Tom's Guide > Forum > Sécurité - Virus > PC infecté par Vundo - Besoin d'aide SVP

PC infecté par Vundo - Besoin d'aide SVP

Forum Sécurité - Virus : PC infecté par Vundo - Besoin d'aide SVP

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
Marie30410   10-10-2007 à 14:34:46

Bonjour,

Mon PC est infecté par Vundo et je n'arrive pas à éliminer un récalcitrant.
DLL ---> yayvtts.dll

J'ai essayé Spybot,Vindofix, VirtumundoBeGone, les scans en ligne,AvgAS, CCleaner, ... mode normal et sans echec et le récalcitrant est toujours là !!!!
A noter que je ne trouve pas yayvtts.dll dans system32
L'un de vous aurait-il l'amabilité de m'aider SVP.

Voici mon Log avec Hijak

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59:32, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Desktop Architect\datray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Magic Mail Monitor\Magic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {4B9ECF81-666D-4B07-A71C-CEDCBD50B4F4} - C:\WINDOWS\system32\yayvtts.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Install5G] D:\Install.exe /SI=40
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Raccourci vers Magic.lnk = C:\Program Files\Magic Mail Monitor\Magic.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Translate Page - http://www.geocities.com/mockba80/translate1.0.txt
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/ [...] cfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yayvtts - C:\WINDOWS\SYSTEM32\yayvtts.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
End of file - 8995 bytes


Merci pour votre aide

Configuration: Windows XP
Firefox 2.0.0.7

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Angeldark   10-10-2007 à 14:40:40
- 0 +

Bonjour,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.


NOTE : Le rapport se trouve également ici : C:\Combofix.txt

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Marie30410   10-10-2007 à 15:16:46
- 0 +


Merci Angeldark ... Voici le rapport avec Combofix.exe

ComboFix 07-10-10.1 - marie 2007-10-10 14:57:49.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.90 [GMT 2:00]
Running from: C:\Documents and Settings\marie.SHANIE\Mes documents\Mes t‚l‚chargements\Virus\ComboFix\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mljgd.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-10 to 2007-10-10 ))))))))))))))))))))))))))))))))))))
.

2007-10-10 12:22 102,400 --a------ C:\WINDOWS\system32\drvceb.dll
2007-10-10 12:22 32,768 --a------ C:\WINDOWS\system32\yayvtts.dll
2007-10-10 12:20 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 11:26 <REP> d-------- C:\Program Files\Trend Micro
2007-10-10 09:12 <REP> d-------- C:\Documents and Settings\marie.SHANIE\Application Data\Uniblue
2007-10-10 08:57 102,400 --a------ C:\WINDOWS\system32\drvnaf.dll
2007-10-10 08:57 32,768 --a------ C:\WINDOWS\system32\urqnlml.dll
2007-10-10 02:35 <REP> d----c--- C:\VundoFix Backups
2007-10-10 00:11 32,768 --a------ C:\WINDOWS\system32\fccywvs.dll.vir
2007-10-09 20:44 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 18:25 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-09 17:00 <REP> d-------- C:\WINDOWS\system32\NtmsData
2007-10-08 19:03 <REP> d-------- C:\WINDOWS\avxoscan
2007-10-07 20:10 35,840 --a------ C:\WINDOWS\system32\efccbbc.dll.vir
2007-10-06 22:09 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-10-06 14:03 <REP> d-------- C:\Program Files\iTunes
2007-10-06 14:03 <REP> d-------- C:\Program Files\iPod
2007-09-30 19:53 <REP> d-------- C:\Program Files\Alien Skin
2007-09-28 23:46 <REP> d-------- C:\Program Files\CCleaner
2007-09-23 21:40 <REP> d-------- C:\Program Files\ToniArts
2007-09-23 20:43 <REP> d-------- C:\Documents and Settings\marie.SHANIE\Application Data\DivX
2007-09-23 13:24 <REP> d-------- C:\Program Files\DivX
2007-09-21 18:11 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
2007-09-21 18:10 <REP> d-------- C:\Program Files\Creative
2007-09-21 18:10 6,752 --a------ C:\WINDOWS\system32\PfModNT.sys
2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 20:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 20:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-09-12 01:14 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 08:54 --------- d-----w C:\Program Files\Magic Mail Monitor
2007-10-10 08:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-10-09 23:52 --------- d-----w C:\Documents and Settings\marie.SHANIE\Application Data\Skype
2007-10-06 20:09 --------- d-----w C:\Program Files\Skype
2007-10-06 20:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2007-10-06 11:42 --------- d-----w C:\Program Files\Apple Software Update
2007-10-04 11:08 --------- d-----w C:\Documents and Settings\marie.SHANIE\Application Data\Alien Skin
2007-09-23 19:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-17 09:23 --------- d-----w C:\Program Files\Jigs@w Platinum
2007-09-05 16:25 --------- d-----w C:\Documents and Settings\marie.SHANIE\Application Data\KompoZer
2007-09-02 22:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-16 12:18 --------- d-----w C:\Documents and Settings\marie.SHANIE\Application Data\Apple Computer
2007-08-15 22:33 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-08-15 22:33 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-08-15 13:18 --------- d-----w C:\Program Files\MSXML 6.0
2007-08-15 13:13 --------- d-----w C:\Program Files\BoontyGames
2007-08-15 12:10 12,464 ----a-w C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2007-08-15 12:10 --------- d-----w C:\Program Files\Mes Jeux Téléchargés
2007-08-15 12:10 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2007-08-15 12:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Macrovision
2007-08-15 12:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY
2007-08-14 22:14 --------- d-----w C:\Documents and Settings\marie.SHANIE\Application Data\GanymedeNet
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-26 16:35 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
2007-07-26 16:35 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
2007-05-18 18:11 449 ----a-w C:\Program Files\DSEditeurHTML.ini
2007-05-18 18:03 8,857 ----a-w C:\Program Files\ST6UNST.LOG
2007-03-20 15:22 3,190,784 ----a-w C:\Program Files\DS-EditeurHTML.exe
2007-03-20 15:21 71,934 ----a-w C:\Program Files\DS-editeurHTML.htm
2007-03-20 15:21 2,043,065 ----a-w C:\Program Files\DSEDITEURHTML.HLP
2007-03-20 15:21 1,561 ----a-w C:\Program Files\FILE_ID.DIZ
2007-03-20 15:20 581 ----a-w C:\Program Files\DSEditeurHTML.cnt
2007-03-20 15:20 1,497 ----a-w C:\Program Files\LOGICIEL.TXT
2007-01-30 13:29 159,744 ----a-w C:\Program Files\Assist_Bouton_Banniere.exe
2007-01-27 06:03 323,584 ----a-w C:\Program Files\EditeurPHP.exe
2007-01-26 06:07 316 ----a-w C:\Program Files\AUTEUR.TXT
2007-01-16 13:54 48,640 ----a-w C:\Program Files\dhtmled.oca
2006-12-20 06:20 61,440 ----a-w C:\Program Files\ieframe.oca
2006-09-19 16:26 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-04-13 09:13 1,358,848 ----a-w C:\Program Files\mshtml.oca
2005-10-30 07:01 45,056 ----a-w C:\Program Files\Assist_HTML_TXT.exe
2005-03-27 08:03 49,152 ----a-w C:\Program Files\Assist_Calend.exe
2005-02-23 07:34 831,488 ----a-w C:\Program Files\Assist_Java.exe
2005-02-22 16:08 241,664 ----a-w C:\Program Files\Assist_AlbumPhotos.exe
2005-01-29 06:35 102,400 ----a-w C:\Program Files\Assist_Image.exe
2004-11-14 06:52 397,312 ----a-w C:\Program Files\Assist_PageCadre.exe
2004-11-13 06:55 73,728 ----a-w C:\Program Files\Assist_OptCode.exe
2004-11-13 06:52 69,632 ----a-w C:\Program Files\Assist_HTML2EXE.exe
2004-11-13 06:49 344,064 ----a-w C:\Program Files\Assist_Banniere.exe
2004-11-13 06:47 102,400 ----a-w C:\Program Files\Assist_Txt3DTexture.exe
2004-11-13 06:45 40,960 ----a-w C:\Program Files\Assist_Convert.exe
2004-11-08 08:19 315,392 ----a-w C:\Program Files\Assist_Texte3D.exe
2004-11-02 11:45 228 ----a-w C:\Program Files\defaut.dsh
2004-06-24 08:41 61,440 ----a-w C:\Program Files\HTMLEXE.dat
2004-03-06 07:15 81,920 ----a-w C:\Program Files\Assist_URL.exe
2004-03-01 15:35 108,652 ----a-w C:\Program Files\ExemplesScripts.zip
2003-09-22 07:45 45,056 ----a-w C:\Program Files\Assist_Format.exe
2003-08-31 07:27 94,208 ----a-w C:\Program Files\Assist_Tableau.exe
2003-08-11 13:30 34,463 ----a-w C:\Program Files\MusiqueScript.zip
2003-08-05 15:40 120,665 ----a-w C:\Program Files\Textures.zip
2003-06-22 07:11 634 ----a-w C:\Program Files\ExempleMenu.mnu
2002-09-16 07:47 101,002 ----a-w C:\Program Files\INDEXHTML.HLP
2002-09-16 07:37 428 ----a-w C:\Program Files\IndexHTML.cnt
2002-09-04 11:19 277,480 ----a-w C:\Program Files\HTML4.zip
2002-08-16 04:37 3,397 ----a-w C:\Program Files\ExCadre.zip
2002-08-12 12:37 259 ----a-w C:\Program Files\StyleCSS.css
2000-10-11 11:11 121,562 ----a-w C:\Program Files\PicFormat32.dll
2000-05-17 06:52 187,392 ----a-w C:\Program Files\JPGUtils.dll
1999-07-31 13:31 5,372 ----a-w C:\Program Files\sinedots.txt
1999-07-31 13:28 45,056 ----a-w C:\Program Files\sinedots.8bf
1999-07-15 18:37 24,576 ----a-w C:\Program Files\AssignPath.exe
1999-07-13 23:44 861 ----a-w C:\Program Files\sinedots.cfg
2006-10-23 11:25:51 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2006-10-12 09:17:09 56 --sh--r C:\WINDOWS\system32\932ABB3B60.sys
2006-10-12 09:17:09 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B9ECF81-666D-4B07-A71C-CEDCBD50B4F4}]
2007-10-10 12:22 32768 --a------ C:\WINDOWS\system32\yayvtts.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-10-17 04:31]
"nwiz"="nwiz.exe" [2005-10-17 04:31 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-10-17 04:31]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 14:12 C:\WINDOWS\soundman.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-22 09:00]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-30 13:20]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11]
"zzzHPSETUP"="D:\Setup.exe" []
"Install5G"="D:\Install.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Architect"="C:\Program Files\Desktop Architect\datray.exe" [2000-06-11 21:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4B9ECF81-666D-4B07-A71C-CEDCBD50B4F4}"= C:\WINDOWS\system32\yayvtts.dll [2007-10-10 12:22 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvtts]
yayvtts.dll 2007-10-10 12:22 32768 C:\WINDOWS\system32\yayvtts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

R3 phil2vid;Appareil photo VGA USB Philips PCVC690;C:\WINDOWS\system32\DRIVERS\philcam2.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);C:\WINDOWS\system32\drivers\e10kx2k.sys
S3 hcdriver;EHCI;C:\WINDOWS\system32\Drivers\hcdriver.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-06 11:43:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-10 13:10:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-10 12:20:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 15:08:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 15:12:56 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-10 12:38
.
--- E O F ---

Répondre à Marie30410
Angeldark   10-10-2007 à 15:28:32
- 0 +

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\drvceb.dll
C:\WINDOWS\system32\yayvtts.dll
C:\WINDOWS\system32\drvnaf.dll
C:\WINDOWS\system32\urqnlml.dll
C:\WINDOWS\system32\fccywvs.dll.vir
C:\WINDOWS\system32\efccbbc.dll.vir

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B9ECF81-666D-4B07-A71C-CEDCBD50B4F4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4B9ECF81-666D-4B07-A71C-CEDCBD50B4F4}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvtts]



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Marie30410   10-10-2007 à 15:55:37
- 0 +


Merci pour ta réponse.
J'ai procédé comme demandé et voici les deux rapports. Il y a eu redémarrage.

Rapport Combofix.

ComboFix 07-10-10.1 - marie 2007-10-10 15:34:12.3 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.115 [GMT 2:00]
Running from: C:\Documents and Settings\marie.SHANIE\Mes documents\Mes t‚l‚chargements\Virus\ComboFix\ComboFix.exe
Command switches used :: C:\Documents and Settings\marie.SHANIE\Mes documents\Mes t‚l‚chargements\Virus\ComboFix\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\drvceb.dll
C:\WINDOWS\system32\drvnaf.dll
C:\WINDOWS\system32\efccbbc.dll.vir
C:\WINDOWS\system32\fccywvs.dll.vir
C:\WINDOWS\system32\urqnlml.dll
C:\WINDOWS\system32\yayvtts.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drvceb.dll
C:\WINDOWS\system32\drvnaf.dll
C:\WINDOWS\system32\efccbbc.dll.vir
C:\WINDOWS\system32\fccywvs.dll.vir
C:\WINDOWS\system32\urqnlml.dll
C:\WINDOWS\system32\yayvtts.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-10 to 2007-10-10 ))))))))))))))))))))))))))))))))))))
.

2007-10-10 12:20 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 11:26 <REP> d-------- C:\Program Files\Trend Micro
2007-10-10 09:12 <REP> d-------- C:\Documents and Settings\marie.SHANIE\Application Data\Uniblue
2007-10-10 02:35 <REP> d----c--- C:\VundoFix Backups
2007-10-09 20:44 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 18:25 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-09 17:00 <REP> d-------- C:\WINDOWS\system32\NtmsData
2007-10-08 19:03 <REP> d-------- C:\WINDOWS\avxoscan
2007-10-06 22:09 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-10-06 14:03 <REP> d-------- C:\Program Files\iTunes
2007-10-06 14:03 <REP> d-------- C:\Program Files\iPod
2007-09-30 19:53 <REP> d-------- C:\Program Files\Alien Skin
2007-09-28 23:46 <REP> d-------- C:\Program Files\CCleaner
2007-09-23 21:40 <REP> d-------- C:\Program Files\ToniArts
2007-09-23 20:43 <REP> d-------- C:\Documents and Settings\marie.SHANIE\Application Data\DivX
2007-09-23 13:24 <REP> d-------- C:\Program Files\DivX
2007-09-21 18:11 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
2007-09-21 18:10 <REP> d-------- C:\Program Files\Creative
2007-09-21 18:10 6,752 --a------ C:\WINDOWS\system32\PfModNT.sys
2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 20:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 20:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-09-12 01:14 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 08:54 --------- d-----w C:\Program Files\Magic Mail Monitor
2007-10-10 08:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-10-09 23:52 --------- d-----w C:\Documents and Settings\marie.SHANIE\Application Data\Skype
2007-10-06 20:09 --------- d-----w C:\Program Files\Skype
2007-10-06 20:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2007-10-06 11:42 --------- d-----w C:\Program Files\Apple Software Update
2007-10-04 11:08 --------- d-----w C:\Documents and Settings\marie.SHANIE\Application Data\Alien Skin
2007-09-23 19:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-17 09:23 --------- d-----w C:\Program Files\Jigs@w Platinum
2007-09-05 16:25 --------- d-----w C:\Documents and Settings\marie.SHANIE\Application Data\KompoZer
2007-09-02 22:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-08-16 12:18 --------- d-----w C:\Documents and Settings\marie.SHANIE\Application Data\Apple Computer
2007-08-15 22:33 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-08-15 22:33 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-08-15 22:33 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-08-15 13:18 --------- d-----w C:\Program Files\MSXML 6.0
2007-08-15 13:13 --------- d-----w C:\Program Files\BoontyGames
2007-08-15 12:10 12,464 ----a-w C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2007-08-15 12:10 --------- d-----w C:\Program Files\Mes Jeux Téléchargés
2007-08-15 12:10 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2007-08-15 12:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Macrovision
2007-08-15 12:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY
2007-08-14 22:14 --------- d-----w C:\Documents and Settings\marie.SHANIE\Application Data\GanymedeNet
2007-05-18 18:11 449 ----a-w C:\Program Files\DSEditeurHTML.ini
2007-05-18 18:03 8,857 ----a-w C:\Program Files\ST6UNST.LOG
2007-03-20 15:22 3,190,784 ----a-w C:\Program Files\DS-EditeurHTML.exe
2007-03-20 15:21 71,934 ----a-w C:\Program Files\DS-editeurHTML.htm
2007-03-20 15:21 2,043,065 ----a-w C:\Program Files\DSEDITEURHTML.HLP
2007-03-20 15:21 1,561 ----a-w C:\Program Files\FILE_ID.DIZ
2007-03-20 15:20 581 ----a-w C:\Program Files\DSEditeurHTML.cnt
2007-03-20 15:20 1,497 ----a-w C:\Program Files\LOGICIEL.TXT
2007-01-30 13:29 159,744 ----a-w C:\Program Files\Assist_Bouton_Banniere.exe
2007-01-27 06:03 323,584 ----a-w C:\Program Files\EditeurPHP.exe
2007-01-26 06:07 316 ----a-w C:\Program Files\AUTEUR.TXT
2007-01-16 13:54 48,640 ----a-w C:\Program Files\dhtmled.oca
2006-12-20 06:20 61,440 ----a-w C:\Program Files\ieframe.oca
2006-09-19 16:26 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-04-13 09:13 1,358,848 ----a-w C:\Program Files\mshtml.oca
2005-10-30 07:01 45,056 ----a-w C:\Program Files\Assist_HTML_TXT.exe
2005-03-27 08:03 49,152 ----a-w C:\Program Files\Assist_Calend.exe
2005-02-23 07:34 831,488 ----a-w C:\Program Files\Assist_Java.exe
2005-02-22 16:08 241,664 ----a-w C:\Program Files\Assist_AlbumPhotos.exe
2005-01-29 06:35 102,400 ----a-w C:\Program Files\Assist_Image.exe
2004-11-14 06:52 397,312 ----a-w C:\Program Files\Assist_PageCadre.exe
2004-11-13 06:55 73,728 ----a-w C:\Program Files\Assist_OptCode.exe
2004-11-13 06:52 69,632 ----a-w C:\Program Files\Assist_HTML2EXE.exe
2004-11-13 06:49 344,064 ----a-w C:\Program Files\Assist_Banniere.exe
2004-11-13 06:47 102,400 ----a-w C:\Program Files\Assist_Txt3DTexture.exe
2004-11-13 06:45 40,960 ----a-w C:\Program Files\Assist_Convert.exe
2004-11-08 08:19 315,392 ----a-w C:\Program Files\Assist_Texte3D.exe
2004-11-02 11:45 228 ----a-w C:\Program Files\defaut.dsh
2004-06-24 08:41 61,440 ----a-w C:\Program Files\HTMLEXE.dat
2004-03-06 07:15 81,920 ----a-w C:\Program Files\Assist_URL.exe
2004-03-01 15:35 108,652 ----a-w C:\Program Files\ExemplesScripts.zip
2003-09-22 07:45 45,056 ----a-w C:\Program Files\Assist_Format.exe
2003-08-31 07:27 94,208 ----a-w C:\Program Files\Assist_Tableau.exe
2003-08-11 13:30 34,463 ----a-w C:\Program Files\MusiqueScript.zip
2003-08-05 15:40 120,665 ----a-w C:\Program Files\Textures.zip
2003-06-22 07:11 634 ----a-w C:\Program Files\ExempleMenu.mnu
2002-09-16 07:47 101,002 ----a-w C:\Program Files\INDEXHTML.HLP
2002-09-16 07:37 428 ----a-w C:\Program Files\IndexHTML.cnt
2002-09-04 11:19 277,480 ----a-w C:\Program Files\HTML4.zip
2002-08-16 04:37 3,397 ----a-w C:\Program Files\ExCadre.zip
2002-08-12 12:37 259 ----a-w C:\Program Files\StyleCSS.css
2000-10-11 11:11 121,562 ----a-w C:\Program Files\PicFormat32.dll
2000-05-17 06:52 187,392 ----a-w C:\Program Files\JPGUtils.dll
1999-07-31 13:31 5,372 ----a-w C:\Program Files\sinedots.txt
1999-07-31 13:28 45,056 ----a-w C:\Program Files\sinedots.8bf
1999-07-15 18:37 24,576 ----a-w C:\Program Files\AssignPath.exe
1999-07-13 23:44 861 ----a-w C:\Program Files\sinedots.cfg
2006-10-23 11:25:51 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2006-10-12 09:17:09 56 --sh--r C:\WINDOWS\system32\932ABB3B60.sys
2006-10-12 09:17:09 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-10-17 04:31]
"nwiz"="nwiz.exe" [2005-10-17 04:31 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-10-17 04:31]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 14:12 C:\WINDOWS\soundman.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-22 09:00]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-30 13:20]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11]
"zzzHPSETUP"="D:\Setup.exe" []
"Install5G"="D:\Install.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Architect"="C:\Program Files\Desktop Architect\datray.exe" [2000-06-11 21:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvtts]
yayvtts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"


.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-06 11:43:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-10 13:45:40 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-10 13:20:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 15:43:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 15:47:41 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-10 15:12
C:\ComboFix3.txt ... 2007-10-10 12:38
.
--- E O F ---



Rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:58, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Desktop Architect\datray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Magic Mail Monitor\Magic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Install5G] D:\Install.exe /SI=40
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Raccourci vers Magic.lnk = C:\Program Files\Magic Mail Monitor\Magic.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Translate Page - http://www.geocities.com/mockba80/translate1.0.txt
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 8687665889
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/ [...] cfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yayvtts - yayvtts.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8881 bytes




Répondre à Marie30410
Marie30410   10-10-2007 à 16:33:48
- 0 +

Pour l'instant mon AVG ne s'active plus.

Je suppose qu'il faut eliminer les lignes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: yayvtts - yayvtts.dll (file missing)

Mais j'attends ta réponse pour le faire.

Merci

Répondre à Marie30410
Marie30410   10-10-2007 à 16:50:33
- 0 +

OK ... je fais ça !!!

Je fais un Scan avec AVG AS . Puis-je poster le rapport.

Répondre à Marie30410
Marie30410   10-10-2007 à 17:10:33
- 0 +

Voici le dernier rapport de Hijackthis après suppression des lignes 02 et 20.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:17, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Desktop Architect\datray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Install5G] D:\Install.exe /SI=40
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Raccourci vers Magic.lnk = C:\Program Files\Magic Mail Monitor\Magic.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Translate Page - http://www.geocities.com/mockba80/translate1.0.txt
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 8687665889
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/ [...] cfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8674 bytes

Je fais mon Scan et je poste.

Encore merci à toi pour cette étape. :)

Répondre à Marie30410
Angeldark   10-10-2007 à 17:15:37
- 0 +

D'autres problèmes ?


Message édité par Angeldark le 10-10-2007 à 17:17:15
------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Marie30410   10-10-2007 à 17:33:30
- 0 +

Pas d'autres problèmes pour l'instant. J'espère que tout est parti.
Des que le Scan avec AVG AS est terminé je poste.
Merci encore pour ton aide si précieuse. :)

Répondre à Marie30410
Marie30410   10-10-2007 à 17:42:39
- 0 +

Si je peux encore abuser de ton aide, j'ai encore une question.

J'avais hier un message d'erreur au démarrage de Windows. Ce message d'erreur disait:

Erreur de chargement de C:\WINDOWS\system32\drvbel.dll ... Module spécifie introuvable.

Ce DLL a été stoppé par AVG AV et stocké dans Virus Vault.
Depuis la manip faite avec Combofix et le fichier CFScript ... le message d'eereur a disparu.

Etait-ce lié au Vundo ?

Répondre à Marie30410
Marie30410   10-10-2007 à 18:30:00
- 0 +

Le Scan avec AVG AS est terminé.

Rapport ---> Aucun problème à signaler.
--------------------------------------

Encore merci à toi et à l'aide que vous apportez sur ce forum.
Il y a beaucoup de littérature sur Internet, mais pas toujours appropriée au problème que l'on a sur son PC.
Il est appréciable de savoir que l'on va trouver une solution efficace à un cas particulier que l'on ne peut résoudre seul.
C'est ce qui m'est arrivé.

Merci :)

Répondre à Marie30410
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > PC infecté par Vundo - Besoin d'aide SVP
Aller à :

Il y a 2605 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,389 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens