
[02/24/2007, 11:17:36] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/24/2007, 11:17:36] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/24/2007, 11:17:36] - BHO 9: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/24/2007, 11:17:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:17:36] - Checking for HKLM\...\Winlogon\Notify\euehdfdc
[02/24/2007, 11:17:36] - Key not found: HKLM\...\Winlogon\Notify\euehdfdc, continuing.
[02/24/2007, 11:17:36] - Finished Searching Browser Helper Objects
[02/24/2007, 11:17:36] - Finishing up...
[02/24/2007, 11:17:36] - Nothing found! Exiting...

[02/24/2007, 11:17:55] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\François\Bureau\VirtumundoBeGone.exe" )
[02/24/2007, 11:17:56] - Detected System Information:
[02/24/2007, 11:17:56] - Windows Version: 5.1.2600, Service Pack 1
[02/24/2007, 11:17:56] - Current Username: François (Admin)
[02/24/2007, 11:17:56] - Windows is in NORMAL mode.
[02/24/2007, 11:17:56] - Searching for Browser Helper Objects:
[02/24/2007, 11:17:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[02/24/2007, 11:17:56] - BHO 2: {1AE3FAAA-9BBF-FC32-D313-0528AF98848A} ()
[02/24/2007, 11:17:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:17:56] - Checking for HKLM\...\Winlogon\Notify\mvrlfwg
[02/24/2007, 11:17:56] - Key not found: HKLM\...\Winlogon\Notify\mvrlfwg, continuing.
[02/24/2007, 11:17:56] - BHO 3: {2103F793-9D46-4050-8242-F8BEA99FF000} ()
[02/24/2007, 11:17:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:17:56] - Checking for HKLM\...\Winlogon\Notify\vtsts
[02/24/2007, 11:17:56] - Key not found: HKLM\...\Winlogon\Notify\vtsts, continuing.
[02/24/2007, 11:17:56] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/24/2007, 11:17:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:17:56] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/24/2007, 11:17:56] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/24/2007, 11:17:56] - BHO 5: {55EC5306-2DFC-B6BC-298C-09D820A8BFC5} ()
[02/24/2007, 11:17:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:17:56] - Checking for HKLM\...\Winlogon\Notify\ewodkub
[02/24/2007, 11:17:57] - Key not found: HKLM\...\Winlogon\Notify\ewodkub, continuing.
[02/24/2007, 11:17:57] - BHO 6: {668C4DB7-AE74-480F-9A23-65B2F47F5BCF} ()
[02/24/2007, 11:17:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:17:57] - Checking for HKLM\...\Winlogon\Notify\pmnlj
[02/24/2007, 11:17:57] - Key not found: HKLM\...\Winlogon\Notify\pmnlj, continuing.
[02/24/2007, 11:17:57] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/24/2007, 11:17:57] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/24/2007, 11:17:57] - BHO 9: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/24/2007, 11:17:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 11:17:57] - Checking for HKLM\...\Winlogon\Notify\euehdfdc
[02/24/2007, 11:17:57] - Key not found: HKLM\...\Winlogon\Notify\euehdfdc, continuing.
[02/24/2007, 11:17:57] - Finished Searching Browser Helper Objects
[02/24/2007, 11:17:57] - Finishing up...
[02/24/2007, 11:17:57] - Nothing found! Exiting...

Logfile of HijackThis v1.99.1
Scan saved at 11:18:35, on 24/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
E:\Avast4\aswUpdSv.exe
E:\Avast4\ashServ.exe
E:\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
E:\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Avast4\ashDisp.exe
C:\WINDOWS\vVX3000.exe
E:\Avast4\ashMaiSv.exe
E:\AVG Anti-Spyware 7.5\avgas.exe
E:\Avast4\ashWebSv.exe
C:\WINDOWS\System32\rundll32.exe
E:\a-squared Free\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Adobe\Reader\Reader\reader_sl.exe
C:\Program Files\Wireless\Client Manager\CmAGS.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Mozilla firefox\firefox.exe
C:\Documents and Settings\François\Bureau\Antivirus\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1AE3FAAA-9BBF-FC32-D313-0528AF98848A} - C:\WINDOWS\System32\mvrlfwg.dll
O2 - BHO: (no name) - {2103F793-9D46-4050-8242-F8BEA99FF000} - C:\WINDOWS\System32\vtsts.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55EC5306-2DFC-B6BC-298C-09D820A8BFC5} - C:\WINDOWS\System32\ewodkub.dll
O2 - BHO: (no name) - {668C4DB7-AE74-480F-9A23-65B2F47F5BCF} - C:\WINDOWS\System32\pmnlj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\System32\euehdfdc.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [avast!] E:\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S174.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [!ewido] "E:\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [fuxlbfj.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\François\Local Settings\Application Data\fuxlbfj.dll",qrfvbwd
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "E:\a-squared Free\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvrob.dll,startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Adobe\Reader\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Adobe\Reader\Reader\reader_sl.exe
O4 - Global Startup: Wireless Client Manager.lnk = C:\Program Files\Wireless\Client Manager\CmAGS.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://delphframb.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ljjgefc - ljjgefc.dll (file missing)
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

35 ans.

Le 24-02-2007 à 11:48 #

salut

met ton pc à jour via windowsupdate et installe le service pack2

ensuite

télécharge puis installe ccleaner
ccleaner
attention a la fin de l'installation laisse cocher uniquement "ajouter un icone sur le bureau"
decoche les quatre autres cases
quand le programme est installé double clic sur l'icone ccleaner
lance le nettoyage
et lance" corriger les erreurs"
Tutoriel Comment utiliser CCleaner

ensuite

Télécharge puis installe
AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Redémarre en mode sans échec
Relance AVG Anti-Spyware (AVG AS) puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté détécté en fin d'analyse
Clique sur "Appliquer toutes les actions "
copie colle le rapport obtenu

a+

post en plus du rapport avg un nouveau log hijackthis

[ Ce message a été modifié par : : fred841 le 24-02-2007 11:48 ]

Le 24-02-2007 à 12:02 #

AVG , il l'a déjà ( = Ewido)

relancer hijack
cocher ces lignes et clic sur fix checked

O2 - BHO: (no name) - {1AE3FAAA-9BBF-FC32-D313-0528AF98848A} - C:\WINDOWS\System32\mvrlfwg.dll
O2 - BHO: (no name) - {2103F793-9D46-4050-8242-F8BEA99FF000} - C:\WINDOWS\System32\vtsts.dll (file missing)
O2 - BHO: (no name) - {55EC5306-2DFC-B6BC-298C-09D820A8BFC5} - C:\WINDOWS\System32\ewodkub.dll
O2 - BHO: (no name) - {668C4DB7-AE74-480F-9A23-65B2F47F5BCF} - C:\WINDOWS\System32\pmnlj.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\System32\euehdfdc.dll (file missing)
O4 - HKLM\..\Run: [fuxlbfj.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\François\Local Settings\Application Data\fuxlbfj.dll",qrfvbwd
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvrob.dll,startup
O20 - Winlogon Notify: ljjgefc - ljjgefc.dll (file missing)
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
----
faire

Faire
Démarrer==> Exécuter ==> Ecrire: services.msc
Dans le tableau qui s’ouvre chercher : Boonty Games - BOONTY
Double-clic dessus==> dans type de démarrage ==>Désactiver ==> en dessous
Arrêter
------
Dans hijack
= Open the misc tools section
= Delete a NT service
= coller dans la case ce texte en gras : Boonty Games - BOONTY
= ok
= redémarrer
------------
Dans hijack
= Open the misc tools section
= Delete a file on reboot
= coller dans la case ce texte en gras : C:\WINDOWS\SYSTEM32\winexz32.dll
= ok
= redémarrer
-------
supprimer , si présent

mvrlfwg.dll ==> dans C:\WINDOWS\System32
ewodkub.dll ==> dans C:\WINDOWS\System32
et
En ayant accés aux fichiers cachés
Démarrer =>Poste de travail =>Outils =>Options des dossiers =>Affichage
Cocher = Afficher les fichiers et dossiers cachés

fuxlbfj.dll ==> dans C:\Documents and Settings\François\Local Settings\Application Data\
------
refaire un hijack

Le 24-02-2007 à 12:41 #

merci pour cette aide

ci joint le rapport

malheureusement je dois partir au boulot jusqu'a demain matin
on verra a ce moment la ou ca en est

merci encore

Logfile of HijackThis v1.99.1
Scan saved at 12:42:18, on 24/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
E:\Avast4\aswUpdSv.exe
E:\Avast4\ashServ.exe
E:\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
E:\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Avast4\ashDisp.exe
C:\WINDOWS\vVX3000.exe
E:\Mozilla firefox\firefox.exe
E:\AVG Anti-Spyware 7.5\avgas.exe
E:\Avast4\ashWebSv.exe
E:\Avast4\ashMaiSv.exe
E:\a-squared Free\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Adobe\Reader\Reader\reader_sl.exe
C:\Program Files\Wireless\Client Manager\CmAGS.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\François\Bureau\Antivirus\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [avast!] E:\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S174.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [!ewido] "E:\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "E:\a-squared Free\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Adobe\Reader\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Adobe\Reader\Reader\reader_sl.exe
O4 - Global Startup: Wireless Client Manager.lnk = C:\Program Files\Wireless\Client Manager\CmAGS.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://delphframb.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

Le 24-02-2007 à 13:49 #

relancer hijack
cocher et clic fix checked pour

O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)
--------
tu as maintenant deux fois la même chose avec ses 2 noms différents
donc en désinstallé 1
EWIDO
AVGanti-spy
pour info Ewido a été racheté par AVG , d'où son changement de nom, mais c'est le même produit

» Liste des Forums » Virus, troyens, etc...

Ces discussions pourraient vous intéresser également:

PC infesté ?!

pc infesté de pubs

infesté par un virus sur msn
pc infesté par gebya exe
Ordinateur infesté

Navigation

Connectés

Il y a actuellement 357 visiteurs et 6 toiliens en ligne.

Recherche

Inscription

Partenaires

Sauf mention contraire, le contenu du blog et du forum est sous licence Creative Commons By-Sa. Vous avez le droit de le reproduire à condition de citer l'auteur, de faire un lien vers la page d'origine, et de partager vos travaux dérivés selon les mêmes conditions.

Conditions d'utilisation -

Partenaires: [Informatique Multimédia] [Portail du Maroc] [Actualité High Tech]
[Tutoriaux Photoshop] [éligibilité ADSL] [Astuces Windows]

Page générée en 94 millisecondes sur WWW1.

infesté

Participer! →

ficks →

Le 24-02-2007 à 10:22 #

land3 →

Le 24-02-2007 à 10:27 #

ficks →

Le 24-02-2007 à 10:50 #

fred841 →

Le 24-02-2007 à 10:53 #

land3 →

Le 24-02-2007 à 10:53 #

ficks →

Le 24-02-2007 à 11:18 #

fred841 →

Le 24-02-2007 à 11:48 #

land3 →

Le 24-02-2007 à 12:02 #

ficks →

Le 24-02-2007 à 12:41 #

land3 →

Le 24-02-2007 à 13:49 #

Participer! →

Ces discussions pourraient vous intéresser également:

Sujets Connexes

Arakien & WéWé

Du nouveau ?

Forums

Navigation

Publicité

Connectés

Recherche

Inscription

Partenaires