problemes divers ( virus et demarrage ordi ) (1/3)

Connexion au forum informatique de Sur-la-Toile

La discussion « problemes divers ( virus et demarrage ordi ) » se trouve dans le forum « Virus, troyens, etc... »

	problemes divers ( virus et demarrage ordi )
	» Liste des Forums » Virus, troyens, etc... » Discussion

11 messages dans la rubrique Virus, troyens, etc...

Le 11-07-2007 à 12:28 #

Bonjour à tous,

je me permet d'ecrire afin de trouver reponse a plusieurs problemes
j'spere que vous aurez la gentillesse de me repondre

tout d'abord j'ai un message d'erreur rundll 32 erreur chargement yhrwqinm.dll

ensuit une erreur du navigateur wanadoo au demarrage erreur woobrowser et il ne se connecte pas donc j'utilise internet explorer a la place mais lorsqu'il y a des liens sur internet parfois il se lance et l'erreur se repete ce qui ne me permet pas d'ouvrir certaines pages

enfin j'ai virtumonde et probblement d'autres virus qui persistent malgres avast c cleaner et ewido

voici mon rapport hijack je ne sais pas m'en servir peut pourra t-il nous aider :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:47:37, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rgqinsut.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\julien\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://porttest.emule-project.net/connectiontest.php?tcpport=4662&udpport=4672&lang=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: macc
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3F952A63-F59C-484D-AF82-08ADF56B0EB0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\hggghhf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {862EF27A-DEE4-436C-B68E-EA9650794439} - (no file)
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - (no file)
O2 - BHO: (no name) - {B8C57225-59DE-4286-B2CB-0F44277C4091} - C:\WINDOWS\system32\vturr.dll
O2 - BHO: (no name) - {C9D1DDCC-9450-43F1-94E7-48E3133B2852} - (no file)
O2 - BHO: (no name) - {F0153D18-D1AD-F17C-D8AE-A528912263B9} - (no file)
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [rgqinsut] "C:\WINDOWS\system32\rgqinsut.exe" -c
O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://soft.trustincash.com/loader2.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: hggghhf - C:\WINDOWS\SYSTEM32\hggghhf.dll
O20 - Winlogon Notify: khfdbcb - khfdbcb.dll (file missing)
O20 - Winlogon Notify: rcocm - C:\WINDOWS\security\Database\rcocm.dll (file missing)
O20 - Winlogon Notify: vturr - C:\WINDOWS\system32\vturr.dll
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file)
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vengjdio.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 8873 bytes

merci d'avance

1864 messages dans la rubrique Aide aux devoirs

560 messages dans la rubrique Dépannage Informatique

303 messages dans la rubrique Virus, troyens, etc...

39 ans.

Le 11-07-2007 à 13:48 #

Salut,

en effet, tu as une infection Vundo.

Commence donc par faire toutes les étapes suivantes dans l'ordre. N'oublie rien !!

******************* VUNDOFIX *****************

Télécharger sur le Bureau : VundoFix

= Double-clic VundoFix.exe.
= Clic OK
=Attendre le redemarrage de Vundofix
=Clic Scan for Vundo
= le scan est assez long , à la fin
=Clic Remove Vundo
= Puis yes
= Le Bureau disparaît un moment lors de la suppression des fichiers.
=Message shutdown
=clic OK
=Redémarrage auto
Note : il peut y avoir plusieurs redémarrages
= le rapport se trouve dans C:\vundofix.txt

tu postes le rapport vundofix

******************* VIRTUMONDOBEGONE *****************

Télécharger sur le bureau
VirtumondoBegone

=Double clic sur VirtumundoBeGone.exe
=clic Continue
=clic Start
=clic Oui
=A la fin si Vundo est présent , le PC s’éteint et redémarre

Si Ecran bleu et message : Erreur fatale .. pas de problème

= Poster le rapport VBG.TXT qui est sur le bureau

************************** NAVILOG *************************

Télécharger sur le bureau : navilog1.exe

= Double-Clic navilog1 qui est sur le bureau
= sélectionner F (pour français)
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1 ( = taper 1 )
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

le rapport se trouve dans c: fixnavi.txt

tu postes ce rapport

************************** CLEAN ***************************

Télecharger clean sur le bureau
Dézipper sur le bureau.
= ouvrir le dossier clean
= cliquer sur le symbole roue dentée avec le nom clean
= choisir l'option 1 et laisser clean travailler jusqu'à l'apparition du texte "appuyer sur une touche pour continuer"
= copier et coller le rapport dans la réponse.

************************* HIJACKTHIS ***********************

Tu refais un log hijackthis et tu postes ce rapport

à plus

Ajout du 11-07-2007 à 13:50:

Je demande dans le même temps à déplacer ton fil de discussion dans la rubrique "virus" plutôt que dépannage.

Tu auras plus de chance de voir ton problème se résoudre !!

Le 11-07-2007 à 19:31 #

je vais essayer je te remercie beaucoup scoob1 d'avoir repondu surtout que tu es le seul

Ajout du 11-07-2007 à 19:47:

voila mes rapport :
vundo :
Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 19:31:43 11/07/2007

Listing files found while scanning....

C:\WINDOWS\system32\bcuvliem.dll
C:\windows\system32\byaxmded.ini
C:\windows\system32\dedmxayb.dll
C:\WINDOWS\system32\iohhbrwu.dll
C:\WINDOWS\system32\jxqkxuwu.dll
C:\windows\system32\nnnljjh.dll
C:\windows\system32\vengjdio.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bcuvliem.dll
C:\WINDOWS\system32\bcuvliem.dll Has been deleted!

Attempting to delete C:\windows\system32\byaxmded.ini
C:\windows\system32\byaxmded.ini Has been deleted!

Attempting to delete C:\windows\system32\dedmxayb.dll
C:\windows\system32\dedmxayb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iohhbrwu.dll
C:\WINDOWS\system32\iohhbrwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jxqkxuwu.dll
C:\WINDOWS\system32\jxqkxuwu.dll Has been deleted!

Attempting to delete C:\windows\system32\nnnljjh.dll
C:\windows\system32\nnnljjh.dll Has been deleted!

Attempting to delete C:\windows\system32\vengjdio.exe
C:\windows\system32\vengjdio.exe Has been deleted!

Performing Repairs to the registry.
Done!

J'avais deja fait un virumonde donc il m'a remis le rapport de ce midi
virtumonde :

[07/11/2007, 13:15:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\J864SYG0\VirtumundoBeGone[1].exe" )
[07/11/2007, 13:15:36] - Detected System Information:
[07/11/2007, 13:15:36] - Windows Version: 5.1.2600, Service Pack 2
[07/11/2007, 13:15:36] - Current Username: julien (Admin)
[07/11/2007, 13:15:36] - Windows is in NORMAL mode.
[07/11/2007, 13:15:36] - Searching for Browser Helper Objects:
[07/11/2007, 13:15:36] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/11/2007, 13:15:36] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/11/2007, 13:15:36] - BHO 3: {3F952A63-F59C-484D-AF82-08ADF56B0EB0} ()
[07/11/2007, 13:15:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:36] - No filename found. Continuing.
[07/11/2007, 13:15:36] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/11/2007, 13:15:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:36] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/11/2007, 13:15:36] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/11/2007, 13:15:36] - BHO 5: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[07/11/2007, 13:15:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:36] - Checking for HKLM\...\Winlogon\Notify\hggghhf
[07/11/2007, 13:15:36] - Found: HKLM\...\Winlogon\Notify\hggghhf - This is probably Virtumundo.
[07/11/2007, 13:15:36] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[07/11/2007, 13:15:36] - BHO list has been changed! Starting over...
[07/11/2007, 13:15:36] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/11/2007, 13:15:36] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/11/2007, 13:15:36] - BHO 3: {3F952A63-F59C-484D-AF82-08ADF56B0EB0} ()
[07/11/2007, 13:15:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:36] - No filename found. Continuing.
[07/11/2007, 13:15:36] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/11/2007, 13:15:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:36] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/11/2007, 13:15:36] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/11/2007, 13:15:36] - BHO 5: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object)
[07/11/2007, 13:15:36] - ALERT: Found MSEvents Object!
[07/11/2007, 13:15:36] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/11/2007, 13:15:36] - BHO 7: {862EF27A-DEE4-436C-B68E-EA9650794439} ()
[07/11/2007, 13:15:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:37] - No filename found. Continuing.
[07/11/2007, 13:15:37] - BHO 8: {B07CB267-5E6F-441F-9B3C-324EFE70F897} ()
[07/11/2007, 13:15:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:37] - No filename found. Continuing.
[07/11/2007, 13:15:37] - BHO 9: {B8C57225-59DE-4286-B2CB-0F44277C4091} ()
[07/11/2007, 13:15:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:37] - Checking for HKLM\...\Winlogon\Notify\vturr
[07/11/2007, 13:15:37] - Found: HKLM\...\Winlogon\Notify\vturr - This is probably Virtumundo.
[07/11/2007, 13:15:37] - Assigning {B8C57225-59DE-4286-B2CB-0F44277C4091} MSEvents Object
[07/11/2007, 13:15:37] - BHO list has been changed! Starting over...
[07/11/2007, 13:15:37] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/11/2007, 13:15:37] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/11/2007, 13:15:37] - BHO 3: {3F952A63-F59C-484D-AF82-08ADF56B0EB0} ()
[07/11/2007, 13:15:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:37] - No filename found. Continuing.
[07/11/2007, 13:15:37] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/11/2007, 13:15:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:37] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/11/2007, 13:15:37] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/11/2007, 13:15:37] - BHO 5: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object)
[07/11/2007, 13:15:37] - ALERT: Found MSEvents Object!
[07/11/2007, 13:15:37] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/11/2007, 13:15:37] - BHO 7: {862EF27A-DEE4-436C-B68E-EA9650794439} ()
[07/11/2007, 13:15:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:37] - No filename found. Continuing.
[07/11/2007, 13:15:37] - BHO 8: {B07CB267-5E6F-441F-9B3C-324EFE70F897} ()
[07/11/2007, 13:15:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:37] - No filename found. Continuing.
[07/11/2007, 13:15:37] - BHO 9: {B8C57225-59DE-4286-B2CB-0F44277C4091} (MSEvents Object)
[07/11/2007, 13:15:37] - ALERT: Found MSEvents Object!
[07/11/2007, 13:15:37] - BHO 10: {C9D1DDCC-9450-43F1-94E7-48E3133B2852} ()
[07/11/2007, 13:15:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:37] - No filename found. Continuing.
[07/11/2007, 13:15:37] - BHO 11: {F0153D18-D1AD-F17C-D8AE-A528912263B9} ()
[07/11/2007, 13:15:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:37] - No filename found. Continuing.
[07/11/2007, 13:15:37] - Finished Searching Browser Helper Objects
[07/11/2007, 13:15:37] - *** Detected MSEvents Object
[07/11/2007, 13:15:37] - Trying to remove MSEvents Object...
[07/11/2007, 13:15:38] - Terminating Process: IEXPLORE.EXE
[07/11/2007, 13:15:39] - Terminating Process: RUNDLL32.EXE
[07/11/2007, 13:15:40] - Disabling Automatic Shell Restart
[07/11/2007, 13:15:40] - Terminating Process: EXPLORER.EXE
[07/11/2007, 13:15:40] - Suspending the NT Session Manager System Service
[07/11/2007, 13:15:41] - Terminating Windows NT Logon/Logoff Manager
[07/11/2007, 13:15:41] - Re-enabling Automatic Shell Restart
[07/11/2007, 13:15:41] - File to disable: C:\WINDOWS\system32\hggghhf.dll
[07/11/2007, 13:15:41] - Renaming C:\WINDOWS\system32\hggghhf.dll -> C:\WINDOWS\system32\hggghhf.dll.vir
[07/11/2007, 13:15:42] - File successfully renamed!
[07/11/2007, 13:15:42] - Removing HKLM\...\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[07/11/2007, 13:15:42] - Removing HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[07/11/2007, 13:15:42] - Adding Kill Bit for ActiveX for GUID: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[07/11/2007, 13:15:42] - Deleting ATLEvents/MSEvents Registry entries
[07/11/2007, 13:15:42] - Removing HKLM\...\Winlogon\Notify\hggghhf
[07/11/2007, 13:15:42] - Searching for Browser Helper Objects:
[07/11/2007, 13:15:42] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/11/2007, 13:15:42] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/11/2007, 13:15:42] - BHO 3: {3F952A63-F59C-484D-AF82-08ADF56B0EB0} ()
[07/11/2007, 13:15:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:42] - No filename found. Continuing.
[07/11/2007, 13:15:42] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/11/2007, 13:15:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:42] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/11/2007, 13:15:42] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/11/2007, 13:15:42] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/11/2007, 13:15:42] - BHO 6: {862EF27A-DEE4-436C-B68E-EA9650794439} ()
[07/11/2007, 13:15:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:42] - No filename found. Continuing.
[07/11/2007, 13:15:42] - BHO 7: {B07CB267-5E6F-441F-9B3C-324EFE70F897} ()
[07/11/2007, 13:15:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:42] - No filename found. Continuing.
[07/11/2007, 13:15:42] - BHO 8: {B8C57225-59DE-4286-B2CB-0F44277C4091} (MSEvents Object)
[07/11/2007, 13:15:42] - ALERT: Found MSEvents Object!
[07/11/2007, 13:15:42] - BHO 9: {C9D1DDCC-9450-43F1-94E7-48E3133B2852} ()
[07/11/2007, 13:15:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:42] - No filename found. Continuing.
[07/11/2007, 13:15:42] - BHO 10: {F0153D18-D1AD-F17C-D8AE-A528912263B9} ()
[07/11/2007, 13:15:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:42] - No filename found. Continuing.
[07/11/2007, 13:15:42] - Finished Searching Browser Helper Objects
[07/11/2007, 13:15:42] - *** Detected MSEvents Object
[07/11/2007, 13:15:42] - Trying to remove MSEvents Object...
[07/11/2007, 13:15:43] - Terminating Process: IEXPLORE.EXE
[07/11/2007, 13:15:44] - Terminating Process: RUNDLL32.EXE
[07/11/2007, 13:15:44] - Disabling Automatic Shell Restart
[07/11/2007, 13:15:44] - Terminating Process: EXPLORER.EXE
[07/11/2007, 13:15:44] - Suspending the NT Session Manager System Service
[07/11/2007, 13:15:44] - Terminating Windows NT Logon/Logoff Manager
[07/11/2007, 13:15:45] - Re-enabling Automatic Shell Restart
[07/11/2007, 13:15:45] - File to disable: C:\WINDOWS\system32\vturr.dll
[07/11/2007, 13:15:45] - Renaming C:\WINDOWS\system32\vturr.dll -> C:\WINDOWS\system32\vturr.dll.vir
[07/11/2007, 13:15:45] - File successfully renamed!
[07/11/2007, 13:15:45] - Removing HKLM\...\Browser Helper Objects\{B8C57225-59DE-4286-B2CB-0F44277C4091}
[07/11/2007, 13:15:45] - Removing HKCR\CLSID\{B8C57225-59DE-4286-B2CB-0F44277C4091}
[07/11/2007, 13:15:45] - Adding Kill Bit for ActiveX for GUID: {B8C57225-59DE-4286-B2CB-0F44277C4091}
[07/11/2007, 13:15:45] - Deleting ATLEvents/MSEvents Registry entries
[07/11/2007, 13:15:45] - Removing HKLM\...\Winlogon\Notify\vturr
[07/11/2007, 13:15:45] - Searching for Browser Helper Objects:
[07/11/2007, 13:15:45] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/11/2007, 13:15:45] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/11/2007, 13:15:45] - BHO 3: {3F952A63-F59C-484D-AF82-08ADF56B0EB0} ()
[07/11/2007, 13:15:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:45] - No filename found. Continuing.
[07/11/2007, 13:15:45] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/11/2007, 13:15:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:45] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/11/2007, 13:15:45] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/11/2007, 13:15:45] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/11/2007, 13:15:45] - BHO 6: {862EF27A-DEE4-436C-B68E-EA9650794439} ()
[07/11/2007, 13:15:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:45] - No filename found. Continuing.
[07/11/2007, 13:15:45] - BHO 7: {B07CB267-5E6F-441F-9B3C-324EFE70F897} ()
[07/11/2007, 13:15:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:45] - No filename found. Continuing.
[07/11/2007, 13:15:45] - BHO 8: {C9D1DDCC-9450-43F1-94E7-48E3133B2852} ()
[07/11/2007, 13:15:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:45] - No filename found. Continuing.
[07/11/2007, 13:15:45] - BHO 9: {F0153D18-D1AD-F17C-D8AE-A528912263B9} ()
[07/11/2007, 13:15:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 13:15:45] - No filename found. Continuing.
[07/11/2007, 13:15:45] - Finished Searching Browser Helper Objects
[07/11/2007, 13:15:45] - Finishing up...
[07/11/2007, 13:15:45] - A restart is needed.
[07/11/2007, 13:15:47] - Attempting to Restart via STOP error (Blue Screen!)

[07/11/2007, 19:38:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\julien\Bureau\VirtumundoBeGone.exe" )
[07/11/2007, 19:38:45] - Detected System Information:
[07/11/2007, 19:38:45] - Windows Version: 5.1.2600, Service Pack 2
[07/11/2007, 19:38:45] - Current Username: julien (Admin)
[07/11/2007, 19:38:45] - Windows is in NORMAL mode.
[07/11/2007, 19:38:45] - Searching for Browser Helper Objects:
[07/11/2007, 19:38:45] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/11/2007, 19:38:45] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/11/2007, 19:38:45] - BHO 3: {3F952A63-F59C-484D-AF82-08ADF56B0EB0} ()
[07/11/2007, 19:38:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 19:38:45] - No filename found. Continuing.
[07/11/2007, 19:38:45] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/11/2007, 19:38:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 19:38:45] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/11/2007, 19:38:45] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/11/2007, 19:38:45] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/11/2007, 19:38:45] - BHO 6: {862EF27A-DEE4-436C-B68E-EA9650794439} ()
[07/11/2007, 19:38:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 19:38:45] - No filename found. Continuing.
[07/11/2007, 19:38:45] - BHO 7: {B07CB267-5E6F-441F-9B3C-324EFE70F897} ()
[07/11/2007, 19:38:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 19:38:45] - No filename found. Continuing.
[07/11/2007, 19:38:45] - BHO 8: {C9D1DDCC-9450-43F1-94E7-48E3133B2852} ()
[07/11/2007, 19:38:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 19:38:45] - No filename found. Continuing.
[07/11/2007, 19:38:45] - BHO 9: {F0153D18-D1AD-F17C-D8AE-A528912263B9} ()
[07/11/2007, 19:38:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 19:38:45] - No filename found. Continuing.
[07/11/2007, 19:38:45] - Finished Searching Browser Helper Objects
[07/11/2007, 19:38:45] - Finishing up...
[07/11/2007, 19:38:45] - Nothing found! Exiting...

Rapport navilog :

Search Navipromo version 2.0.5 commencé le 11/07/2007 à 19:40:41,75

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Recherche dossiers dans C:\Documents and Settings\julien\Application Data ***

*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html

Fichier(s) caché(s) dans C:\WINDOWS\system32 :

c:\WINDOWS\system32\xnjpnk.dat
C:\windows\system32\xnjpnk.exe
c:\WINDOWS\system32\xnjpnk_nav.dat
c:\WINDOWS\system32\xnjpnk_navps.dat

Processus caché(s) dans C:\WINDOWS\system32 :

C:\windows\system32\xnjpnk.exe

*** Recherche fichiers ***

C:\WINDOWS\system32\nvs2.inf trouvé !

*** Recherche cles registre ***

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

Recherche Clé Magic Control

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\rrutv.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\rrutv.bak2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
C:\WINDOWS\system32\xnjpnk.dat trouvé !
**
C:\WINDOWS\system32\xnjpnk.dat trouvé !
***
****
C:\WINDOWS\system32\xnjpnk_navps.dat trouvé !
*****
******
*******
********
C:\WINDOWS\system32\shvkhowe.exe trouvé !

3)Recherche Certificats :

*** Analyse Terminé le 11/07/2007 à 19:44:52,50 ***

Rapport clean :

11/07/2007 a 19:46:28,03

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\keyboard*.dat FOUND
C:\WINDOWS\UnGins.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\bdod.bin FOUND
C:\WINDOWS\system32\kr_done1 FOUND
C:\WINDOWS\system32\mcrh.tmp FOUND
C:\WINDOWS\system32\ot.ico FOUND
C:\WINDOWS\system32\perfc000.dat FOUND
"C:\Documents and Settings\julien\Application Data\Dxcdmns.dll" FOUND
"C:\Documents and Settings\julien\Application Data\Dxcknwrd.dll" FOUND
"C:\Documents and Settings\julien\Application Data\Dxcuknwrd.dll" FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !

Rapport hijack :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:48:29, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rgqinsut.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\julien\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://porttest.emule-project.net/connectiontest.php?tcpport=4662&udpport=4672&lang=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: macc
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3F952A63-F59C-484D-AF82-08ADF56B0EB0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {862EF27A-DEE4-436C-B68E-EA9650794439} - (no file)
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - (no file)
O2 - BHO: (no name) - {C9D1DDCC-9450-43F1-94E7-48E3133B2852} - (no file)
O2 - BHO: (no name) - {F0153D18-D1AD-F17C-D8AE-A528912263B9} - (no file)
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [rgqinsut] "C:\WINDOWS\system32\rgqinsut.exe" -c
O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://soft.trustincash.com/loader2.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: khfdbcb - khfdbcb.dll (file missing)
O20 - Winlogon Notify: rcocm - C:\WINDOWS\security\Database\rcocm.dll (file missing)
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file)
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vengjdio.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 8482 bytes

[ Ce message a été modifié par : : thesioux1 le 11-07-2007 19:48 ]

11758 messages dans la rubrique Dépannage Informatique

4174 messages dans la rubrique Virus, troyens, etc...

31 ans.

Le 11-07-2007 à 19:51 #

salut

= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes. Relancer le Pc et tapoter la touche F8, jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel

=lance clean.zip et choisit l'option 2
= Lance navilog1
= Cette fois-ci choisi l'option 2
= Navilog va faire le nettoyage.. patient jusqu'à ce qui soit marqué *** Nettoyage Termine le ..... ***
= Un rapport va être génrer sur ton C:\ qui sera en option 2
Note: le bureau disparaît

= Redémarre en mode normal et colle le contenu du rapport de navilog (qui est en option 2) + le rapport clean.zip option 2

Le 12-07-2007 à 13:12 #

rapport 2 clean :

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 12/07/2007 a 13:02:09,42

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\keyboard*.dat
tentative de suppression de C:\WINDOWS\UnGins.exe

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\bdod.bin
tentative de suppression de C:\WINDOWS\system32\kr_done1
tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
tentative de suppression de C:\WINDOWS\system32\ot.ico
tentative de suppression de C:\WINDOWS\system32\perfc000.dat
Impossible de supprimer C:\WINDOWS\system32\perfc000.dat
tentative de suppression de "C:\Documents and Settings\julien\Application Data\Dxcdmns.dll"
tentative de suppression de "C:\Documents and Settings\julien\Application Data\Dxcknwrd.dll"
tentative de suppression de "C:\Documents and Settings\julien\Application Data\Dxcuknwrd.dll"

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Viewpoint\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

rapport 2 navilog :

Clean Navipromo version 2.0.5 commencé le 12/07/2007 à 13:04:19,28

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight

*** Creation backups fichiers trouvés par Blacklight ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

*** Suppression des fichiers trouvés avec Blacklight ***

c:\WINDOWS\system32\xnjpnk.dat supprimé !
C:\windows\system32\xnjpnk.exe supprimé !
c:\WINDOWS\system32\xnjpnk_nav.dat supprimé !
c:\WINDOWS\system32\xnjpnk_navps.dat supprimé !

** 2ème passage **

C:\WINDOWS\system32\xnjpnk.exe absent !
C:\WINDOWS\system32\xnjpnk.dat absent !
C:\WINDOWS\system32\xnjpnk_nav.dat absent !
C:\WINDOWS\system32\xnjpnk_navps.dat absent !
C:\WINDOWS\system32\xnjpnk_navup.dat absent !
C:\WINDOWS\system32\xnjpnk_navtmp.dat absent !
C:\WINDOWS\system32\xnjpnk_m2s.xml absent !

C:\WINDOWS\prefetch\xnjpnk*.pf trouvé !
Copie C:\WINDOWS\prefetch\xnjpnk*.pf réalise avec succes !
C:\WINDOWS\prefetch\xnjpnk*.pf supprimé !

*** Suppression dossiers dans C:\WINDOWS ***

*** Suppression dossiers dans C:\Program Files ***

*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Suppression dossiers dans C:\Documents and Settings\julien\Application Data ***

*** Suppression fichiers ***

C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\julien\Local Settings\Temp effectué !

*** Sauvegarde du registre vers dossier Backupnavi***

sauvegarde du registre réalise avec succes !

*** Nettoyage registre ***

Nettoyage registre Ok

Merci a tous ceux qui m'aide
Merci lolo

Par contre mes autres problemes enoncés ne sont pas resolus si vous aviez une solution

[ Ce message a été modifié par : : thesioux1 le 12-07-2007 13:15 ]

31 ans.

Le 12-07-2007 à 13:47 #

post un nouveau hijack

A++

Le 12-07-2007 à 19:26 #

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:26:05, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rgqinsut.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\julien\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://porttest.emule-project.net/connectiontest.php?tcpport=4662&udpport=4672&lang=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: macc
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3F952A63-F59C-484D-AF82-08ADF56B0EB0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {862EF27A-DEE4-436C-B68E-EA9650794439} - (no file)
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - (no file)
O2 - BHO: (no name) - {C9D1DDCC-9450-43F1-94E7-48E3133B2852} - (no file)
O2 - BHO: (no name) - {F0153D18-D1AD-F17C-D8AE-A528912263B9} - (no file)
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [rgqinsut] "C:\WINDOWS\system32\rgqinsut.exe" -c
O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://soft.trustincash.com/loader2.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: khfdbcb - khfdbcb.dll (file missing)
O20 - Winlogon Notify: rcocm - C:\WINDOWS\security\Database\rcocm.dll (file missing)
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file)
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vengjdio.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 9006 bytes

excuse pour le temps de reponse mais je travaille lol

31 ans.

Le 12-07-2007 à 19:48 #

relance hijack et fix les lignes

O20 - Winlogon Notify: khfdbcb - khfdbcb.dll (file missing)
O20 - Winlogon Notify: rcocm - C:\WINDOWS\security\Database\rcocm.dll (file missing)
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)

puis repost un nouveau hijack

Le 14-07-2007 à 12:25 #

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:24:45, on 14/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rgqinsut.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\julien\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://porttest.emule-project.net/connectiontest.php?tcpport=4662&udpport=4672&lang=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: macc
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3F952A63-F59C-484D-AF82-08ADF56B0EB0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {862EF27A-DEE4-436C-B68E-EA9650794439} - (no file)
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - (no file)
O2 - BHO: (no name) - {C9D1DDCC-9450-43F1-94E7-48E3133B2852} - (no file)
O2 - BHO: (no name) - {F0153D18-D1AD-F17C-D8AE-A528912263B9} - (no file)
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [rgqinsut] "C:\WINDOWS\system32\rgqinsut.exe" -c
O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://soft.trustincash.com/loader2.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file)
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vengjdio.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 8404 bytes

C fait merci

7394 messages dans la rubrique Virus, troyens, etc...

2354 messages dans la rubrique Dépannage Informatique

288 messages dans la rubrique Hors sujet

16 ans.

Le 14-07-2007 à 12:28 #

Salut.
il reste des infections !

renomme hijack par test.exe et refais un rapport.

» Liste des Forums » Virus, troyens, etc...

Navigation

Connectés

Il y a actuellement 79 visiteurs et 3 toiliens en ligne, ainsi que 4 connectés sur le tchat.

Recherche

Annonces

Partenaires

Sauf mention contraire, le contenu du blog et du forum est sous licence Creative Commons By-Sa. Vous avez le droit de le reproduire à condition de citer l'auteur, de faire un lien vers la page d'origine, et de partager vos travaux dérivés selon les mêmes conditions.

Conditions d'utilisation -

Partenaires: [Informatique Multimédia] [Portail du Maroc] [Actualité High Tech]
[Tutoriaux Photoshop] [éligibilité ADSL] [Astuces Windows]

Page générée en 234 millisecondes sur WWW1.

problemes divers ( virus et demarrage ordi )

Participer! →

thesioux1 →

Le 11-07-2007 à 12:28 #

scoob1 →

Le 11-07-2007 à 13:48 #

thesioux1 →

Le 11-07-2007 à 19:31 #

lolo73 →

Le 11-07-2007 à 19:51 #

thesioux1 →

Le 12-07-2007 à 13:12 #

lolo73 →

Le 12-07-2007 à 13:47 #

thesioux1 →

Le 12-07-2007 à 19:26 #

lolo73 →

Le 12-07-2007 à 19:48 #

thesioux1 →

Le 14-07-2007 à 12:25 #

thegame →

Le 14-07-2007 à 12:28 #

Participer! →

Sujets Connexes

Arakien & WéWé

Du nouveau ?

Forums

Navigation

Publicité

Connectés

Recherche

Annonces

Partenaires