[RESOLU] Fix Win 32: message repetitif et attaques successives
Dernière réponse : dans Sécurité
Bonjour,
Voila j'ai un ami qui a un gros probleme est je suis incapable de le resoudre.
C'est pour cela que je demande votre aide.
Avast detecte des attaques successives d'adresses Ip differentes
Un message ce repete a chaque fois (a l'heure ou j'ecris,toutes les 10 sec),
Avec des phrases en anglais parlant de Fixwin32.
Apres plusieurs attaques, il reste un message qui tente d'utiliser IE, mais la page reste non disponible, car je met "hors connexion".
Parfois, je ne peut meme pas utiliser explorer.
J'ai une barre de recherche qui s'affiche dans la barre des taches genre "WLM" mais anglaise.
Le style de Windows change en classique puis revient a la normale plusieurs fois.
Avec Ewido et smitfraudfix, j'ai reussi a supprimer des trojans.
Mais apres redemarrage, il sont toujours presents.
Je vous donne les noms avec les rapports smitfraud et ewido:
Ewido:
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 17:32:37 07/10/2006
+ Scan result:
C:\WINDOWS\system32\efcbcde.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\pmnlmkh.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\config\drpep.exe -> Downloader.Adload.fq : No action taken.
[3064] c:\drsmartload.exe -> Downloader.Adload.gf : No action taken.
:mozilla.14:C:\Documents and Settings\mimi\Application Data\Mozilla\Firefox\Profiles\7ml9orip.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.15:C:\Documents and Settings\mimi\Application Data\Mozilla\Firefox\Profiles\7ml9orip.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
C:\WINDOWS\system32\quveckqv.dll -> Trojan.BHO.g : No action taken.
::Report end
Je vous donne le rapport hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 21:02:07, on 07/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\pctspk.exe
C:\KMaestro\KMaestro.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ecRecvr.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\explorer.exe
D:\Mes Documents\TEST\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {74C3666A-AA94-4855-9D15-F14D5984D242} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7D00738B-6974-4794-98D4-DE79A07ECD81} - C:\WINDOWS\System32\gebcyyy.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger le site avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f010.mail.caramail.lycos.fr/app/uploader/FileUpl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebcyyy - C:\WINDOWS\SYSTEM32\gebcyyy.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows USB Bus Driver - Unknown owner - C:\WINDOWS\ecRecvr.exe
Voila j'ai un ami qui a un gros probleme est je suis incapable de le resoudre.
C'est pour cela que je demande votre aide.
Avast detecte des attaques successives d'adresses Ip differentes
Un message ce repete a chaque fois (a l'heure ou j'ecris,toutes les 10 sec),
Avec des phrases en anglais parlant de Fixwin32.
Apres plusieurs attaques, il reste un message qui tente d'utiliser IE, mais la page reste non disponible, car je met "hors connexion".
Parfois, je ne peut meme pas utiliser explorer.
J'ai une barre de recherche qui s'affiche dans la barre des taches genre "WLM" mais anglaise.
Le style de Windows change en classique puis revient a la normale plusieurs fois.
Avec Ewido et smitfraudfix, j'ai reussi a supprimer des trojans.
Mais apres redemarrage, il sont toujours presents.
Je vous donne les noms avec les rapports smitfraud et ewido:
Ewido:
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 17:32:37 07/10/2006
+ Scan result:
C:\WINDOWS\system32\efcbcde.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\pmnlmkh.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\config\drpep.exe -> Downloader.Adload.fq : No action taken.
[3064] c:\drsmartload.exe -> Downloader.Adload.gf : No action taken.
:mozilla.14:C:\Documents and Settings\mimi\Application Data\Mozilla\Firefox\Profiles\7ml9orip.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.15:C:\Documents and Settings\mimi\Application Data\Mozilla\Firefox\Profiles\7ml9orip.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
C:\WINDOWS\system32\quveckqv.dll -> Trojan.BHO.g : No action taken.
::Report end
Je vous donne le rapport hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 21:02:07, on 07/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\pctspk.exe
C:\KMaestro\KMaestro.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ecRecvr.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\explorer.exe
D:\Mes Documents\TEST\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {74C3666A-AA94-4855-9D15-F14D5984D242} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7D00738B-6974-4794-98D4-DE79A07ECD81} - C:\WINDOWS\System32\gebcyyy.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger le site avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f010.mail.caramail.lycos.fr/app/uploader/FileUpl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebcyyy - C:\WINDOWS\SYSTEM32\gebcyyy.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows USB Bus Driver - Unknown owner - C:\WINDOWS\ecRecvr.exe
Autres pages sur : resolu fix win message repetitif attaques successives
Lassé par la pub ? Créez un compte
Bonjour,
Infection Vundo
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Infection Vundo
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Salut AngelDark et encore merci pour ton soutien.
En ce moment je ne suis pas trop present.
C'est vrai que je ne suis pas trop calé pour ce genre d'infection (meme pour ce qui et de look2me aussi mais bon..![:)]( ":)")
)
Voila les rapports:
---Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 22:27:50, on 07/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\KMaestro\KMaestro.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\nwnmff_e24.exe
C:\dfndrff_e24.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\kybrdff_e24.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ecRecvr.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Mes Documents\TEST\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {74C3666A-AA94-4855-9D15-F14D5984D242} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7D00738B-6974-4794-98D4-DE79A07ECD81} - C:\WINDOWS\System32\awtsron.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O2 - BHO: (no name) - {919E62A9-48B3-48EA-A2AE-578CAD637E91} - C:\WINDOWS\System32\jkkjg.dll (file missing)
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e24.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e24.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger le site avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f010.mail.caramail.lycos.fr/app/uploader/FileUpl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsron - C:\WINDOWS\SYSTEM32\awtsron.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows USB Bus Driver - Unknown owner - C:\WINDOWS\ecRecvr.exe
---Vundo:
VundoFix V6.2.0
Checking Java version...
Java version is 1.5.0.7
Scan started at 20:34:13 07/10/2006
Listing files found while scanning....
C:\WINDOWS\System32\ddcca.dll
C:\WINDOWS\System32\accdd.ini
C:\WINDOWS\System32\accdd.bak1
Beginning removal...
Attempting to delete C:\WINDOWS\System32\ddcca.dll
C:\WINDOWS\System32\ddcca.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\accdd.ini
C:\WINDOWS\System32\accdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\accdd.bak1
C:\WINDOWS\System32\accdd.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.0
Checking Java version...
Java version is 1.5.0.7
Scan started at 21:37:38 07/10/2006
Listing files found while scanning....
VundoFix V6.2.0
Checking Java version...
Java version is 1.5.0.7
Scan started at 22:18:04 07/10/2006
Listing files found while scanning....
C:\WINDOWS\System32\jkkjg.dll
C:\WINDOWS\System32\gjkkj.ini
C:\WINDOWS\System32\gjkkj.bak1
Beginning removal...
Attempting to delete C:\WINDOWS\System32\jkkjg.dll
C:\WINDOWS\System32\jkkjg.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\gjkkj.ini
C:\WINDOWS\System32\gjkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\gjkkj.bak1
C:\WINDOWS\System32\gjkkj.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
A toute!
En ce moment je ne suis pas trop present.
C'est vrai que je ne suis pas trop calé pour ce genre d'infection (meme pour ce qui et de look2me aussi mais bon..
)Voila les rapports:
---Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 22:27:50, on 07/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\KMaestro\KMaestro.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\nwnmff_e24.exe
C:\dfndrff_e24.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\kybrdff_e24.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ecRecvr.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Mes Documents\TEST\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {74C3666A-AA94-4855-9D15-F14D5984D242} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7D00738B-6974-4794-98D4-DE79A07ECD81} - C:\WINDOWS\System32\awtsron.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O2 - BHO: (no name) - {919E62A9-48B3-48EA-A2AE-578CAD637E91} - C:\WINDOWS\System32\jkkjg.dll (file missing)
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e24.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e24.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger le site avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f010.mail.caramail.lycos.fr/app/uploader/FileUpl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsron - C:\WINDOWS\SYSTEM32\awtsron.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows USB Bus Driver - Unknown owner - C:\WINDOWS\ecRecvr.exe
---Vundo:
VundoFix V6.2.0
Checking Java version...
Java version is 1.5.0.7
Scan started at 20:34:13 07/10/2006
Listing files found while scanning....
C:\WINDOWS\System32\ddcca.dll
C:\WINDOWS\System32\accdd.ini
C:\WINDOWS\System32\accdd.bak1
Beginning removal...
Attempting to delete C:\WINDOWS\System32\ddcca.dll
C:\WINDOWS\System32\ddcca.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\accdd.ini
C:\WINDOWS\System32\accdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\accdd.bak1
C:\WINDOWS\System32\accdd.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.0
Checking Java version...
Java version is 1.5.0.7
Scan started at 21:37:38 07/10/2006
Listing files found while scanning....
VundoFix V6.2.0
Checking Java version...
Java version is 1.5.0.7
Scan started at 22:18:04 07/10/2006
Listing files found while scanning....
C:\WINDOWS\System32\jkkjg.dll
C:\WINDOWS\System32\gjkkj.ini
C:\WINDOWS\System32\gjkkj.bak1
Beginning removal...
Attempting to delete C:\WINDOWS\System32\jkkjg.dll
C:\WINDOWS\System32\jkkjg.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\gjkkj.ini
C:\WINDOWS\System32\gjkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\gjkkj.bak1
C:\WINDOWS\System32\gjkkj.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
A toute!
C'est le vers MSN je pense.
Télécharge combofix.exe (par sUBs) sur ton Bureau
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Ok chef,
voila le rapport,
mimi - 06-10-07 22:48:25,21 Service Pack 1
ComboFix 06.09.28 - Running from: "D:\Mes Documents\TEST"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\dfndrff_e24.exe
C:\drsmartload.exe
C:\kybrdff_e24.exe
C:\MTE3NDI6ODoxNgV2.exe
C:\nwnmff_e24.exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UF6P0P8H\dfndrff_e_uit[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q5IH4TMZ\deskbar_e[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q5IH4TMZ\kybrdff_e[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q5IH4TMZ\MTE3NDI6ODoxNg[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UF6P0P8H\MTE3NDI6ODoxNgV2[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q5IH4TMZ\nwnmff_e[1].exe
C:\Program Files\Deskbar
((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 ))))))))))))))))))))))))))))))))))
2006-10-07 22:44 40,973 ---hs---- C:\WINDOWS\system32\tuvwust.dll
2006-10-07 22:31 684,084 ---hs---- C:\WINDOWS\system32\mljgf.dll
2006-10-07 22:31 357,852 ---hs---- C:\WINDOWS\system32\fgjlm.bak1
2006-10-07 22:31 143,380 --a------ C:\WINDOWS\system32\ongxpqgn.exe
2006-10-07 22:29 40,973 ---hs---- C:\WINDOWS\system32\hggecyx.dll
2006-10-07 22:23 9,216 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2006-10-07 22:16 40,973 ---hs---- C:\WINDOWS\system32\yayywtt.dll
2006-10-07 21:56 73,728 --a------ C:\WINDOWS\system32\pv.exe
2006-10-07 21:56 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe
2006-10-07 21:56 175,616 --a------ C:\WINDOWS\system32\strings.exe
2006-10-07 21:56 16,384 --a------ C:\WINDOWS\system32\restart.exe
2006-10-07 21:56 126,976 --a------ C:\WINDOWS\system32\zip.exe
2006-10-07 21:56 11,254 --a------ C:\WINDOWS\system32\locate.com
2006-10-07 21:46 40,973 ---hs---- C:\WINDOWS\system32\awtsron.dll
2006-10-07 21:03 40,973 ---hs---- C:\WINDOWS\system32\qomnmnm.dll
2006-10-07 18:10 40,973 --------- C:\WINDOWS\system32\gebcyyy.dll
2006-10-07 16:34 80,384 -r-hs---- C:\WINDOWS\ecRecvr.exe
2006-09-30 09:19 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-16 15:19 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-07 22:31 -------- d-------- C:\Program Files\VSToolbar
2006-10-07 22:31 -------- d-------- C:\Documents and Settings\mimi\Application Data\SearchToolbarCorp
2006-10-07 14:02 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-07 12:40 -------- d-------- C:\Documents and Settings\mim\Application Data\Notepad++
2006-10-07 11:33 -------- d-------- C:\Documents and Settings\mimi\Application Data\Free Download Manager
2006-10-06 20:40 -------- d-------- C:\Documents and Settings\mimi\Application Data\teamspeak2
2006-10-01 14:51 1080 --a--c--- C:\WINDOWS\AUTOLNCH.REG
2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 17:40 87424 --a--c--- C:\WINDOWS\system32\drivers\aswmon2.sys
2006-09-25 17:40 85952 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys
2006-09-25 17:39 36176 --a--c--- C:\WINDOWS\system32\drivers\aswTdi.sys
2006-09-25 17:39 16352 --a--c--- C:\WINDOWS\system32\drivers\aswRdr.sys
2006-09-25 17:37 24560 --a--c--- C:\WINDOWS\system32\drivers\aavmker4.sys
2006-09-17 01:00 -------- d-------- C:\Program Files\MaxSoftware
2006-09-16 01:40 -------- d-------- C:\Documents and Settings\mimi\Application Data\utorrent
2006-09-03 20:14 130048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-09-03 02:43 -------- d-------- C:\Documents and Settings\mimi\Application Data\Media Player Classic
2006-09-03 02:41 -------- d-------- C:\Documents and Settings\mimi\Application Data\Real
2006-09-03 02:17 -------- d-------- C:\Documents and Settings\mimi\Application Data\vlc
2006-09-03 01:46 -------- d-------- C:\Program Files\Windows Media Player
2006-09-03 00:11 -------- d-------- C:\Documents and Settings\mimi\Application Data\Mozilla
2006-09-02 21:29 -------- d-------- C:\Program Files\Fichiers communs\Real
2006-09-02 21:28 -------- d-------- C:\Program Files\Fichiers communs
2006-08-28 11:41 -------- d---s---- C:\Documents and Settings\mimi\Application Data\Microsoft
2006-08-19 18:18 -------- d-------- C:\Program Files\Google
2006-08-17 20:27 -------- d-------- C:\Program Files\MSN Messenger
2006-08-11 21:32 415309 --a------ C:\WINDOWS\Revolution Script CZ Uninstaller.exe
2006-08-11 17:49 -------- d-------- C:\Program Files\Fichiers communs\Roxio Shared
2006-08-11 17:48 61424 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-08-11 17:48 57344 --a------ C:\WINDOWS\uneng.exe
2006-08-11 17:48 49152 --a------ C:\WINDOWS\system32\cdrtc.dll
2006-08-11 17:48 45056 --a------ C:\WINDOWS\system32\cdral.dll
2006-08-11 17:48 23436 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-08-11 17:48 -------- d-------- C:\Program Files\Fichiers communs\Adaptec Shared
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-13 16:25 99971 --a------ C:\WINDOWS\UninstallFirefox.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe"
"KeyMaestro"="C:\\KMaestro\\KMaestro.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb03.exe"
"avast!"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KeyMaestro]
"RepeatFlag"=dword:00000000
"PowerEnable"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Win32"="msnsrv.exe"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Win32"="msnsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{7D00738B-6974-4794-98D4-DE79A07ECD81}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgf
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwust
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: 07/10/2006 22:51:14.21
ComboFix.txt
voila le rapport,
mimi - 06-10-07 22:48:25,21 Service Pack 1
ComboFix 06.09.28 - Running from: "D:\Mes Documents\TEST"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\dfndrff_e24.exe
C:\drsmartload.exe
C:\kybrdff_e24.exe
C:\MTE3NDI6ODoxNgV2.exe
C:\nwnmff_e24.exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UF6P0P8H\dfndrff_e_uit[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q5IH4TMZ\deskbar_e[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q5IH4TMZ\kybrdff_e[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q5IH4TMZ\MTE3NDI6ODoxNg[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UF6P0P8H\MTE3NDI6ODoxNgV2[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q5IH4TMZ\nwnmff_e[1].exe
C:\Program Files\Deskbar
((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 ))))))))))))))))))))))))))))))))))
2006-10-07 22:44 40,973 ---hs---- C:\WINDOWS\system32\tuvwust.dll
2006-10-07 22:31 684,084 ---hs---- C:\WINDOWS\system32\mljgf.dll
2006-10-07 22:31 357,852 ---hs---- C:\WINDOWS\system32\fgjlm.bak1
2006-10-07 22:31 143,380 --a------ C:\WINDOWS\system32\ongxpqgn.exe
2006-10-07 22:29 40,973 ---hs---- C:\WINDOWS\system32\hggecyx.dll
2006-10-07 22:23 9,216 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2006-10-07 22:16 40,973 ---hs---- C:\WINDOWS\system32\yayywtt.dll
2006-10-07 21:56 73,728 --a------ C:\WINDOWS\system32\pv.exe
2006-10-07 21:56 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe
2006-10-07 21:56 175,616 --a------ C:\WINDOWS\system32\strings.exe
2006-10-07 21:56 16,384 --a------ C:\WINDOWS\system32\restart.exe
2006-10-07 21:56 126,976 --a------ C:\WINDOWS\system32\zip.exe
2006-10-07 21:56 11,254 --a------ C:\WINDOWS\system32\locate.com
2006-10-07 21:46 40,973 ---hs---- C:\WINDOWS\system32\awtsron.dll
2006-10-07 21:03 40,973 ---hs---- C:\WINDOWS\system32\qomnmnm.dll
2006-10-07 18:10 40,973 --------- C:\WINDOWS\system32\gebcyyy.dll
2006-10-07 16:34 80,384 -r-hs---- C:\WINDOWS\ecRecvr.exe
2006-09-30 09:19 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-16 15:19 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-07 22:31 -------- d-------- C:\Program Files\VSToolbar
2006-10-07 22:31 -------- d-------- C:\Documents and Settings\mimi\Application Data\SearchToolbarCorp
2006-10-07 14:02 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-07 12:40 -------- d-------- C:\Documents and Settings\mim\Application Data\Notepad++
2006-10-07 11:33 -------- d-------- C:\Documents and Settings\mimi\Application Data\Free Download Manager
2006-10-06 20:40 -------- d-------- C:\Documents and Settings\mimi\Application Data\teamspeak2
2006-10-01 14:51 1080 --a--c--- C:\WINDOWS\AUTOLNCH.REG
2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 17:40 87424 --a--c--- C:\WINDOWS\system32\drivers\aswmon2.sys
2006-09-25 17:40 85952 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys
2006-09-25 17:39 36176 --a--c--- C:\WINDOWS\system32\drivers\aswTdi.sys
2006-09-25 17:39 16352 --a--c--- C:\WINDOWS\system32\drivers\aswRdr.sys
2006-09-25 17:37 24560 --a--c--- C:\WINDOWS\system32\drivers\aavmker4.sys
2006-09-17 01:00 -------- d-------- C:\Program Files\MaxSoftware
2006-09-16 01:40 -------- d-------- C:\Documents and Settings\mimi\Application Data\utorrent
2006-09-03 20:14 130048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-09-03 02:43 -------- d-------- C:\Documents and Settings\mimi\Application Data\Media Player Classic
2006-09-03 02:41 -------- d-------- C:\Documents and Settings\mimi\Application Data\Real
2006-09-03 02:17 -------- d-------- C:\Documents and Settings\mimi\Application Data\vlc
2006-09-03 01:46 -------- d-------- C:\Program Files\Windows Media Player
2006-09-03 00:11 -------- d-------- C:\Documents and Settings\mimi\Application Data\Mozilla
2006-09-02 21:29 -------- d-------- C:\Program Files\Fichiers communs\Real
2006-09-02 21:28 -------- d-------- C:\Program Files\Fichiers communs
2006-08-28 11:41 -------- d---s---- C:\Documents and Settings\mimi\Application Data\Microsoft
2006-08-19 18:18 -------- d-------- C:\Program Files\Google
2006-08-17 20:27 -------- d-------- C:\Program Files\MSN Messenger
2006-08-11 21:32 415309 --a------ C:\WINDOWS\Revolution Script CZ Uninstaller.exe
2006-08-11 17:49 -------- d-------- C:\Program Files\Fichiers communs\Roxio Shared
2006-08-11 17:48 61424 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-08-11 17:48 57344 --a------ C:\WINDOWS\uneng.exe
2006-08-11 17:48 49152 --a------ C:\WINDOWS\system32\cdrtc.dll
2006-08-11 17:48 45056 --a------ C:\WINDOWS\system32\cdral.dll
2006-08-11 17:48 23436 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-08-11 17:48 -------- d-------- C:\Program Files\Fichiers communs\Adaptec Shared
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-13 16:25 99971 --a------ C:\WINDOWS\UninstallFirefox.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe"
"KeyMaestro"="C:\\KMaestro\\KMaestro.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb03.exe"
"avast!"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KeyMaestro]
"RepeatFlag"=dword:00000000
"PowerEnable"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Win32"="msnsrv.exe"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Win32"="msnsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{7D00738B-6974-4794-98D4-DE79A07ECD81}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgf
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwust
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: 07/10/2006 22:51:14.21
ComboFix.txt
![[:florian37:1]](http://m.bestofmedia.com/sfp/design/usr/fr/smilies/e0/8e/florian37:1.gif "[:florian37:1]")
Salut AngelDark, j'ai reussi a resoudre le probleme (merci tout de meme de ton aide).Effectivement, j'ai reussi a retirer les infections une fois hors ligne; car lorsque je me connecté. Je croyais que j'etait toujours infecté( meme si ces rapports signalent, les derniers que j'ai fait ne le sont plus ). Je subissais des attaques successives. J'avais beau desisnfecté le pc mais celui ce re-infecté apres connection sur le web.
J'ai trouvé la solution au probleme, un ver etai responsable de l'ouverture de certains ports, malgré sa suppression les attaques persister.
Resultat de la course: il suffisait de voir quels etaient les ports ouverts pour eviter la nouvelle infection et de les fermés.
Voila tout!
Lassé par la pub ? Créez un compte
