FRED 31

le 17 octobre 2006

re,

3/* Redemarrer l'ordinateur en mode sans echec http://www.sosordi.net/Faq/Faq.2.html

* Double cliquer sur smitfraudfix.cmd

* Sélectionner 2 dans le menu pour supprimer les fichiers respondables de l'infection.

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui)

sauvegarde le rapport.

redemarre en mode normal et post aussi le nouveau rapport ainsi qu'un nouveau log hijackthis

merci de ton aide bruce !

ci joint les 2 rapports exécutés cet a midi est ce meilleur ?

Je repart bosser ( des piscines à vendre !!! )

Logfile of HijackThis v1.99.1

Scan saved at 15:33:09, on 17/10/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\HijackThis\fredo.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: DSLMON.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

SmitFraudFix v2.91

Rapport fait à 15:24:17,09, 17/10/2006

Executé à partir de C:\Documents and Settings\Marinal\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{f31aee4a-1530-4fef-8537-79c6973bff9a}"="gaonic"

[HKEY_CLASSES_ROOT\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32]

@="C:\WINDOWS\system32\tazth.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32]

@="C:\WINDOWS\system32\tazth.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{f31aee4a-1530-4fef-8537-79c6973bff9a}"="gaonic"

[HKEY_CLASSES_ROOT\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32]

@="C:\WINDOWS\system32\tazth.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32]

@="C:\WINDOWS\system32\tazth.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Fin

le 15 octobre 2006

bonjour FRED 31 et bienvenue sur zebulon bonjour Yannick™

Avant de faire ce qu'a marqué Yannick™:

1/Télécharger http://siri.urz.free.fr/Fix/SmitfraudFix.zip

2/ Dézipper la totalité de l'archive sur ton bureau.

Double cliquer sur smitfraudfix.cmd

Sélectionner 1 dans le menu pour créer un rapport des fichiers responsables de l'infection.

sauvegarde ce rapport et poste le.

@+

merci bruce merci Yannick ci joint le rapport smitfraudix :

SmitFraudFix v2.109

Rapport fait à 20:37:59,39, 15/10/2006

Executé à partir de C:\Documents and Settings\Marinal\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Marinal

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Marinal\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Marinal\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{f31aee4a-1530-4fef-8537-79c6973bff9a}"="gaonic"

[HKEY_CLASSES_ROOT\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32]

@="C:\WINDOWS\system32\tazth.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32]

@="C:\WINDOWS\system32\tazth.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

le 15 octobre 2006

BNJOUR ,

J'ai suivi la procedure decrite par geokiller pour venir a bout de ce faux codec

au redémarrage de la machine tout parait ok, je n'ai plus la présence de l'icone en bas à droite

ci joint mes deux rapports Hijackthis et avg

est ce que le pb est résolu ou bien dois je encore faire une manip

merci à tous

AntiVir PersonalEdition Classic

Report file date: samedi 14 octobre 2006 23:35

Scanning for 527100 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Marinal

Computer name: UTILISAT-1BCC57

Version information:

AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 10:06:56

AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 10:56:33

LUKE.DLL : 7.0.0.47 118824 07/09/2006 10:32:33

LUKERES.DLL : 7.0.0.47 9256 07/09/2006 10:56:33

ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 10:35:27

ANTIVIR1.VDF : 6.36.0.89 1745920 02/10/2006 20:44:45

ANTIVIR2.VDF : 6.36.0.101 78336 09/10/2006 20:44:45

ANTIVIR3.VDF : 6.36.0.124 54272 14/10/2006 20:44:45

AVEWIN32.DLL : 7.2.0.30 1872384 14/10/2006 20:44:45

AVPREF.DLL : 7.0.0.2 23592 24/07/2006 12:36:04

AVREP.DLL : 6.36.0.79 843816 14/10/2006 20:44:45

AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 08:43:31

AVPACK32.DLL : 7.2.0.0 368680 21/07/2006 06:00:28

AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36

NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:49

NETNW.DLL : 7.0.0.0 9768 24/07/2006 12:35:55

RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 11:22:57

RCTEXT.DLL : 7.0.1.4 77864 14/10/2006 20:44:43

Configuration settings for the scan:

Jobname.......................: Manual Selection

Configuration file............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp

Boot sectors..................: C,D

Scan memory...................: 1

Process scan..................: 1

Scan all files................: 1

Scan archives.................: 1

Recursion depth...............: 20

Smart extensions..............: 1

Skipped archive types.........: 1000,1001,1002,1003,1004,1005,

Macro heuristic...............: 1

File heuristic................: 2

Primary action................: 1

Secondary action..............: 0

Start of the scan: samedi 14 octobre 2006 23:35

The scan of running processes will be started

4 Processes were scanned

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( 16 files ).

Starting the file scan:

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

[WARNING] The file could not be opened!

C:\Documents and Settings\Marinal\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\Marinal\NTUSER.DAT.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\Marinal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\Marinal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\Program Files\HQVideoCodec\pmmon.exe

[DETECTION] Contains signature of the SPR/Monitor.B.2 program

[iNFO] The file was moved to '459e5a06.qua'!

C:\WINDOWS\system32\tazth.dll

[DETECTION] Is the Trojan horse TR/Renos.F

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\config\default

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system.LOG

[WARNING] The file could not be opened!

D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00fd55b5b808d99c3be231b9fbe49ec8_d5907749-c3ea-4c96-b1f1-00f9a99e12ae

[WARNING] The file could not be opened!

D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\331a772661f3b9a5b0942dc44bec8a3d_d5907749-c3ea-4c96-b1f1-00f9a99e12ae

[WARNING] The file could not be opened!

D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_d5907749-c3ea-4c96-b1f1-00f9a99e12ae

[WARNING] The file could not be opened!

D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

[WARNING] The file could not be opened!

D:\Program Files\Video iCodec\uninst.exe

[DETECTION] Is the Trojan horse TR/Drop.Zlob.agf

[iNFO] The file was moved to '459a6e27.qua'!

D:\WINDOWS\$NtUninstallKB824141$\sysmain.sdb

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB824141$\user32.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB824141$\win32k.sys

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\colbact.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\comrepl.exe

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\comuid.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\es.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\migregdb.exe

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\ole32.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB828741$\txflog.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB833987$\sxs.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\browser.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\callcont.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\gdi32.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\h323.tsp

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\mf3216.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\msgina.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\mst120.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\netapi32.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB835732$\schannel.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallKB839645$\shell32.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ307869$\guitrn.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ307869$\guitrn_a.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ307869$\migapp.inf

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ307869$\migwiz.exe

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ307869$\migwiz_a.exe

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ307869$\script.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ307869$\script_a.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ307869$\sysmod.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ307869$\sysmod_a.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ307869$\spuninst\spuninst.exe

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ307869$\spuninst\spuninst.inf

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ308210$\rdchost.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ308210$\sessmgr.exe

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ308210$\spuninst\spuninst.exe

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ308210$\spuninst\spuninst.inf

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ310437$\ups.exe

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ310437$\spuninst\spuninst.exe

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ310437$\spuninst\spuninst.inf

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ311542$\pci.sys

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ311542$\spuninst\spuninst.exe

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ311542$\spuninst\spuninst.inf

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ315000$\netsetup.exe

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ315000$\upnp.dll

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ318966$\spuninst\Q318966.log

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ323172$\reg00003

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ323172$\reg00005

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ323172$\reg00008

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ323172$\reg00009

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ323172$\reg00010

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ323172$\reg00011

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ328940$\reg00003

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx.000

[WARNING] The file could not be opened!

D:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll

[WARNING] The file could not be opened!

D:\WINDOWS\system32\yiru.exe

[DETECTION] Contains signature of the worm WORM/IRCBot.140648

[iNFO] The file was moved to '45a3df12.qua'!

End of the scan: dimanche 15 octobre 2006 09:13

Used time: 9:37:23 min

The scan has been done completely.

8060 Scanning directories

492776 Files were scanned

4 viruses and/or unwanted programs were found

0 files were deleted

0 files were repaired

3 files were moved to quarantine

0 files were renamed

2303 Archives were scanned

112 Warnings

14 Notes

rapport Hijackthis :

Logfile of HijackThis v1.99.1

Scan saved at 23:24:32, on 14/10/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\DOCUME~1\Marinal\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe

C:\Program Files\HijackThis\fredo.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\HQVideoCodec\iesplugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: DSLMON.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{C57C6620-B324-41F3-A21C-9A22E4F2B2C6}: NameServer = 84.103.237.140 86.64.145.140

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

Connexion

FRED 31

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Messages posté(e)s par FRED 31

VIRUS BURST

VIRUS BURST

VIRUS BURST

Zebulon

Outils en ligne

Naviguer