Encore et toujours ces sales pubs ... (1/1)

Connexion au forum informatique de Sur-la-Toile

La discussion « Encore et toujours ces sales pubs ... » se trouve dans le forum « Virus, troyens, etc... »

	Encore et toujours ces sales pubs ...
	» Liste des Forums » Virus, troyens, etc... » Discussion

25 messages dans la rubrique Dépannage Informatique

2 messages dans la rubrique Virus, troyens, etc...

15 ans.

Le 17-03-2007 à 23:24 #

Bon j'ai des sale pubs comme des anti-virus comme quoi j'ai ete sur des site "illegaux" ou des site qu'il pourrait briser ma carriere ou mon mariage ... et qui m'incite a telecharger leur anti spyware bon comme dans le topic FAQ l'indique voila le rapport de hijack :

Logfile of HijackThis v1.99.1
Scan saved at 23:22:39, on 17/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\v6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Steam\Steam.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {010FF400-8DFB-439D-987B-DCDE5195F4D8} - C:\WINDOWS\system32\ssqnmki.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29FA8E23-F38C-1808-EA3C-09EAA30ED937} - C:\WINDOWS\system32\xvprhql.dll
O2 - BHO: (no name) - {31D512C7-CB23-4F21-9E9F-47C852078D00} - C:\WINDOWS\system32\nlbaevlm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3D272EA-7E17-4711-A7F8-2B0B148F989B} - C:\WINDOWS\system32\pmnnnkh.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\jfkfprfw.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\qughgtdt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FA7DE12A-3D05-4397-B505-B5F85C977646} - C:\WINDOWS\system32\pmkhg.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ybmdnpex.dll",setvm
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\svch0.dll
O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll
O20 - Winlogon Notify: pmnnnkh - C:\WINDOWS\SYSTEM32\pmnnnkh.dll
O20 - Winlogon Notify: ssqnmki - C:\WINDOWS\SYSTEM32\ssqnmki.dll
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll
O20 - Winlogon Notify: winhab32 - C:\WINDOWS\SYSTEM32\winhab32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Merci

7399 messages dans la rubrique Virus, troyens, etc...

2367 messages dans la rubrique Dépannage Informatique

289 messages dans la rubrique Hors sujet

16 ans.

Le 17-03-2007 à 23:28 #

salut

je vais aller vite fait lol

télécharge spybot >> mises à jours >> vaccine >> scan et supp ce qu'il trouve

redémarre ton ordi

télécharge >> ad aware mises à jours >> scans et supp ce qu'il trouve

redémarre ton ordi

télécharge dr web >> scan et supp ce qu'il trouve

télécharge : avg antispyware >> mises à jours >> scan et choisi délete pour ce qu'il trouve.

si délete ne marches pas choisis mettre en quarantaine

redémarre ton ordi

télécharge Ccleaner ( coche toutes les lignes )

redémarre ton pc

et pour finir :

télécharge hijackthis que tu enregistre dans ton BUREAU et que tu renomme par test.exe

ouvre le >> do a system scan and a logfile >> au bout de 5 seconde à peut près ton blog note s'ouvre et tu fais copié collé des résultats ici.

ps : >> oublis pas de désactiver ton antivirus entre chaque scans !

>> un seul scans à la fois : sinon risque de confrontations et de problemes

>> redémarre ton pc entre chaque scans !

>> Les liens des logiciels viennent de www.01net.com/telecharger

bon courage

++

453 messages dans la rubrique Virus, troyens, etc...

34 ans.

Le 17-03-2007 à 23:40 #

bonsoir à tous,
je vois une grosse infection vundo!!!!!!!!!!
Tiago fais ce qui suit
fais ce qui suit
Télécharge VundoFix.exe (d'Atribune) sur ton Bureau.
VundoFix
Double clique sur VundoFix.exe pour le lancer.
Clique sur le bouton Scan for Vundo pour démarrer l'analyse.
Quand l'analyse est finie, clique sur le bouton Remove Vundo .
Un message apparaitra pour la suppression des fichiers, clique sur Oui.
ensuite un message pour redémarrer ton Pc s'affichera, clique sur OK.
copie/colle le rapport ( C:\vundofix.txt )
ainsi q'un nouveau log hijackthis
a+

3460 messages dans la rubrique Dépannage Informatique

2250 messages dans la rubrique Virus, troyens, etc...

1311 messages dans la rubrique Hors sujet

1230 messages dans la rubrique Peer to Peer

Le 17-03-2007 à 23:42 #

Salut tiago
Ne fais pas ce que demande thegame, il ne cible pas l'infection, il se contente de te faire passer un max d'utilitaires en espérant arriver à éliminer le troyen.

****

Cette ligne est le signe d'une infection Safety Bar :
O20 - Winlogon Notify: winhab32 - C:\WINDOWS\SYSTEM32\winhab32.dll

Safety Bar est un adware qui s'installe avec :

* Un dialer italien : Dialer.DG/Win32:dialer-520/Win32:dialer-521
* Une infection de type Vundo/Virtumonde : Virtumonde / Msevents / Trojan.vundo qui affiche des popup pour les rogues WinAntivirus Pro, System Doctor etc..

Il est tard, je te mets un lien avec tous les détails d'une très bonne procédure de nettoyage, à suivre à la lettre :

clique ici © malekal

Tu fais le tout , et tu repostes un log Hijackthis.

salut

16 ans.

Le 17-03-2007 à 23:45 #

salut gros sabots

je lui dit de faire ça pour minimiser l'analyse du log hijack et peut etre pouvoir effacer certaines traces d'infections !

15 ans.

Le 18-03-2007 à 00:14 #

Rapport Vundo :

VundoFix V6.3.16

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Scan started at 23:57:52 17/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\alnhcxkj.exe
C:\WINDOWS\system32\apugqyhw.exe
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\bkxgmnic.exe
C:\WINDOWS\system32\bpfmgxlm.ini
C:\WINDOWS\system32\byxvsss.dll
C:\WINDOWS\system32\byxyvvu.dll
C:\WINDOWS\system32\cigiypwv.exe
C:\WINDOWS\system32\cijnhbdi.exe
C:\WINDOWS\system32\cxtujojo.exe
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\dnyjjeex.exe
C:\WINDOWS\system32\doyxgxdl.exe
C:\WINDOWS\system32\dupsooau.exe
C:\WINDOWS\system32\eaijaiya.exe
C:\WINDOWS\system32\eeynsfnm.exe
C:\WINDOWS\system32\efcaabb.dll
C:\WINDOWS\system32\eonnvasn.exe
C:\WINDOWS\system32\ereommoy.exe
C:\WINDOWS\system32\evtsuxlc.exe
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.tmp
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.bak2
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ibjngjrr.exe
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.bak2
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\itnvinmo.exe
C:\WINDOWS\system32\jfkfprfw.dll
C:\WINDOWS\system32\juwucjed.exe
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\knooqusk.exe
C:\WINDOWS\system32\kpcuwrfi.exe
C:\WINDOWS\system32\kxytddih.exe
C:\WINDOWS\system32\lrhsdqcj.exe
C:\WINDOWS\system32\mhupwcss.exe
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mlxgmfpb.dll
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\nbpcrayb.exe
C:\WINDOWS\system32\oadbinqr.exe
C:\WINDOWS\system32\onnvasnj.exe
C:\WINDOWS\system32\oqlmisbe.exe
C:\WINDOWS\system32\peisqklb.exe
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmnkooiv.exe
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnnkh.dll
C:\WINDOWS\system32\pqstv.bak1
C:\WINDOWS\system32\pqstv.bak2
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pvaekhai.exe
C:\WINDOWS\system32\pybrwani.exe
C:\WINDOWS\system32\qasokpcx.exe
C:\WINDOWS\system32\qbadxovf.exe
C:\WINDOWS\system32\qcjeqxeg.exe
C:\WINDOWS\system32\qowdgnjv.exe
C:\WINDOWS\system32\qughgtdt.dll
C:\WINDOWS\system32\rfcdopdc.exe
C:\WINDOWS\system32\rijrdges.exe
C:\WINDOWS\system32\rikhnxbm.exe
C:\WINDOWS\system32\rqrrrop.dll
C:\WINDOWS\system32\rxgsswnj.exe
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\ssqnmki.dll
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\uchlgypm.dll
C:\WINDOWS\system32\uilftiyo.exe
C:\WINDOWS\system32\uqgfxvtd.exe
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uwunjwtc.exe
C:\WINDOWS\system32\varmxoqv.exe
C:\WINDOWS\system32\vbjnawpk.exe
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\walnarau.exe
C:\WINDOWS\system32\wbrdiuor.exe
C:\WINDOWS\system32\wgkexeaw.exe
C:\WINDOWS\system32\winhab32.dll
C:\WINDOWS\system32\wvuutqq.dll
C:\WINDOWS\system32\xrbnlujg.exe
C:\WINDOWS\system32\yqtoocpa.exe
C:\WINDOWS\system32\yrbsaqtl.exe
C:\WINDOWS\system32\yuutuged.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\abadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\alnhcxkj.exe
C:\WINDOWS\system32\alnhcxkj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\apugqyhw.exe
C:\WINDOWS\system32\apugqyhw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bkxgmnic.exe
C:\WINDOWS\system32\bkxgmnic.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\bpfmgxlm.ini
C:\WINDOWS\system32\bpfmgxlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxvsss.dll
C:\WINDOWS\system32\byxvsss.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxyvvu.dll
C:\WINDOWS\system32\byxyvvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cigiypwv.exe
C:\WINDOWS\system32\cigiypwv.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\cijnhbdi.exe
C:\WINDOWS\system32\cijnhbdi.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\cxtujojo.exe
C:\WINDOWS\system32\cxtujojo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\ddaba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dnyjjeex.exe
C:\WINDOWS\system32\dnyjjeex.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\doyxgxdl.exe
C:\WINDOWS\system32\doyxgxdl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\dupsooau.exe
C:\WINDOWS\system32\dupsooau.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\eaijaiya.exe
C:\WINDOWS\system32\eaijaiya.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\eeynsfnm.exe
C:\WINDOWS\system32\eeynsfnm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcaabb.dll
C:\WINDOWS\system32\efcaabb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eonnvasn.exe
C:\WINDOWS\system32\eonnvasn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ereommoy.exe
C:\WINDOWS\system32\ereommoy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\evtsuxlc.exe
C:\WINDOWS\system32\evtsuxlc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fgjlm.tmp
C:\WINDOWS\system32\fgjlm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghkmp.bak2
C:\WINDOWS\system32\ghkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ibjngjrr.exe
C:\WINDOWS\system32\ibjngjrr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkmp.bak2
C:\WINDOWS\system32\ijkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\ijkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\itnvinmo.exe
C:\WINDOWS\system32\itnvinmo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\juwucjed.exe
C:\WINDOWS\system32\juwucjed.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\knooqusk.exe
C:\WINDOWS\system32\knooqusk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\kpcuwrfi.exe
C:\WINDOWS\system32\kpcuwrfi.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\kxytddih.exe
C:\WINDOWS\system32\kxytddih.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lrhsdqcj.exe
C:\WINDOWS\system32\lrhsdqcj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mhupwcss.exe
C:\WINDOWS\system32\mhupwcss.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlxgmfpb.dll
C:\WINDOWS\system32\mlxgmfpb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nbpcrayb.exe
C:\WINDOWS\system32\nbpcrayb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\oadbinqr.exe
C:\WINDOWS\system32\oadbinqr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\onnvasnj.exe
C:\WINDOWS\system32\onnvasnj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqlmisbe.exe
C:\WINDOWS\system32\oqlmisbe.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\peisqklb.exe
C:\WINDOWS\system32\peisqklb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmkji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnkooiv.exe
C:\WINDOWS\system32\pmnkooiv.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\pmnlk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnnkh.dll
C:\WINDOWS\system32\pmnnnkh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqstv.bak1
C:\WINDOWS\system32\pqstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqstv.bak2
C:\WINDOWS\system32\pqstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pvaekhai.exe
C:\WINDOWS\system32\pvaekhai.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pybrwani.exe
C:\WINDOWS\system32\pybrwani.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qasokpcx.exe
C:\WINDOWS\system32\qasokpcx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qbadxovf.exe
C:\WINDOWS\system32\qbadxovf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qcjeqxeg.exe
C:\WINDOWS\system32\qcjeqxeg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qowdgnjv.exe
C:\WINDOWS\system32\qowdgnjv.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rfcdopdc.exe
C:\WINDOWS\system32\rfcdopdc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rijrdges.exe
C:\WINDOWS\system32\rijrdges.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rikhnxbm.exe
C:\WINDOWS\system32\rikhnxbm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrrrop.dll
C:\WINDOWS\system32\rqrrrop.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rxgsswnj.exe
C:\WINDOWS\system32\rxgsswnj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnmki.dll
C:\WINDOWS\system32\ssqnmki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\ssqrs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uchlgypm.dll
C:\WINDOWS\system32\uchlgypm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uilftiyo.exe
C:\WINDOWS\system32\uilftiyo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uqgfxvtd.exe
C:\WINDOWS\system32\uqgfxvtd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\uwunjwtc.exe
C:\WINDOWS\system32\uwunjwtc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\varmxoqv.exe
C:\WINDOWS\system32\varmxoqv.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vbjnawpk.exe
C:\WINDOWS\system32\vbjnawpk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\walnarau.exe
C:\WINDOWS\system32\walnarau.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wbrdiuor.exe
C:\WINDOWS\system32\wbrdiuor.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wgkexeaw.exe
C:\WINDOWS\system32\wgkexeaw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\winhab32.dll
C:\WINDOWS\system32\winhab32.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuutqq.dll
C:\WINDOWS\system32\wvuutqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xrbnlujg.exe
C:\WINDOWS\system32\xrbnlujg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yqtoocpa.exe
C:\WINDOWS\system32\yqtoocpa.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yrbsaqtl.exe
C:\WINDOWS\system32\yrbsaqtl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yuutuged.exe
C:\WINDOWS\system32\yuutuged.exe Has been deleted!

Performing Repairs to the registry.
Done!

et rapport Hijack :

Logfile of HijackThis v1.99.1
Scan saved at 00:16:31, on 18/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Steam\Steam.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29FA8E23-F38C-1808-EA3C-09EAA30ED937} - C:\WINDOWS\system32\xvprhql.dll (file missing)
O2 - BHO: (no name) - {31D512C7-CB23-4F21-9E9F-47C852078D00} - C:\WINDOWS\system32\nlbaevlm.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3D272EA-7E17-4711-A7F8-2B0B148F989B} - C:\WINDOWS\system32\pmnnnkh.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FA7DE12A-3D05-4397-B505-B5F85C977646} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ybmdnpex.dll",setvm
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\svch0.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

12036 messages dans la rubrique Virus, troyens, etc...

316 messages dans la rubrique Dépannage Informatique

Le 18-03-2007 à 09:39 #

relancer hijack
cocher ces lignes puis clic sur : Fixer objet

O2 - BHO: (no name) - {29FA8E23-F38C-1808-EA3C-09EAA30ED937} - C:\WINDOWS\system32\xvprhql.dll (file missing)
O2 - BHO: (no name) - {31D512C7-CB23-4F21-9E9F-47C852078D00} - C:\WINDOWS\system32\nlbaevlm.dll (file missing)
O2 - BHO: (no name) - {A3D272EA-7E17-4711-A7F8-2B0B148F989B} - C:\WINDOWS\system32\pmnnnkh.dll (file missing)
O2 - BHO: (no name) - {FA7DE12A-3D05-4397-B505-B5F85C977646} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ybmdnpex.dll",setvm
O20 - AppInit_DLLs: C:\WINDOWS\system32\svch0.dll
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe

-----------------

supprimer si présent

v6.exe ==> dans C:\WINDOWS\system32
ybmdnpex.dll ==> dans C:\WINDOWS\system32
svch0.dll ==> dans C:\WINDOWS\system32
-----------
faire
Faire
Démarrer==> Exécuter ==> Ecrire: services.msc
Dans le tableau qui s’ouvre chercher : Microsoft security update service (msupdate)
Double-clic dessus==> dans type de démarrage ==>Désactiver ==> en dessous
Arrêter

Dans hijack
= Section outil
= Spprimer un service NT
= coller dans la case ce texte en gras : Microsoft security update service (msupdate)
= ok
si message erreur pas de problème
= redémarrer
------------
refaire un rapport hijack

» Liste des Forums » Virus, troyens, etc...

Sujets Connexes

Arakien & WéWé

Du nouveau ?

Rafraîchir

Forums

Navigation

Connectés

Il y a actuellement 307 visiteurs et 7 toiliens en ligne, ainsi que 10 connectés sur le tchat.

Recherche

Concours

Partenaires

Sauf mention contraire, le contenu du blog et du forum est sous licence Creative Commons By-Sa. Vous avez le droit de le reproduire à condition de citer l'auteur, de faire un lien vers la page d'origine, et de partager vos travaux dérivés selon les mêmes conditions.

Conditions d'utilisation -

Partenaires: [Informatique Multimédia] [Portail du Maroc] [Actualité High Tech]
[Tutoriaux Photoshop] [éligibilité ADSL] [Astuces Windows]

Page générée en 318 millisecondes sur WWW2.

Encore et toujours ces sales pubs ...

Participer! →

Tiago →