[Résolu] Désinfection PC récalcitrante

[maxr397]

HijackThis.log

Logfile of HijackThis v1.99.1

Scan saved at 14:34:04, on 03/12/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\BitDefender8\bdmcon.exe

C:\Program Files\BitDefender8\bdoesrv.exe

C:\Program Files\BitDefender8\bdnagent.exe

C:\Program Files\D-Tools\daemon.exe

D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe

D:\Program Files\PCTV Remote\bin\winremote.exe

D:\Program Files\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\BitDefender8\vsserv.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

F:\install\programmation\Java\eclipse\eclipse.exe

C:\WINDOWS\system32\javaw.exe

D:\Program Files\Winamp3\Studio.exe

C:\Documents and Settings\Maxime\Bureau\desinfection\maxr397.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {345A3FC6-2C32-4DD4-9CF3-2B731774E6E0} - C:\WINDOWS\System32\pmnll.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {FF530897-0C76-45C4-AFFD-CE82709E80B0} - C:\WINDOWS\System32\jkhhi.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - D:\Program Files\Systran\4_0\Premium\IEPlugIn.dll

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe

O4 - HKLM\..\Run: [bDMCon] C:\Program Files\BitDefender8\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\BitDefender8\bdoesrv.exe

O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\BitDefender8\bdnagent.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - Startup: Raccourci vers winremote.lnk = D:\Program Files\PCTV Remote\bin\winremote.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163865510171

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: pHsockspy.dll sockspy.dll sockspy.dll

O20 - Winlogon Notify: jkhhi - C:\WINDOWS\System32\jkhhi.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender8\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

[bruce lee]

re,

 

a titre vérificatif:

 

1. Télécharge combofix.exe (par sUBs) sur ton Bureau

2. Double clique combofix.exe et suis les invites.

3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

 

Réexecute ensuite vundofix la meme manip que la premiere fois (pas celle avec add more files) poste aussi le rapport.

 

Enfin poste un nouveau log hijackthis.

[maxr397]

je post le premier rapport car vu la longueur je pense pas que tout tienne dans le meme post

combofix.txt :

Maxime - 06-12-03 14:52:29,75 Service Pack 1

ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Maxime\Bureau"

 

((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))

 

 

2006-12-03 14:51 360 --a------ C:\Combo.bat

2006-11-19 12:42 <REP> d--h----- C:\WINDOWS\$hf_mig$

2006-11-19 12:42 <REP> d--h----- C:\WINDOWS\$hf_mig$

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-12-03 14:45 -------- d-------- C:\Program Files\BitDefender8

2006-11-30 12:55 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-11-29 20:54 -------- d-------- C:\Program Files\Fichiers communs

2006-11-29 20:21 -------- d-------- C:\Documents and Settings\Maxime\Application Data\Azureus

2006-11-18 16:59 -------- d--h----- C:\Program Files\WindowsUpdate

2006-11-16 17:11 -------- d---s---- C:\Documents and Settings\Maxime\Application Data\Microsoft

2006-11-13 13:28 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared

2006-11-06 00:15 -------- d-------- C:\Program Files\MSN Messenger

2006-11-05 23:57 -------- d-------- C:\Program Files\Messenger

2006-10-27 17:52 -------- d-------- C:\Program Files\NetMeeting

2006-10-27 16:48 58 --a------ C:\WINDOWS\sysdat.dll

2006-10-27 16:37 -------- d-------- C:\Program Files\directx

2006-10-27 16:36 -------- d-------- C:\Program Files\Creative

2006-10-26 19:10 -------- d-------- C:\Program Files\Windows Media Player

2006-10-26 19:08 -------- d-------- C:\Program Files\Internet Explorer

2006-10-26 19:07 -------- d-------- C:\Program Files\D-Tools

2006-10-25 00:43 -------- d-------- C:\Program Files\HardwareDetection

2006-10-23 17:21 -------- d-------- C:\Documents and Settings\Maxime\Application Data\Lavasoft

2006-10-23 00:37 -------- d-------- C:\Documents and Settings\Maxime\Application Data\Sun

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvusmb.exe

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvunrm.exe

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvudisp.exe

2006-10-22 12:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll

2006-10-22 12:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll

2006-10-22 12:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll

2006-10-22 12:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe

2006-10-22 12:22 7700480 --a------ C:\WINDOWS\system32\nvcpl.dll

2006-10-22 12:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll

2006-10-22 12:22 5644288 --a------ C:\WINDOWS\system32\nvoglnt.dll

2006-10-22 12:22 5619712 --a------ C:\WINDOWS\system32\nvdisps.dll

2006-10-22 12:22 5255168 --a------ C:\WINDOWS\system32\nvdispsr.dll

2006-10-22 12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll

2006-10-22 12:22 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll

2006-10-22 12:22 4527488 --a------ C:\WINDOWS\system32\nv4_disp.dll

2006-10-22 12:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll

2006-10-22 12:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe

2006-10-22 12:22 425984 --a------ C:\WINDOWS\system32\keystone.exe

2006-10-22 12:22 3994624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys

2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll

2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll

2006-10-22 12:22 335872 --a------ C:\WINDOWS\system32\nvwrses.dll

2006-10-22 12:22 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll

2006-10-22 12:22 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll

2006-10-22 12:22 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll

2006-10-22 12:22 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll

2006-10-22 12:22 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll

2006-10-22 12:22 323584 --a------ C:\WINDOWS\system32\nvrshe.dll

2006-10-22 12:22 323584 --a------ C:\WINDOWS\system32\nvrsar.dll

2006-10-22 12:22 3203072 --a------ C:\WINDOWS\system32\nvgamesr.dll

2006-10-22 12:22 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll

2006-10-22 12:22 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll

2006-10-22 12:22 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll

2006-10-22 12:22 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll

2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll

2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll

2006-10-22 12:22 3047424 --a------ C:\WINDOWS\system32\nvgames.dll

2006-10-22 12:22 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll

2006-10-22 12:22 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll

2006-10-22 12:22 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll

2006-10-22 12:22 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll

2006-10-22 12:22 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll

2006-10-22 12:22 2973696 --a------ C:\WINDOWS\system32\nvvitvsr.dll

2006-10-22 12:22 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll

2006-10-22 12:22 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll

2006-10-22 12:22 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll

2006-10-22 12:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll

2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll

2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll

2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll

2006-10-22 12:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll

2006-10-22 12:22 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll

2006-10-22 12:22 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll

2006-10-22 12:22 278528 --a------ C:\WINDOWS\system32\nvrsfr.dll

2006-10-22 12:22 274432 --a------ C:\WINDOWS\system32\nvrsit.dll

2006-10-22 12:22 274432 --a------ C:\WINDOWS\system32\nvrses.dll

2006-10-22 12:22 274432 --a------ C:\WINDOWS\system32\nvrsel.dll

2006-10-22 12:22 270336 --a------ C:\WINDOWS\system32\nvrsde.dll

2006-10-22 12:22 266240 --a------ C:\WINDOWS\system32\nvrspt.dll

2006-10-22 12:22 266240 --a------ C:\WINDOWS\system32\nvrsnl.dll

2006-10-22 12:22 266240 --a------ C:\WINDOWS\system32\nvrsesm.dll

2006-10-22 12:22 262144 --a------ C:\WINDOWS\system32\nvrsru.dll

2006-10-22 12:22 262144 --a------ C:\WINDOWS\system32\nvrsptb.dll

2006-10-22 12:22 262144 --a------ C:\WINDOWS\system32\nvrsja.dll

2006-10-22 12:22 258048 --a------ C:\WINDOWS\system32\nvrsko.dll

2006-10-22 12:22 253952 --a------ C:\WINDOWS\system32\nvrshu.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrstr.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrssl.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrssk.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrspl.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrsno.dll

2006-10-22 12:22 245760 --a------ C:\WINDOWS\system32\nvrssv.dll

2006-10-22 12:22 245760 --a------ C:\WINDOWS\system32\nvrsda.dll

2006-10-22 12:22 241664 --a------ C:\WINDOWS\system32\nvrsfi.dll

2006-10-22 12:22 241664 --a------ C:\WINDOWS\system32\nvrseng.dll

2006-10-22 12:22 241664 --a------ C:\WINDOWS\system32\nvrscs.dll

2006-10-22 12:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll

2006-10-22 12:22 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll

2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll

2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvapi.dll

2006-10-22 12:22 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll

2006-10-22 12:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll

2006-10-22 12:22 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll

2006-10-22 12:22 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll

2006-10-22 12:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll

2006-10-22 12:22 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll

2006-10-22 12:22 1622016 --a------ C:\WINDOWS\system32\nwiz.exe

2006-10-22 12:22 159810 --a------ C:\WINDOWS\system32\nvsvc32.exe

2006-10-22 12:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe

2006-10-22 12:22 1470464 --a------ C:\WINDOWS\system32\nview.dll

2006-10-22 12:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe

2006-10-22 12:22 1236992 --a------ C:\WINDOWS\system32\nvwss.dll

2006-10-22 12:22 118784 --a------ C:\WINDOWS\system32\nvrszht.dll

2006-10-22 12:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll

2006-10-22 12:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll

2006-10-21 12:49 -------- d-------- C:\Documents and Settings\Maxime\Application Data\Google

2006-10-20 21:14 -------- d-------- C:\Program Files\Free

2006-10-19 16:25 120 --a------ C:\WINDOWS\system32\hvtxjaj.bat

2006-10-19 15:54 61440 --a------ C:\WINDOWS\system32\sockspy.dll

2006-10-17 19:53 -------- d-------- C:\Documents and Settings\Maxime\Application Data\Talkback

2006-10-17 19:53 -------- d-------- C:\Documents and Settings\Maxime\Application Data\Mozilla

2006-10-02 18:59 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2006-09-03 18:14 30 --a------ C:\copy.bat

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"NVRaidService"="C:\\WINDOWS\\System32\\nvraidservice.exe"

"BDMCon"="C:\\Program Files\\BitDefender8\\bdmcon.exe"

"BDOESRV"="C:\\Program Files\\BitDefender8\\bdoesrv.exe"

"BDNewsAgent"="\"C:\\Program Files\\BitDefender8\\bdnagent.exe\""

"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"

"!AVG Anti-Spyware"="\"D:\\Program Files\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000001

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,a9,01,00,00,00,00,00,00,57,03,00,00,e2,03,00,00,00,\

00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\

00,00,04,00,00,40

"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\

00,00,01,00,00,00

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=hex:91,00,00,00

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk"

"backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup"

"location"="Common Startup"

"command"="D:\\PROGRA~1\\ACROBA~1.0\\Reader\\READER~1.EXE "

"item"="Lancement rapide d'Adobe Reader"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Logitech SetPoint.lnk"

"backup"="C:\\WINDOWS\\pss\\Logitech SetPoint.lnkCommon Startup"

"location"="Common Startup"

"command"="D:\\PROGRA~1\\Logitech\\SetPoint\\SetPoint.exe "

"item"="Logitech SetPoint"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"

"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"

"location"="Common Startup"

"command"="D:\\PROGRA~1\\MICROS~1\\Office\\OSA9.EXE -b -l"

"item"="Microsoft Office"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Scheduler.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Pinnacle Scheduler.lnk"

"backup"="C:\\WINDOWS\\pss\\Pinnacle Scheduler.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Pinnacle\\SHARED~1\\Programs\\SCHEDU~1\\PCLESC~1.EXE "

"item"="Pinnacle Scheduler"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKLM"

"command"=""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WZCSLDR2"

"hkey"="HKLM"

"command"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BootSkin"

"hkey"="HKLM"

"command"="\"C:\\PROGRA~1\\BootSkin\\BootSkin.exe\" /StartupJobs"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CloneCDTray"

"hkey"="HKLM"

"command"="\"D:\\Program Files\\CloneCD\\CloneCDTray.exe\" /s"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AirGCFG"

"hkey"="HKLM"

"command"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="dumprep 0 -k"

"hkey"="HKLM"

"command"="%systemroot%\\system32\\dumprep 0 -k"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="KHALMNPR"

"hkey"="HKLM"

"command"="KHALMNPR.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Security Monitor Process]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mssmp"

"hkey"="HKLM"

"command"="mssmp.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NvCpl"

"hkey"="HKLM"

"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NvMcTray"

"hkey"="HKLM"

"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="nwiz"

"hkey"="HKLM"

"command"="nwiz.exe /install"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SOUNDMAN"

"hkey"="HKLM"

"command"="SOUNDMAN.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="jusched"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="gain_trickler_3202"

"hkey"="HKLM"

"command"="\"d:\\program files\\divx\\divx pro codec\\gain_trickler_3202.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Logon Application]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="logon"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\System32\\logon.exe"

"inimapping"="0"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhi

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

Completion time: 06-12-03 14:53:03.60

C:\ComboFix.txt ... 06-12-03 14:53

[maxr397]

Voivi le reste :

 

VundoFix.txt :

VundoFix V6.2.13

 

Checking Java version...

 

Java version is 1.5.0.9

 

Scan started at 14:57:05 03/12/2006

 

Listing files found while scanning....

 

C:\WINDOWS\System32\jkhhi.dll

C:\WINDOWS\System32\ihhkj.ini

C:\WINDOWS\System32\ihhkj.bak1

C:\WINDOWS\System32\ihhkj.bak2

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\System32\jkhhi.dll

C:\WINDOWS\System32\jkhhi.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\System32\ihhkj.ini

C:\WINDOWS\System32\ihhkj.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\System32\ihhkj.bak1

C:\WINDOWS\System32\ihhkj.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\System32\ihhkj.bak2

C:\WINDOWS\System32\ihhkj.bak2 Has been deleted!

 

Performing Repairs to the registry.

Done!

 

HijackThis.log :

Logfile of HijackThis v1.99.1

Scan saved at 15:04:55, on 03/12/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\BitDefender8\bdmcon.exe

C:\Program Files\BitDefender8\bdoesrv.exe

C:\Program Files\BitDefender8\bdnagent.exe

C:\Program Files\D-Tools\daemon.exe

D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe

D:\Program Files\PCTV Remote\bin\winremote.exe

D:\Program Files\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\BitDefender8\vsserv.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\cmd.exe

C:\Documents and Settings\Maxime\Bureau\desinfection\maxr397.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {345A3FC6-2C32-4DD4-9CF3-2B731774E6E0} - C:\WINDOWS\System32\pmnll.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {FF530897-0C76-45C4-AFFD-CE82709E80B0} - C:\WINDOWS\System32\jkhhi.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - D:\Program Files\Systran\4_0\Premium\IEPlugIn.dll

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe

O4 - HKLM\..\Run: [bDMCon] C:\Program Files\BitDefender8\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\BitDefender8\bdoesrv.exe

O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\BitDefender8\bdnagent.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - Startup: Raccourci vers winremote.lnk = D:\Program Files\PCTV Remote\bin\winremote.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163865510171

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: pHsockspy.dll sockspy.dll sockspy.dll sockspy.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender8\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

[bruce lee]

bonjour maxr397,

 

Ton rapport hijackthis est clean . On avance

 

Tu ne m'as pas dit as tu toujours des alertes de bit defender?

 

 

Le rapport de combofix revele des fichiers assez louche ainsi qu'un programme néfaste qui est divx/divx pro codec supprime le via ajouts/suppressions de programmes.

 

fais analyser ces trois fichiers:

 

C:\WINDOWS\sysdat.dll

C:\WINDOWS\system32\hvtxjaj.bat

C:\WINDOWS\System32\logon.exe

 

chez JOTTI http://virusscan.jotti.org/

 

Poste le résultat pour chacun d'eux.

 

Courage

[maxr397]

une bonne chose de faite pour le rapport hijackthis.

j'ai toujours des alertes bitdefender : notamment sur c:\windows\system32\o infecté par Generic.Botget.6D61DBCD

et j'ai toujours ftp.exe qui veut se connecter à internet (que j'empeche).

 

pour les 3 fichiers :

 

File: sysdat.dll

Status: OK

 

File: hvtxjaj.bat

Status: OK

 

et pour C:\WINDOWS\System32\logon.exe : The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

 

je vais faire la manip que tu m'as indiqué pour faire un fichier cab.

Modifié le 3 décembre 2006 par maxr397

[bruce lee]

re,

 

et pour C:\WINDOWS\System32\logon.exe : The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

 

encore une fois bonne initative

 

Je viens de faire d'autres recherche et apparement ca serait une de tes bestioles ( un Rbot )

Modifié le 3 décembre 2006 par bruce lee

[maxr397]

j'ai donc "mis" le fichier ds un cab et scannée ce cab mais l'analyse n'a rien révélé ...

bizarre par rapport à ce que tu as trouvé.

[bruce lee]

salut maxr397,

 

Effectivement c'est louche

 

 

-Étape 1:

Télécharge eScan Antivirus Toolkit http://www.spywareinfo.dk/download/mwav.exe. Sauvegarde-le sur ton Bureau.

Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.

 

Étape 2:

Voici comment mettre l'outil à jour :

 

1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau; dézippe les fichiers dans le nouveau dossier suggéré (Kaspersky) situé à la racine du lecteur C:\ (C:\Kaspersky.). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").

 

2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

 

3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue"; tape sur une clé pour continuer.

 

Ne pas lancer le scan tout de suite !

 

 

Étape 3:

Du mode Sans Échec, voici comment utiliser le programme eScan Antivirus Toolkit:

 

1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky

 

2.) Double-clique sur mwavscan.com; l'interface d'eScan va apparaître à l'écran.

 

3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.

 

4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.

 

5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.

 

6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !

 

7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.

 

Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.

[maxr397]

wahou et ben dit donc je pensais pas qu'il y avait autant de monde dans mon PC ! ! Je vais bientot pouvoir ouvrir un élevage ...

 

File C:\PROGRA~1\BITDEF~1\REGSPY.SYS tagged as not-a-virus:Monitor.Win32.PCAcme.61. No Action Taken.

File C:\WINDOWS\System32\iexplore.exe infected by "Trojan-Dropper.Win32.Pakes" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\swza.exe infected by "Trojan-Dropper.Win32.Pakes" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\winamp.exe infected by "Trojan-Dropper.Win32.Pakes" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\winsecure.exe infected by "Backdoor.Win32.Rbot.bny" Virus. Action Taken: File Renamed.

File C:\Program Files\BitDefender8\Quarantine\.exe infected by "Backdoor.Win32.Rbot.bni" Virus. Action Taken: File Renamed.

File C:\Program Files\BitDefender8\regspy.sys tagged as not-a-virus:Monitor.Win32.PCAcme.61. No Action Taken.

File C:\SDFix\backups\backups.zip infected by "Trojan-Dropper.Win32.Pakes" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{7450D2BB-2CFF-474A-A7B2-2E834D42E6FA}\RP21\A0007693.exe infected by "Packed.Win32.Klone.j" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{7450D2BB-2CFF-474A-A7B2-2E834D42E6FA}\RP21\A0007694.exe infected by "Backdoor.Win32.IRCBot.ul" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{7450D2BB-2CFF-474A-A7B2-2E834D42E6FA}\RP21\A0007695.exe infected by "Backdoor.Win32.Rbot.bnz" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{7450D2BB-2CFF-474A-A7B2-2E834D42E6FA}\RP21\A0007696.exe infected by "Backdoor.Win32.IRCBot.ul" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{7450D2BB-2CFF-474A-A7B2-2E834D42E6FA}\RP21\A0007697.exe infected by "Backdoor.Win32.IRCBot.xv" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{7450D2BB-2CFF-474A-A7B2-2E834D42E6FA}\RP21\A0007698.exe infected by "Backdoor.Win32.Rbot.bnz" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{7450D2BB-2CFF-474A-A7B2-2E834D42E6FA}\RP21\A0007699.exe infected by "Backdoor.Win32.IRCBot.xv" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{7450D2BB-2CFF-474A-A7B2-2E834D42E6FA}\RP21\A0007700.exe infected by "Backdoor.Win32.IRCBot.xv" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{7450D2BB-2CFF-474A-A7B2-2E834D42E6FA}\RP21\A0007701.exe infected by "Backdoor.Win32.Rbot.bnz" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{7450D2BB-2CFF-474A-A7B2-2E834D42E6FA}\RP21\A0007702.exe infected by "Backdoor.Win32.IRCBot.xv" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0037577.vbs infected by "Trojan-Downloader.VBS.Small.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0038579.vbs infected by "Trojan-Downloader.VBS.Small.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0038584.vbs infected by "Trojan-Downloader.VBS.Small.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0038595.exe infected by "Backdoor.Win32.IRCBot.ul" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0039606.vbs infected by "Trojan-Downloader.VBS.Small.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0041606.vbs infected by "Trojan-Downloader.VBS.Small.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0047684.vbs infected by "Trojan-Downloader.VBS.Small.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0049719.exe infected by "Trojan-Dropper.Win32.Pakes" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0049752.vbs infected by "Trojan-Downloader.VBS.Small.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0050809.exe infected by "Backdoor.Win32.VanBot.al" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0052820.vbs infected by "Trojan-Downloader.VBS.Small.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0052833.exe infected by "Backdoor.Win32.Rbot.bni" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0054833.vbs infected by "Trojan-Downloader.VBS.Small.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0055872.vbs infected by "Trojan-Downloader.VBS.Small.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0055875.vbs infected by "Trojan-Downloader.VBS.Small.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP10\A0056874.exe infected by "Backdoor.Win32.SdBot.avh" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP11\A0056885.exe infected by "Backdoor.Win32.Rbot.bni" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP11\A0057888.vbs infected by "Trojan-Downloader.VBS.Small.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP11\A0057911.exe infected by "Backdoor.Win32.Rbot.bni" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP11\A0059952.vbs infected by "Trojan-Downloader.VBS.Small.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP11\A0068010.exe infected by "Backdoor.Win32.Rbot.bni" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP11\A0068011.exe infected by "Backdoor.Win32.Rbot.bni" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP12\A0068049.exe infected by "Backdoor.Win32.Rbot.bni" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP12\A0071038.exe infected by "Trojan-Dropper.Win32.Pakes" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP12\A0071039.exe infected by "Trojan-Dropper.Win32.Pakes" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP12\A0071040.exe infected by "Trojan-Dropper.Win32.Pakes" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP12\A0071041.exe infected by "Backdoor.Win32.Rbot.bny" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{F1920591-F463-49F6-8516-70B97323AB8A}\RP12\A0071042.exe infected by "Backdoor.Win32.Rbot.bni" Virus. Action Taken: File Renamed.

 

Bon j'ai donc désactiver puis réactiver la restauration systeme. (ca fera toujours ca de moins)

Pour le reste j'attend tes consignes.