Contenu de FRED 31

VIRUS BURST

FRED 31 a répondu à un(e) sujet de FRED 31 dans Analyses et éradication malwares

merci de ton aide bruce ! ci joint les 2 rapports exécutés cet a midi est ce meilleur ? Je repart bosser ( des piscines à vendre !!! ) Logfile of HijackThis v1.99.1 Scan saved at 15:33:09, on 17/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis\fredo.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe SmitFraudFix v2.91 Rapport fait à 15:24:17,09, 17/10/2006 Executé à partir de C:\Documents and Settings\Marinal\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{f31aee4a-1530-4fef-8537-79c6973bff9a}"="gaonic" [HKEY_CLASSES_ROOT\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32] @="C:\WINDOWS\system32\tazth.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32] @="C:\WINDOWS\system32\tazth.dll" »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{f31aee4a-1530-4fef-8537-79c6973bff9a}"="gaonic" [HKEY_CLASSES_ROOT\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32] @="C:\WINDOWS\system32\tazth.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32] @="C:\WINDOWS\system32\tazth.dll" »»»»»»»»»»»»»»»»»»»»»»»» Fin

le 17 octobre 2006
6 réponses

VIRUS BURST

FRED 31 a répondu à un(e) sujet de FRED 31 dans Analyses et éradication malwares

merci bruce merci Yannick ci joint le rapport smitfraudix : SmitFraudFix v2.109 Rapport fait à 20:37:59,39, 15/10/2006 Executé à partir de C:\Documents and Settings\Marinal\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Marinal »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Marinal\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT ! C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Marinal\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{f31aee4a-1530-4fef-8537-79c6973bff9a}"="gaonic" [HKEY_CLASSES_ROOT\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32] @="C:\WINDOWS\system32\tazth.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32] @="C:\WINDOWS\system32\tazth.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

le 15 octobre 2006
6 réponses

VIRUS BURST

FRED 31 a posté un sujet dans Analyses et éradication malwares

BNJOUR , J'ai suivi la procedure decrite par geokiller pour venir a bout de ce faux codec au redémarrage de la machine tout parait ok, je n'ai plus la présence de l'icone en bas à droite ci joint mes deux rapports Hijackthis et avg est ce que le pb est résolu ou bien dois je encore faire une manip merci à tous AntiVir PersonalEdition Classic Report file date: samedi 14 octobre 2006 23:35 Scanning for 527100 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Marinal Computer name: UTILISAT-1BCC57 Version information: AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 10:06:56 AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 10:56:33 LUKE.DLL : 7.0.0.47 118824 07/09/2006 10:32:33 LUKERES.DLL : 7.0.0.47 9256 07/09/2006 10:56:33 ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 10:35:27 ANTIVIR1.VDF : 6.36.0.89 1745920 02/10/2006 20:44:45 ANTIVIR2.VDF : 6.36.0.101 78336 09/10/2006 20:44:45 ANTIVIR3.VDF : 6.36.0.124 54272 14/10/2006 20:44:45 AVEWIN32.DLL : 7.2.0.30 1872384 14/10/2006 20:44:45 AVPREF.DLL : 7.0.0.2 23592 24/07/2006 12:36:04 AVREP.DLL : 6.36.0.79 843816 14/10/2006 20:44:45 AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 08:43:31 AVPACK32.DLL : 7.2.0.0 368680 21/07/2006 06:00:28 AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:49 NETNW.DLL : 7.0.0.0 9768 24/07/2006 12:35:55 RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 11:22:57 RCTEXT.DLL : 7.0.1.4 77864 14/10/2006 20:44:43 Configuration settings for the scan: Jobname.......................: Manual Selection Configuration file............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp Boot sectors..................: C,D Scan memory...................: 1 Process scan..................: 1 Scan all files................: 1 Scan archives.................: 1 Recursion depth...............: 20 Smart extensions..............: 1 Skipped archive types.........: 1000,1001,1002,1003,1004,1005, Macro heuristic...............: 1 File heuristic................: 2 Primary action................: 1 Secondary action..............: 0 Start of the scan: samedi 14 octobre 2006 23:35 The scan of running processes will be started 4 Processes were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 16 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp [WARNING] The file could not be opened! C:\Documents and Settings\Marinal\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\Marinal\NTUSER.DAT.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Marinal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Marinal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Program Files\HQVideoCodec\pmmon.exe [DETECTION] Contains signature of the SPR/Monitor.B.2 program [iNFO] The file was moved to '459e5a06.qua'! C:\WINDOWS\system32\tazth.dll [DETECTION] Is the Trojan horse TR/Renos.F [WARNING] The file could not be deleted! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00fd55b5b808d99c3be231b9fbe49ec8_d5907749-c3ea-4c96-b1f1-00f9a99e12ae [WARNING] The file could not be opened! D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\331a772661f3b9a5b0942dc44bec8a3d_d5907749-c3ea-4c96-b1f1-00f9a99e12ae [WARNING] The file could not be opened! D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_d5907749-c3ea-4c96-b1f1-00f9a99e12ae [WARNING] The file could not be opened! D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp [WARNING] The file could not be opened! D:\Program Files\Video iCodec\uninst.exe [DETECTION] Is the Trojan horse TR/Drop.Zlob.agf [iNFO] The file was moved to '459a6e27.qua'! D:\WINDOWS\$NtUninstallKB824141$\sysmain.sdb [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB824141$\user32.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB824141$\win32k.sys [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\catsrv.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\colbact.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\comadmin.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\comrepl.exe [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\comuid.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\es.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\migregdb.exe [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\ole32.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\rpcss.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB828741$\txflog.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB833987$\sxs.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\browser.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\callcont.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\gdi32.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\h323.tsp [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\h323msp.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\mf3216.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\msasn1.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\msgina.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\mst120.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\netapi32.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\nmcom.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB835732$\schannel.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallKB839645$\shell32.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ307869$\guitrn.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ307869$\guitrn_a.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ307869$\migapp.inf [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ307869$\migwiz.exe [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ307869$\migwiz_a.exe [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ307869$\script.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ307869$\script_a.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ307869$\sysmod.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ307869$\sysmod_a.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ307869$\spuninst\spuninst.exe [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ307869$\spuninst\spuninst.inf [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ308210$\rdchost.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ308210$\sessmgr.exe [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ308210$\spuninst\spuninst.exe [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ308210$\spuninst\spuninst.inf [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ310437$\ups.exe [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ310437$\spuninst\spuninst.exe [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ310437$\spuninst\spuninst.inf [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ311542$\pci.sys [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ311542$\spuninst\spuninst.exe [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ311542$\spuninst\spuninst.inf [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ315000$\netsetup.exe [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ315000$\upnp.dll [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ318966$\spuninst\Q318966.log [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ323172$\reg00003 [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ323172$\reg00005 [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ323172$\reg00008 [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ323172$\reg00009 [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ323172$\reg00010 [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ323172$\reg00011 [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ328940$\reg00003 [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx.000 [WARNING] The file could not be opened! D:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll [WARNING] The file could not be opened! D:\WINDOWS\system32\yiru.exe [DETECTION] Contains signature of the worm WORM/IRCBot.140648 [iNFO] The file was moved to '45a3df12.qua'! End of the scan: dimanche 15 octobre 2006 09:13 Used time: 9:37:23 min The scan has been done completely. 8060 Scanning directories 492776 Files were scanned 4 viruses and/or unwanted programs were found 0 files were deleted 0 files were repaired 3 files were moved to quarantine 0 files were renamed 2303 Archives were scanned 112 Warnings 14 Notes rapport Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 23:24:32, on 14/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\DOCUME~1\Marinal\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe C:\Program Files\HijackThis\fredo.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\HQVideoCodec\iesplugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{C57C6620-B324-41F3-A21C-9A22E4F2B2C6}: NameServer = 84.103.237.140 86.64.145.140 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

le 15 octobre 2006
6 réponses

Connexion

FRED 31

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par FRED 31

VIRUS BURST

VIRUS BURST

VIRUS BURST

Zebulon

Outils en ligne

Naviguer