Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Piègé par Spyware Quake, Help

udolfo

Par udolfo
dans Analyses et éradication malwares

 Partager

Messages recommandés

udolfo Member

udolfo

Posté(e)
  • Auteur
Posté(e)

Salut Regis

 

et voila qui est fait :P

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Thursday, September 14, 2006 7:36:36 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 14/09/2006

Kaspersky Anti-Virus database records: 210334

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

K:\

L:\

 

Scan Statistics:

Total number of scanned objects: 142641

Number of viruses found: 4

Number of infected objects: 13 / 0

Number of suspicious objects: 0

Duration of the scan process: 01:44:18

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fd20a676afddc079bee95e6afcc5e9f_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cffe90875432d6d1e274c1c6bc09865_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88ce334c3cc67ce99df2b089e83f3259_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0baf4d2dde0c64df199794230129e1c_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bef6ec93e2a98f3b5cb3b0e4b9ca73fd_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf9a7481e236a90bca2d9d464552518b_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\FOUND.003\FILE0055.CHK Infected: Backdoor.Win32.Hupigon.bxb skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

E:\Documents and Settings\François\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\François\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Historique\History.IE5\MSHist012006091420060915\index.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Temp\~DFB1D9.tmp Object is locked skipped

E:\Documents and Settings\François\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\François\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\François\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\François\UserData\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\BWDocMap.pht Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\BWInfopakMap.pht Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chandir.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chandir.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chn.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chn.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\D0000000.FCS Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\inuse.txt Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\L0000009.FCS Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\main.log Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_die.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_die.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_dnd.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_dnd.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_ext.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_ext.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_rcv.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_rcv.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\storydb.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\storydb.idx Object is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{1F2D333E-EF67-4F44-814E-E46489AF0BDC}\RP4\change.log Object is locked skipped

E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

E:\WINDOWS\SchedLgU.Txt Object is locked skipped

E:\WINDOWS\SoftwareDistribution\EventCache\{616E569D-DD0C-4EB4-BF9B-8DA16E5EC449}.bin Object is locked skipped

E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

E:\WINDOWS\Sti_Trace.log Object is locked skipped

E:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

E:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped

E:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

E:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\default Object is locked skipped

E:\WINDOWS\system32\config\default.LOG Object is locked skipped

E:\WINDOWS\system32\config\SAM Object is locked skipped

E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\SECURITY Object is locked skipped

E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

E:\WINDOWS\system32\config\software Object is locked skipped

E:\WINDOWS\system32\config\software.LOG Object is locked skipped

E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\system Object is locked skipped

E:\WINDOWS\system32\config\system.LOG Object is locked skipped

E:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

E:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

E:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

E:\WINDOWS\system32\drivers\sptd8141.sys Object is locked skipped

E:\WINDOWS\system32\h323log.txt Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

E:\WINDOWS\Temp\Perflib_Perfdata_6ac.dat Object is locked skipped

E:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

E:\WINDOWS\wiadebug.log Object is locked skipped

E:\WINDOWS\wiaservc.log Object is locked skipped

E:\WINDOWS\WindowsUpdate.log Object is locked skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe/stream/data0006 Infected: Trojan.Win32.Krepper.ag skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe/stream/data0007/data0002 Infected: Trojan-Downloader.Win32.IstBar.er skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe/stream/data0007 Infected: Trojan-Downloader.Win32.IstBar.er skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe/stream Infected: Trojan-Downloader.Win32.IstBar.er skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe NSIS: infected - 4 skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

L:\disque c\Mes documents\ÉLÉMEN~1.DBX/[From =?iso-8859-1?Q?Fran=E7ois_Semet?= <fr.semet@infonie.be>][Date Wed, 23 Jun 1999 20:28:34 +0200]/UNNAMED/Att1.exe Infected: not-virus:BadJoke.Win32.Boredom skipped

L:\disque c\Mes documents\ÉLÉMEN~1.DBX/[From =?iso-8859-1?Q?Fran=E7ois_Semet?= <fr.semet@infonie.be>][Date Wed, 23 Jun 1999 20:28:34 +0200]/UNNAMED Infected: not-virus:BadJoke.Win32.Boredom skipped

L:\disque c\Mes documents\ÉLÉMEN~1.DBX/[From =?iso-8859-1?Q?Fran=E7ois_Semet?= <fr.semet@infonie.be>][Date Sun, 27 Jun 1999 22:36:31 +0200]/UNNAMED/Att1.exe Infected: not-virus:BadJoke.Win32.Boredom skipped

L:\disque c\Mes documents\ÉLÉMEN~1.DBX/[From =?iso-8859-1?Q?Fran=E7ois_Semet?= <fr.semet@infonie.be>][Date Sun, 27 Jun 1999 22:36:31 +0200]/UNNAMED Infected: not-virus:BadJoke.Win32.Boredom skipped

L:\disque c\Mes documents\ÉLÉMEN~1.DBX/[From =?iso-8859-1?Q?Fran=E7ois_Semet?= <fr.semet@infonie.be>][Date Sun, 27 Jun 1999 22:38:31 +0200]/UNNAMED/Att1.exe Infected: not-virus:BadJoke.Win32.Boredom skipped

L:\disque c\Mes documents\ÉLÉMEN~1.DBX/[From =?iso-8859-1?Q?Fran=E7ois_Semet?= <fr.semet@infonie.be>][Date Sun, 27 Jun 1999 22:38:31 +0200]/UNNAMED Infected: not-virus:BadJoke.Win32.Boredom skipped

L:\disque c\Mes documents\ÉLÉMEN~1.DBX Mail MS Outlook 5: infected - 6 skipped

 

Scan process completed.

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Bonjour udolfo !

 

Non je suis désolé mais le fichier est toujours là !

Et un de plus

 

Supprime ces deux fichiers :

 

D:\FOUND.003\FILE0055.CHK

L:\disque c\Mes documents\ÉLÉMEN~1.DBX

 

Si tu n'y arrive pas fais le en mode sans echec !

 

Ensuite fais ceci

 

-Créer un point de restauration et supprimer les anciens !: (aide visuelle http://assiste.free.fr/p/comment/comment_a...tauration.html)

Cliquer avec le bouton droit sur l'icône Poste de travail, puis cliquer sur Propriétés.

Cliquer sur l'onglet «Restauration du système».

Sélectionner «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Cliquer sur Appliquer.

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, cliquer sur Oui.

Cliquer sur OK, redémarrer le PC. Faire l'opération inverse, et réactiver la restauration:un nouveau point sera automatiquement créé.

 

A plus.

  • 2 semaines après...
udolfo Member

udolfo

Posté(e)
  • Auteur
Posté(e)

Bonjour Regis,

 

Voila qui est fait,

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Saturday, September 23, 2006 1:54:10 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 23/09/2006

Kaspersky Anti-Virus database records: 212743

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

K:\

L:\

N:\

O:\

P:\

 

Scan Statistics:

Total number of scanned objects: 144000

Number of viruses found: 3

Number of infected objects: 6 / 0

Number of suspicious objects: 0

Duration of the scan process: 01:26:46

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fd20a676afddc079bee95e6afcc5e9f_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cffe90875432d6d1e274c1c6bc09865_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88ce334c3cc67ce99df2b089e83f3259_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0baf4d2dde0c64df199794230129e1c_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bef6ec93e2a98f3b5cb3b0e4b9ca73fd_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf9a7481e236a90bca2d9d464552518b_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

E:\Documents and Settings\François\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\François\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Historique\History.IE5\MSHist012006092320060924\index.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\François\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\François\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\BWDocMap.pht Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\BWInfopakMap.pht Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chandir.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chandir.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chn.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chn.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\D0000000.FCS Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\inuse.txt Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\L0000009.FCS Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\main.log Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_die.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_die.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_dnd.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_dnd.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_ext.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_ext.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_rcv.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_rcv.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\storydb.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\storydb.idx Object is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{1F2D333E-EF67-4F44-814E-E46489AF0BDC}\RP1\change.log Object is locked skipped

E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

E:\WINDOWS\SchedLgU.Txt Object is locked skipped

E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

E:\WINDOWS\Sti_Trace.log Object is locked skipped

E:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\default Object is locked skipped

E:\WINDOWS\system32\config\default.LOG Object is locked skipped

E:\WINDOWS\system32\config\SAM Object is locked skipped

E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\SECURITY Object is locked skipped

E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

E:\WINDOWS\system32\config\software Object is locked skipped

E:\WINDOWS\system32\config\software.LOG Object is locked skipped

E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\system Object is locked skipped

E:\WINDOWS\system32\config\system.LOG Object is locked skipped

E:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

E:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

E:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

E:\WINDOWS\system32\drivers\sptd8141.sys Object is locked skipped

E:\WINDOWS\system32\gimwrpmq.dll Infected: Trojan.Win32.BHO.g skipped

E:\WINDOWS\system32\h323log.txt Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

E:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat Object is locked skipped

E:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

E:\WINDOWS\wiadebug.log Object is locked skipped

E:\WINDOWS\wiaservc.log Object is locked skipped

E:\WINDOWS\WindowsUpdate.log Object is locked skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe/stream/data0006 Infected: Trojan.Win32.Krepper.ag skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe/stream/data0007/data0002 Infected: Trojan-Downloader.Win32.IstBar.er skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe/stream/data0007 Infected: Trojan-Downloader.Win32.IstBar.er skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe/stream Infected: Trojan-Downloader.Win32.IstBar.er skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe NSIS: infected - 4 skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

Scan process completed.

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Bonjour udolfo !

 

Fais analyser ce fichier :

E:\WINDOWS\system32\gimwrpmq.dll

 

Assure toi d'avoir accès à tous les fichiers, certains fichiers/dossiers sont cachés!!

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Activer l'option : Afficher les fichiers et dossiers cachés

Désactiver l'option : Masquer les extensions des fichiers dont le type est connu

Désactiver l'option : Masquer les fichiers protégés du système d'exploitation

Puis cliquer sur "Appliquer à tous les dossiers"

 

Fais soumettre le fichier en gras ici =>

1- http://virusscan.jotti.org/

2- http://www.virustotal.com/flash/index_en.html

 

Lorsque tu cliques sur ces deux adresses, tu as une case nommée "Parcourir", tu cliques dessus et une fenêtre s'ouvre=> parcours ton disque dur

Recherche le fichier en cause

Clique une fois sur le fichier (il prend une couleur bleue!) puis tu cliques sur "ouvrir" en bas de la fenêtre puis sur "submit"(soumettre)

Pour le virusscan de jotti et "send" pour virustotal.

Le scan de ce fichier va débuter.

Tu n'as plus qu'à sélectionner puis copier /coller l’analyse. Il est possible que tu reçoives ce message =>

"Server is extremely busy at the moment. Please try again later."Auquel cas il faut retenter le coup plus tard!

communiquer les 2 rapports.

 

A plus.

udolfo Member

udolfo

Posté(e)
  • Auteur
Posté(e)

salut Régis,

 

voici les 2 rapports

 

Virus total

Complete scanning result of "gimwrpmq.dll", received in VirusTotal at 09.24.2006, 15:50:20 (CET).

 

Antivirus Version Update Result

AntiVir 7.2.0.18 09.24.2006 TR/BHO.G

Authentium 4.93.8 09.23.2006 no virus found

Avast 4.7.844.0 09.22.2006 no virus found

AVG 386 09.22.2006 no virus found

BitDefender 7.2 09.24.2006 no virus found

CAT-QuickHeal 8.00 09.22.2006 no virus found

ClamAV devel-20060426 09.24.2006 no virus found

DrWeb 4.33 09.22.2006 Adware.Duncan

eTrust-InoculateIT 23.73.4 09.24.2006 no virus found

eTrust-Vet 30.3.3093 09.22.2006 no virus found

Ewido 4.0 09.24.2006 Trojan.BHO.g

Fortinet 2.82.0.0 09.24.2006 W32/BHO.G!tr

F-Prot 3.16f 09.23.2006 no virus found

F-Prot4 4.2.1.29 09.23.2006 no virus found

Ikarus 0.2.65.0 09.23.2006 no virus found

Kaspersky 4.0.2.24 09.24.2006 Trojan.Win32.BHO.g

McAfee 4858 09.22.2006 Vundo

Microsoft 1.1560 09.24.2006 no virus found

NOD32v2 1.1771 09.23.2006 no virus found

Norman 5.90.23 09.22.2006 W32/Vundo.gen1

Panda 9.0.0.4 09.24.2006 no virus found

Sophos 4.09.0 09.24.2006 no virus found

Symantec 8.0 09.24.2006 Trojan.Vundo

TheHacker 6.0.1.078 09.24.2006 Trojan/BHO.g

UNA 1.83 09.22.2006 Trojan.Win32.BHO.6BDC

VBA32 3.11.1 09.24.2006 no virus found

VirusBuster 4.3.7:9 09.24.2006 no virus found

 

 

Online malware

 

Service load:

0% 100%

File: gimwrpmq.dll

Status:

INFECTED/MALWARE

MD5 58a95425fbc2575043c3ca4f7600db55

Packers detected:

-

Scanner results

AntiVir

Found Trojan/BHO.G

ArcaVir

Found Adware.Vundo.A2

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

 

 

 

Pas l'air génial tout ça !!

Found nothing

ClamAV

Found nothing

Dr.Web

Found Adware.Duncan

F-Prot Antivirus

Found nothing

Fortinet

Found W32/BHO.G!tr

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found W32/Vundo.gen1

UNA

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

regis56 Godlike Member

regis56

Posté(e)
Posté(e) (modifié)

RE

 

Ouaip !

 

Tu vas faire ceci STP

 

 

-Créer un point de restauration et supprimer les anciens !: (aide visuelle http://assiste.free.fr/p/comment/comment_a...tauration.html)

Cliquer avec le bouton droit sur l'icône Poste de travail, puis cliquer sur Propriétés.

Cliquer sur l'onglet «Restauration du système».

Sélectionner «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Cliquer sur Appliquer.

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, cliquer sur Oui.

Cliquer sur OK, redémarrer le PC. Faire l'opération inverse, et réactiver la restauration:un nouveau point sera automatiquement créé.

 

 

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

 

Et refais un scan kapersky STP

 

A plus.

Modifié par regis56
udolfo Member

udolfo

Posté(e)
  • Auteur
Posté(e)

Salut Regis

 

Voici tous les rapports

 

 

VundoFix V6.1.6

 

Checking Java version...

 

Java version is 1.5.0.6

 

Scan started at 17:25:31 25/09/2006

 

Listing files found while scanning....

 

E:\WINDOWS\system32\gebyy.dll

E:\WINDOWS\system32\yybeg.ini

E:\WINDOWS\system32\yybeg.bak1

E:\WINDOWS\system32\yybeg.bak2

E:\WINDOWS\system32\yybeg.ini2

E:\WINDOWS\system32\yybeg.tmp

E:\WINDOWS\system32\gimwrpmq.dll

 

Beginning removal...

 

Attempting to delete E:\WINDOWS\system32\gebyy.dll

E:\WINDOWS\system32\gebyy.dll Could not be deleted.

 

Attempting to delete E:\WINDOWS\system32\yybeg.ini

E:\WINDOWS\system32\yybeg.ini Has been deleted!

 

Attempting to delete E:\WINDOWS\system32\yybeg.bak1

E:\WINDOWS\system32\yybeg.bak1 Has been deleted!

 

Attempting to delete E:\WINDOWS\system32\yybeg.bak2

E:\WINDOWS\system32\yybeg.bak2 Has been deleted!

 

Attempting to delete E:\WINDOWS\system32\yybeg.ini2

E:\WINDOWS\system32\yybeg.ini2 Has been deleted!

 

Attempting to delete E:\WINDOWS\system32\yybeg.tmp

E:\WINDOWS\system32\yybeg.tmp Has been deleted!

 

Attempting to delete E:\WINDOWS\system32\gimwrpmq.dll

E:\WINDOWS\system32\gimwrpmq.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.1.6

 

Checking Java version...

 

Java version is 1.5.0.6

 

Scan started at 17:30:10 25/09/2006

 

Listing files found while scanning....

 

E:\WINDOWS\system32\gebyy.dll

 

Beginning removal...

 

Attempting to delete E:\WINDOWS\system32\gebyy.dll

E:\WINDOWS\system32\gebyy.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 17:35:06, on 25/09/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe

E:\WINDOWS\SOUNDMAN.EXE

E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

c:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

E:\Program Files\Alwil Software\Avast4\ashServ.exe

E:\Program Files\Logitech\SetPoint\SetPoint.exe

E:\Program Files\ewido anti-spyware 4.0\guard.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\WINDOWS\system32\oodag.exe

E:\WINDOWS\system32\svchost.exe

E:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

E:\Program Files\Alwil Software\Avast4\ashWebSv.exe

E:\WINDOWS\System32\svchost.exe

E:\Documents and Settings\François\Bureau\Rep infection\hijackthis\HijackThis.exe

E:\WINDOWS\system32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - E:\WINDOWS\system32\gimwrpmq.dll (file missing)

O2 - BHO: (no name) - {CFAD7F8C-5491-48A1-A160-6AF2F6E8219A} - E:\WINDOWS\system32\gebyy.dll (file missing)

O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - E:\Program Files\VSToolbar\VSToolBar.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: bw+0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {268AEAE2-8C31-4939-8DB6-54137E039094} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)

O20 - Winlogon Notify: Zboard - E:\WINDOWS\SYSTEM32\Winlognotif.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - E:\WINDOWS\system32\oodag.exe

 

 

 

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Monday, September 25, 2006 6:41:02 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 25/09/2006

Kaspersky Anti-Virus database records: 213196

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

K:\

L:\

 

Scan Statistics:

Total number of scanned objects: 138649

Number of viruses found: 1

Number of infected objects: 2 / 0

Number of suspicious objects: 0

Duration of the scan process: 00:59:32

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fd20a676afddc079bee95e6afcc5e9f_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cffe90875432d6d1e274c1c6bc09865_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88ce334c3cc67ce99df2b089e83f3259_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0baf4d2dde0c64df199794230129e1c_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bef6ec93e2a98f3b5cb3b0e4b9ca73fd_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf9a7481e236a90bca2d9d464552518b_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{1F2D333E-EF67-4F44-814E-E46489AF0BDC}\RP1\change.log Object is locked skipped

D:\System Volume Information\_restore{1F2D333E-EF67-4F44-814E-E46489AF0BDC}\RP1\change.log Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

E:\Documents and Settings\François\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\François\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Historique\History.IE5\MSHist012006091820060925\index.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Historique\History.IE5\MSHist012006092520060926\index.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\François\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\François\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\François\UserData\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\BWDocMap.pht Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\BWInfopakMap.pht Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chandir.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chandir.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chn.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chn.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\D0000000.FCS Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\inuse.txt Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\L0000010.FCS Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\main.log Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_die.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_die.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_dnd.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_dnd.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_ext.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_ext.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_rcv.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_rcv.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\storydb.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\storydb.idx Object is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{1F2D333E-EF67-4F44-814E-E46489AF0BDC}\RP1\A0000002.dll Infected: Trojan.Win32.BHO.g skipped

E:\System Volume Information\_restore{1F2D333E-EF67-4F44-814E-E46489AF0BDC}\RP1\change.log Object is locked skipped

E:\VundoFix Backups\gimwrpmq.dll.bad Infected: Trojan.Win32.BHO.g skipped

E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

E:\WINDOWS\SchedLgU.Txt Object is locked skipped

E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

E:\WINDOWS\Sti_Trace.log Object is locked skipped

E:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\default Object is locked skipped

E:\WINDOWS\system32\config\default.LOG Object is locked skipped

E:\WINDOWS\system32\config\SAM Object is locked skipped

E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\SECURITY Object is locked skipped

E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

E:\WINDOWS\system32\config\software Object is locked skipped

E:\WINDOWS\system32\config\software.LOG Object is locked skipped

E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\system Object is locked skipped

E:\WINDOWS\system32\config\system.LOG Object is locked skipped

E:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

E:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

E:\WINDOWS\system32\drivers\sptd8141.sys Object is locked skipped

E:\WINDOWS\system32\h323log.txt Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

E:\WINDOWS\Temp\Perflib_Perfdata_ec.dat Object is locked skipped

E:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

E:\WINDOWS\wiadebug.log Object is locked skipped

E:\WINDOWS\wiaservc.log Object is locked skipped

E:\WINDOWS\WindowsUpdate.log Object is locked skipped

K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

K:\System Volume Information\_restore{1F2D333E-EF67-4F44-814E-E46489AF0BDC}\RP1\change.log Object is locked skipped

L:\System Volume Information\_restore{1F2D333E-EF67-4F44-814E-E46489AF0BDC}\RP1\change.log Object is locked skipped

 

Scan process completed.

 

 

 

Merci

 

A++

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Bonjour udolfo !

 

Bien !

 

Voici ce que tu vas devoir faire maintenant :

Lancer HijackThis, (scan only ou scanner seulement) cocher les lignes suivantes si présentes:

 

O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - E:\WINDOWS\system32\gimwrpmq.dll (file missing)

O2 - BHO: (no name) - {CFAD7F8C-5491-48A1-A160-6AF2F6E8219A} - E:\WINDOWS\system32\gebyy.dll (file missing)

O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)

 

 

Fermer tous les programmes et navigateur, et Cliquer sur Fix Checked

 

Ensuite

E:\VundoFix Backups\ <= Vide le dossier !

 

Recommence l'opération ci dessous :

 

-Créer un point de restauration et supprimer les anciens !: (aide visuelle http://assiste.free.fr/p/comment/comment_a...tauration.html)

Cliquer avec le bouton droit sur l'icône Poste de travail, puis cliquer sur Propriétés.

Cliquer sur l'onglet «Restauration du système».

Sélectionner «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Cliquer sur Appliquer.

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, cliquer sur Oui.

Cliquer sur OK, redémarrer le PC. Faire l'opération inverse, et réactiver la restauration:un nouveau point sera automatiquement créé.

 

Et refais un scan en ligne

 

A plus.

udolfo Member

udolfo

Posté(e)
  • Auteur
Posté(e)

Yop

 

 

voila, voila

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Saturday, September 30, 2006 3:22:14 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 30/09/2006

Kaspersky Anti-Virus database records: 214493

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

K:\

L:\

 

Scan Statistics:

Total number of scanned objects: 145679

Number of viruses found: 3

Number of infected objects: 6 / 0

Number of suspicious objects: 0

Duration of the scan process: 01:14:20

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fd20a676afddc079bee95e6afcc5e9f_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cffe90875432d6d1e274c1c6bc09865_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88ce334c3cc67ce99df2b089e83f3259_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0baf4d2dde0c64df199794230129e1c_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bef6ec93e2a98f3b5cb3b0e4b9ca73fd_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf9a7481e236a90bca2d9d464552518b_9a40dc41-ada2-45f9-9f83-48bf24e6c450 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

E:\Documents and Settings\François\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\François\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Historique\History.IE5\MSHist012006093020061001\index.dat Object is locked skipped

E:\Documents and Settings\François\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\François\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\François\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\François\UserData\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

E:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\BWDocMap.pht Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\BWInfopakMap.pht Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chandir.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chandir.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chn.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\chn.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\D0000000.FCS Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\inuse.txt Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\L0000010.FCS Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\main.log Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_die.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_die.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_dnd.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_dnd.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_ext.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_ext.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_rcv.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\prs_rcv.idx Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\storydb.dat Object is locked skipped

E:\Program Files\Logitech\Desktop Messenger\8876480\Users\François\Data\storydb.idx Object is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{1F2D333E-EF67-4F44-814E-E46489AF0BDC}\RP2\change.log Object is locked skipped

E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

E:\WINDOWS\SchedLgU.Txt Object is locked skipped

E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

E:\WINDOWS\Sti_Trace.log Object is locked skipped

E:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\default Object is locked skipped

E:\WINDOWS\system32\config\default.LOG Object is locked skipped

E:\WINDOWS\system32\config\SAM Object is locked skipped

E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\SECURITY Object is locked skipped

E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

E:\WINDOWS\system32\config\software Object is locked skipped

E:\WINDOWS\system32\config\software.LOG Object is locked skipped

E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\system Object is locked skipped

E:\WINDOWS\system32\config\system.LOG Object is locked skipped

E:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

E:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

E:\WINDOWS\system32\drivers\sptd8141.sys Object is locked skipped

E:\WINDOWS\system32\h323log.txt Object is locked skipped

E:\WINDOWS\system32\ltwakrmw.dll Infected: Packed.Win32.Klone.k skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

E:\WINDOWS\Temp\Perflib_Perfdata_6c0.dat Object is locked skipped

E:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

E:\WINDOWS\wiadebug.log Object is locked skipped

E:\WINDOWS\wiaservc.log Object is locked skipped

E:\WINDOWS\WindowsUpdate.log Object is locked skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe/stream/data0006 Infected: Trojan.Win32.Krepper.ag skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe/stream/data0007/data0002 Infected: Trojan-Downloader.Win32.IstBar.er skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe/stream/data0007 Infected: Trojan-Downloader.Win32.IstBar.er skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe/stream Infected: Trojan-Downloader.Win32.IstBar.er skipped

F:\System Volume Information\_restore{AB4E6112-4A8C-4DE1-9F3C-BA8A15188F42}\RP338\A0070105.exe NSIS: infected - 4 skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

Scan process completed.

 

 

A++

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Bonjour udolfo !

 

Voici ce que tu vas faire STP

 

Maintenant il va falloir désenregistrer une DLL

Démarrer, Exécuter, et taper (ou copier/coller): regsvr32 /u E:\WINDOWS\system32\ltwakrmw.dll

et valider par Ok

 

Ensuite fais ceci

 

Clique sur démarrer/executer/

Copie/colle

Rentre le chemin indiqué en rouge E:\WINDOWS\system32\

Le dossier va s'ouvrir

Supprime le fichier indiqué en gras si présent:

ltwakrmw.dll(clique droit /supprimer)

 

Si tu n'arrive pas à le supprimer fais le en mode sans échec !

 

Ensuite refais ceci

 

 

-Créer un point de restauration et supprimer les anciens !: (aide visuelle http://assiste.free.fr/p/comment/comment_a...tauration.html)

Cliquer avec le bouton droit sur l'icône Poste de travail, puis cliquer sur Propriétés.

Cliquer sur l'onglet «Restauration du système».

Sélectionner «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Cliquer sur Appliquer.

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, cliquer sur Oui.

Cliquer sur OK, redémarrer le PC. Faire l'opération inverse, et réactiver la restauration:un nouveau point sera automatiquement créé.

 

Et refais un scan en ligne.

 

A plus.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...