Votre question

[Resolu] Espiogiciel detecté

Tags :
  • Windows genuine advantage
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Octobre 2007 00:33:48

Allo les pros depuis peu j'ai des fenetres qui s'ouvrent quand je navigue sur internet ce sont des fenetres vides appeler Espiogiciel detecté et quelques autres dont je ne me souviens plus trop...<

Voici mon log avec hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:35, on 2007-09-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Keyboard\Ikeymain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\René et Sandra\Bureau\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.canoe.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Logitech\Video\CameraAssistant.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Logitech\Video\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\juxuckgg.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Backyard Hockey 2005 Registration.lnk = ?
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: TONKA« Construction 2 Registration.lnk = F:\Construction2.exe
O4 - Startup: TONKA« Power Tools Registration.lnk = F:\PowerTools.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ckrdicbg.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8530 bytes

J'espère que vous allez pouvoir m'aider merci d'avance.

Autres pages sur : resolu espiogiciel detecta

1 Octobre 2007 11:52:45

Bonjour


Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

Démarre ton PC à nouveau.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt
2 Octobre 2007 00:58:36

ok voici désolé pour le retard :( 

ComboFix 07-10-02.2 - Ren‚ et Sandra 2007-10-01 18:38:35.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.527 [GMT -4:00]
Running from: C:\Documents and Settings\Ren‚ et Sandra\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\Ren‚ et Sandra\err.log
C:\Documents and Settings\Ren‚ et Sandra\ResErrors.log
C:\Documents and Settings\Vincent et Xavier\Bureau\internet.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awlokdnv.dll
C:\WINDOWS\system32\cddkofys.ini
C:\WINDOWS\system32\dcbeg.bak2
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\ddcdbba.dll
C:\WINDOWS\system32\dvwxrahf.ini
C:\WINDOWS\system32\fharxwvd.dll
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\ggkcuxuj.ini
C:\WINDOWS\system32\giwlrqcd.exe
C:\WINDOWS\system32\gvtbfldy.dll
C:\WINDOWS\system32\gynsoqku.exe
C:\WINDOWS\system32\hfysvsqx.ini
C:\WINDOWS\system32\hkonfhhu.dll
C:\WINDOWS\system32\icqbymnr.ini
C:\WINDOWS\system32\illeisvy.exe
C:\WINDOWS\system32\juxuckgg.dll
C:\WINDOWS\system32\kqohtbre.exe
C:\WINDOWS\system32\lkipgawt.ini
C:\WINDOWS\system32\nttqsjij.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\pdfpnpma.exe
C:\WINDOWS\system32\rnmybqci.dll
C:\WINDOWS\system32\smsxghmv.dll
C:\WINDOWS\system32\syfokddc.dll
C:\WINDOWS\system32\tuikukfx.exe
C:\WINDOWS\system32\twagpikl.dll
C:\WINDOWS\system32\uhhfnokh.ini
C:\WINDOWS\system32\vmhgxsms.ini
C:\WINDOWS\system32\xqsvsyfh.dll
C:\WINDOWS\system32\ydlfbtvg.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_ENTDRV51
-------\DomainService
-------\EntDrv51


((((((((((((((((((((((((((((( Fichiers créés 2007-09-02 to 2007-10-02 ))))))))))))))))))))))))))))))))))))
.

2007-10-02 18:39 87,104 --a------ C:\WINDOWS\system32\akhfbmxj.dll
2007-10-01 18:37 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-30 16:49 <REP> d-------- C:\bfu
2007-09-30 16:47 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2007-09-30 15:17 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-30 12:41 <REP> d-------- C:\Program Files\Lavasoft
2007-09-30 12:41 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-09-30 12:40 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-09-30 10:58 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-09-30 10:58 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-09-19 11:51 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-18 18:15 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-17 12:08 102,400 --a------ C:\kara.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-30 13:36 --------- d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-09-23 13:57 --------- d-------- C:\Program Files\MSN Messenger
2007-09-21 16:04 --------- d-------- C:\Program Files\Atari
2007-09-12 14:52 --------- d-------- C:\Program Files\PartyGaming.Net
2007-09-03 18:26 --------- d-------- C:\Program Files\Google
2007-08-19 10:01 --------- d-------- C:\Program Files\Enigma Software Group
2007-08-16 16:27 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-08-16 16:26 --------- d-------- C:\Program Files\LimeWire Acceleration Patch
2007-08-16 16:26 --------- d-------- C:\Program Files\LimeWire
2007-08-15 18:17 --------- d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2007-08-15 17:13 --------- d-------- C:\Program Files\arca
2007-08-04 08:24 --------- d-------- C:\Program Files\PuppyLuv_at
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2003-08-27 15:19 36963 -ra------ C:\Program Files\Fichiers communs\SM1updtr.dll
1999-04-06 09:27 99840 --a------ C:\Program Files\Fichiers communs\IRAABOUT.DLL
1998-12-08 23:53 70144 --a------ C:\Program Files\Fichiers communs\IRAMDMTR.DLL
1998-12-08 23:53 48640 --a------ C:\Program Files\Fichiers communs\IRALPTTR.DLL
1998-12-08 23:53 31744 --a------ C:\Program Files\Fichiers communs\IRAWEBTR.DLL
1998-12-08 23:53 186368 --a------ C:\Program Files\Fichiers communs\IRAREG.DLL
1998-12-08 23:53 17920 --a------ C:\Program Files\Fichiers communs\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B18AAE3-09E5-44D2-9316-75702E55F6DF}]
C:\WINDOWS\system32\awtqo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-19 22:40]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 09:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-05-03 06:21 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-05-17 05:29 C:\WINDOWS\ALCWZRD.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 11:26]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 11:33]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"iKeyWorks"="C:\PROGRA~1\Keyboard\Ikeymain.exe" [2002-11-22 18:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 19:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-19 19:10 C:\WINDOWS\system32\rundll32.exe]
"SearchIndexer"="C:\WINDOWS\system32\akhfbmxj.dll" [2007-10-02 18:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlijg]
nnnlijg.dll

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
S3 gsplittm;gsplittm;\??\C:\DOCUME~1\RENETS~1\LOCALS~1\Temp\gsplittm.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-22 22:06:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 18:48:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-02 18:50:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-02 18:50
.
--- E O F ---
Hijackthis rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:41, on 2007-10-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Keyboard\Ikeymain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\René et Sandra\Bureau\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.canoe.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8B18AAE3-09E5-44D2-9316-75702E55F6DF} - C:\WINDOWS\system32\awtqo.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Logitech\Video\CameraAssistant.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Logitech\Video\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\akhfbmxj.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Backyard Hockey 2005 Registration.lnk = ?
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: TONKA« Construction 2 Registration.lnk = F:\Construction2.exe
O4 - Startup: TONKA« Power Tools Registration.lnk = F:\PowerTools.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: nnnlijg - nnnlijg.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9014 bytes

vundofix logfile


VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 20:38:21 2007-08-17

Listing files found while scanning....

C:\windows\system32\awtqo.dll
C:\WINDOWS\system32\ddcdbba.dll
C:\WINDOWS\system32\ekqxgmmg.ini
C:\WINDOWS\system32\gmmgxqke.dll
C:\WINDOWS\system32\imgtcsci.dll
C:\WINDOWS\system32\lomosveg.dll
C:\windows\system32\oqtwa.bak1
C:\windows\system32\oqtwa.bak2
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini2
C:\windows\system32\oqtwa.tmp
C:\WINDOWS\system32\uhxtyjrq.dll
C:\WINDOWS\system32\uwphtesy.dll

Beginning removal...

Attempting to delete C:\windows\system32\awtqo.dll
C:\windows\system32\awtqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdbba.dll
C:\WINDOWS\system32\ddcdbba.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ekqxgmmg.ini
C:\WINDOWS\system32\ekqxgmmg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gmmgxqke.dll
C:\WINDOWS\system32\gmmgxqke.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\imgtcsci.dll
C:\WINDOWS\system32\imgtcsci.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lomosveg.dll
C:\WINDOWS\system32\lomosveg.dll Has been deleted!

Attempting to delete C:\windows\system32\oqtwa.bak1
C:\windows\system32\oqtwa.bak1 Has been deleted!

Attempting to delete C:\windows\system32\oqtwa.bak2
C:\windows\system32\oqtwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\oqtwa.ini2 Has been deleted!

Attempting to delete C:\windows\system32\oqtwa.tmp
C:\windows\system32\oqtwa.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\uhxtyjrq.dll
C:\WINDOWS\system32\uhxtyjrq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 17:58:16 2007-10-01

Listing files found while scanning....

C:\windows\system32\byxuvsp.dll
C:\windows\system32\dcbeg.bak1
C:\windows\system32\dcbeg.bak2
C:\windows\system32\dcbeg.ini
C:\windows\system32\dcbeg.ini2
C:\windows\system32\dcbeg.tmp
C:\windows\system32\ddcabxu.dll
C:\windows\system32\efcaayw.dll
C:\windows\system32\gebcd.dll
C:\windows\system32\iifgedc.dll
C:\WINDOWS\system32\juxuckgg.dll
C:\windows\system32\mljkhgf.dll
C:\windows\system32\mljkijj.dll
C:\WINDOWS\system32\objeuxyv.dll
C:\windows\system32\rqrsrqn.dll
C:\windows\system32\tuvwwvw.dll
C:\WINDOWS\system32\urqpono.dll
C:\windows\system32\xxyvsrs.dll

Beginning removal...

Attempting to delete C:\windows\system32\byxuvsp.dll
C:\windows\system32\byxuvsp.dll Has been deleted!

Attempting to delete C:\windows\system32\dcbeg.bak1
C:\windows\system32\dcbeg.bak1 Has been deleted!

Attempting to delete C:\windows\system32\dcbeg.bak2
C:\windows\system32\dcbeg.bak2 Has been deleted!

Attempting to delete C:\windows\system32\dcbeg.ini
C:\windows\system32\dcbeg.ini Has been deleted!

Attempting to delete C:\windows\system32\dcbeg.ini2
C:\windows\system32\dcbeg.ini2 Has been deleted!

Attempting to delete C:\windows\system32\dcbeg.tmp
C:\windows\system32\dcbeg.tmp Has been deleted!

Attempting to delete C:\windows\system32\ddcabxu.dll
C:\windows\system32\ddcabxu.dll Has been deleted!

Attempting to delete C:\windows\system32\efcaayw.dll
C:\windows\system32\efcaayw.dll Has been deleted!

Attempting to delete C:\windows\system32\gebcd.dll
C:\windows\system32\gebcd.dll Could not be deleted.

Attempting to delete C:\windows\system32\iifgedc.dll
C:\windows\system32\iifgedc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\juxuckgg.dll
C:\WINDOWS\system32\juxuckgg.dll Could not be deleted.

Attempting to delete C:\windows\system32\mljkhgf.dll
C:\windows\system32\mljkhgf.dll Has been deleted!

Attempting to delete C:\windows\system32\mljkijj.dll
C:\windows\system32\mljkijj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\objeuxyv.dll
C:\WINDOWS\system32\objeuxyv.dll Has been deleted!

Attempting to delete C:\windows\system32\rqrsrqn.dll
C:\windows\system32\rqrsrqn.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvwwvw.dll
C:\windows\system32\tuvwwvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqpono.dll
C:\WINDOWS\system32\urqpono.dll Could not be deleted.

Attempting to delete C:\windows\system32\xxyvsrs.dll
C:\windows\system32\xxyvsrs.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 18:04:26 2007-10-01

Listing files found while scanning....

C:\windows\system32\dcbeg.ini
C:\windows\system32\dcbeg.ini2
C:\windows\system32\gebcd.dll
C:\WINDOWS\system32\urqpono.dll

Beginning removal...

Attempting to delete C:\windows\system32\dcbeg.ini
C:\windows\system32\dcbeg.ini Has been deleted!

Attempting to delete C:\windows\system32\dcbeg.ini2
C:\windows\system32\dcbeg.ini2 Has been deleted!

Attempting to delete C:\windows\system32\gebcd.dll
C:\windows\system32\gebcd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\urqpono.dll
C:\WINDOWS\system32\urqpono.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 18:08:48 2007-10-01

Listing files found while scanning....

C:\windows\system32\dcbeg.ini
C:\windows\system32\gebcd.dll
C:\WINDOWS\system32\urqpono.dll

Beginning removal...

Attempting to delete C:\windows\system32\dcbeg.ini
C:\windows\system32\dcbeg.ini Has been deleted!

Attempting to delete C:\windows\system32\gebcd.dll
C:\windows\system32\gebcd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\urqpono.dll
C:\WINDOWS\system32\urqpono.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 18:13:34 2007-10-01

Listing files found while scanning....

C:\windows\system32\dcbeg.ini
C:\windows\system32\gebcd.dll
C:\WINDOWS\system32\urqpono.dll

Beginning removal...

Attempting to delete C:\windows\system32\dcbeg.ini
C:\windows\system32\dcbeg.ini Has been deleted!

Attempting to delete C:\windows\system32\gebcd.dll
C:\windows\system32\gebcd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\urqpono.dll
C:\WINDOWS\system32\urqpono.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 18:21:13 2007-10-01

Listing files found while scanning....

C:\windows\system32\dcbeg.ini
C:\windows\system32\gebcd.dll
C:\WINDOWS\system32\urqpono.dll

Beginning removal...

Attempting to delete C:\windows\system32\dcbeg.ini
C:\windows\system32\dcbeg.ini Has been deleted!

Attempting to delete C:\windows\system32\gebcd.dll
C:\windows\system32\gebcd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\urqpono.dll
C:\WINDOWS\system32\urqpono.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 18:25:18 2007-10-01

Listing files found while scanning....

C:\windows\system32\dcbeg.ini
C:\windows\system32\gebcd.dll
C:\windows\system32\urqpono.dll

Beginning removal...

Attempting to delete C:\windows\system32\dcbeg.ini
C:\windows\system32\dcbeg.ini Has been deleted!

Attempting to delete C:\windows\system32\gebcd.dll
C:\windows\system32\gebcd.dll Could not be deleted.

Attempting to delete C:\windows\system32\urqpono.dll
C:\windows\system32\urqpono.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 18:29:17 2007-10-01

Listing files found while scanning....

C:\windows\system32\dcbeg.ini
C:\windows\system32\gebcd.dll

Beginning removal...

Attempting to delete C:\windows\system32\dcbeg.ini
C:\windows\system32\dcbeg.ini Has been deleted!

Attempting to delete C:\windows\system32\gebcd.dll
C:\windows\system32\gebcd.dll Could not be deleted.

Performing Repairs to the registry.
Done!
Contenus similaires
2 Octobre 2007 22:44:24

Bonjour

Encore quelques corrections.

Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\akhfbmxj.dll
C:\WINDOWS\system32\nnnlijg.dll
C:\WINDOWS\system32\awtqo.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B18AAE3-09E5-44D2-9316-75702E55F6DF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchIndexer"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlijg]


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
2 Octobre 2007 23:59:54

J'ai plus de problème et mon internet est redevenu super rapide merci beaucoup
3 Octobre 2007 00:01:08

De rien, mais poste les rapports, ce n'est pas complètement fini.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS