Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

tr/Vundo gen, je commence a pt un cable!

abousimbel

Par abousimbel
dans Analyses et éradication malwares

 Partager

Messages recommandés

abousimbel Junior Member

abousimbel

Posté(e)
Posté(e)

HEllo la communaut, je suis a cairns en australie et g acheter un laptop acer, je vis actuellement en colloc ettout le monde utilise mon pc a toutes heures de la journee et de la nuit, recemment antivir me sort ce TRvundo gen rien a faire il veut pas se mettre en 40aine ou effacer quoi que ce soit, voici le log hijack this en esperant que vous pourrez m aider.

 

cheerz!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:30:36 PM, on 26/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe

C:\PROGRA~1\Grisoft\AVG7\avgwb.dat

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinAce\WinAce.exe

C:\DOCUME~1\user\LOCALS~1\Temp\~AceTemp\HiJackThis\HijackThis.exe

 

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?7257e19835c84f339476edd6bca5e60e

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?7257e19835c84f339476edd6bca5e60e

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://bartcoreinternational.spaces.live.c...ad/MsnPUpld.cab

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 9190 bytes

 

 

et joyeuses fetes!

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut & bienvenue :P

 

je vis actuellement en colloc ettout le monde utilise mon pc a toutes heures de la journee et de la nuit,

C'est là le problème abousimbel... il faut sensibiliser tes colocs aux problèmes liés à la sécurité informatique!

Même avec un très bon antivirus comme Antivir, le pc sera toujours exposé à l'infection si ils ne sont pas prudents lors de leurs surfs et dans les téléchargements effectués...

Télécharge et lance DiagHelp comme montré dans ce tutoriel> http://www.malekal.com/DiagHelp/DiagHelp.php

Ne lance que l'option 1 et poste le rapport stp.

Notes: lors du scan, une fenêtre "Sysinternals Software Licence Terms" va s'ouvrir > clique sur Agree

Tu va certainement reçevoir une alerte du parefeu te demandant si tu acceptes que le processus sigcheck.exe puisse se connecter à internet > accepte.

A la fin du scan tu sera dirigé vers la page de l'auteur afin d'expédier le fichier c:\upload_moi_xxxxx.zip

Envoie le fichier stp : si tu reçois un message d'erreur ferme simplement la page internet et clique sur la touche [Enter]

pour obtenir le rapport. S'il ne s'affiche pas, tu le trouvera dans le répertoire C:\ > il se nomme resultat.txt

 

Si tu as un rapport Antivir, je veux bien le voir :P

abousimbel Junior Member

abousimbel

Posté(e)
  • Auteur
Posté(e)

hello mr ingalls!

 

Merci de m aider avec tout ce processus, je viens de rentrer du boulot et je viens de runner le diaghelp. cela m a cree une icone zip dans mon repertoire C:/ avec dedans une douzaine de fichier avec notamment le file vturo.dll qui est a l origine, je pense du tr/vundo gen. Pensez vous que je dois effacer ces fichiers?

 

 

 

je sais quelle conduite adopter avec le web mais les collocs s en battent, sites de cul, telechargement a bloc, streaming, je bosse je peux rien y faire, enfin bon va falloir hausser la voix une fois de plus!

 

merci pour toute votre aide,

 

en tout cas voici le rapport txt du diag help.

 

 

DiagHelp version v1.4 - http://www.malekal.com

excute le Thu 27/12/2007 à 17:09:04.70

 

 

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\WINDOWS\prefetch\WGATRAY.EXE-350D4455.pf -->27/12/2007 5:08:06 PM

C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf -->27/12/2007 5:07:52 PM

C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf -->27/12/2007 5:07:48 PM

C:\WINDOWS\prefetch\UNSECAPP.EXE-16EB9856.pf -->27/12/2007 5:07:30 PM

C:\WINDOWS\prefetch\RTKBTMNT.EXE-37625A75.pf -->27/12/2007 5:07:22 PM

C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf -->27/12/2007 5:07:20 PM

C:\WINDOWS\prefetch\ALG.EXE-275708CF.pf -->27/12/2007 5:07:20 PM

C:\WINDOWS\prefetch\IMAPI.EXE-201490BB.pf -->27/12/2007 5:07:18 PM

C:\WINDOWS\prefetch\REGSVR32.EXE-396DEA2C.pf -->27/12/2007 5:07:18 PM

C:\WINDOWS\prefetch\VOIPBUSTER.EXE-3AA96DDC.pf -->27/12/2007 5:07:18 PM

 

C:\WINDOWS\System32\drivers\avipbb.sys -->25/12/2007 9:52:12 AM

C:\WINDOWS\System32\drivers\avgmfx86.sys -->21/12/2007 10:15:20 AM

C:\WINDOWS\System32\drivers\avgclean.sys -->21/12/2007 10:15:20 AM

C:\WINDOWS\System32\drivers\tmcomm.sys -->13/11/2007 9:13:56 PM

C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 8:25:54 PM

C:\WINDOWS\System32\drivers\avg7core.sys -->26/10/2007 8:10:54 AM

C:\WINDOWS\System32\drivers\ithsgt.sys -->23/10/2007 5:20:50 PM

 

C:\WINDOWS\System32\orutv.ini -->27/12/2007 5:09:08 PM

C:\WINDOWS\System32\orutv.ini2 -->27/12/2007 5:09:00 PM

C:\WINDOWS\System32\wpa.dbl -->27/12/2007 5:08:04 PM

C:\WINDOWS\System32\eRLog.ini -->27/12/2007 5:07:08 PM

C:\WINDOWS\System32\nvapps.xml -->27/12/2007 5:06:20 PM

C:\WINDOWS\System32\CONFIG.NT -->26/12/2007 4:49:58 PM

C:\WINDOWS\System32\vturo.dll -->25/12/2007 9:39:26 AM

C:\WINDOWS\System32\mnnmp.ini -->24/12/2007 8:07:20 AM

C:\WINDOWS\System32\mnnmp.ini2 -->24/12/2007 8:07:06 AM

C:\WINDOWS\System32\320d0a2f -->22/12/2007 5:06:08 PM

C:\WINDOWS\System32\tmp.txt -->16/12/2007 4:47:38 PM

C:\WINDOWS\System32\tmp.reg -->16/12/2007 4:47:38 PM

C:\WINDOWS\System32\TZLog.log -->12/12/2007 4:28:50 PM

C:\WINDOWS\System32\MRT.exe -->3/12/2007 9:00:06 AM

C:\WINDOWS\System32\jscript.dll -->14/11/2007 5:26:56 PM

C:\WINDOWS\System32\tzchange.exe -->13/11/2007 9:31:12 PM

C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->13/11/2007 7:09:12 PM

C:\WINDOWS\System32\mshtml.dll -->30/10/2007 8:16:34 PM

C:\WINDOWS\System32\quartz.dll -->30/10/2007 8:43:04 AM

C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 8:26:54 PM

C:\WINDOWS\System32\wmasf.dll -->27/10/2007 5:40:30 PM

C:\WINDOWS\System32\shell32.dll -->26/10/2007 1:36:52 PM

C:\WINDOWS\System32\CmdLineExt.dll -->23/10/2007 5:02:52 PM

C:\WINDOWS\System32\pngfilt.dll -->11/10/2007 4:13:46 PM

C:\WINDOWS\System32\shdocvw.dll -->11/10/2007 4:13:46 PM

 

C:\WINDOWS\setupapi.log -->27/12/2007 5:07:30 PM

C:\WINDOWS\win.ini -->27/12/2007 5:07:20 PM

C:\WINDOWS.log -->27/12/2007 5:07:02 PM

C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt -->27/12/2007 5:07:00 PM

C:\WINDOWS\wiadebug.log -->27/12/2007 5:06:56 PM

C:\WINDOWS\bootstat.dat -->27/12/2007 5:05:34 PM

C:\WINDOWS\SchedLgU.Txt -->27/12/2007 9:36:40 AM

C:\WINDOWS\bthservsdp.dat -->27/12/2007 9:36:36 AM

C:\WINDOWS\wiaservc.log -->27/12/2007 9:36:36 AM

C:\WINDOWS\EventSystem.log -->27/12/2007 9:34:00 AM

C:\WINDOWS\WindowsUpdate.log -->27/12/2007 8:50:50 AM

C:\WINDOWS\system.ini -->26/12/2007 6:59:44 PM

C:\WINDOWS\ntbtlog.txt -->26/12/2007 6:52:48 PM

C:\WINDOWS\mozver.dat -->20/11/2007 8:48:32 AM

C:\WINDOWS\nsreg.dat -->19/11/2007 5:47:44 PM

 

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Signed

ndis.sys

Verified: Signed

null.sys

Verified: Signed

 

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

EXPLORER.EXE pid: 1900

Command line: C:\WINDOWS\Explorer.EXE

 

Base Size Version Path

0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll

0x10000000 0x9b000 C:\WINDOWS\system32\vturo.dll

0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x7d1e0000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll

0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll

0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll

0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll

0x02170000 0x7000 1.00.0000.0001 C:\WINDOWS\system32\MSNChatHook.dll

0x02200000 0xe000 1.20.0000.0001 C:\WINDOWS\system32\sysenv.dll

0x7c250000 0x102000 7.10.3077.0000 C:\WINDOWS\system32\MFC71U.DLL

0x022a0000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll

0x01db0000 0x8000 0.09.0007.0003 C:\Acer\Empowering Technology\ePower\SysHook.dll

0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL

0x00c20000 0x10000 8.00.0000.0456 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll

0x027d0000 0x5b000 8.01.0000.0000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

0x746c0000 0x27000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll

0x41f00000 0x7000 1.01.0000.3917 C:\WINDOWS\system32\asfsipc.dll

0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL

0x74ea0000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

WINLOGON.EXE pid: 696

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe

0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll

0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x20000000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x01280000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll

0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

 

 

Volume in drive C is ACER

Volume Serial Number is 320D-180E

 

Directory of C:\WINDOWS\system

 

25/12/1998 08:15 AM 345,983 RCDsetup.exe

1 File(s) 345,983 bytes

0 Dir(s) 32,221,495,296 bytes free

Volume in drive C is ACER

Volume Serial Number is 320D-180E

 

Directory of C:\WINDOWS\system32

 

04/08/2004 05:00 AM 6,144 csrss.exe

1 File(s) 6,144 bytes

0 Dir(s) 32,221,495,296 bytes free

 

Contenu de Downloaded Program Files

Volume in drive C is ACER

Volume Serial Number is 320D-180E

 

Directory of C:\WINDOWS\Downloaded Program Files

 

01/10/2006 03:09 AM <DIR> .

01/10/2006 03:09 AM <DIR> ..

22/08/2006 11:58 PM 65 desktop.ini

26/03/2007 04:46 PM 5,085 swflash.inf

22/09/2004 03:59 PM 110,592 PURen-us.dll

15/10/2004 07:59 AM 110,592 PURfr-xx.dll

16/06/2004 06:02 AM 323,584 isusweb.dll

25/07/2002 06:13 PM 196,608 dwusplay.exe

25/07/2002 06:13 PM 24,576 dwusplay.dll

18/09/2007 09:07 PM <DIR> CONFLICT.1

02/08/2006 11:20 AM 43,016 mhLbl.dll

20/06/2006 03:44 PM 379,704 MsnPUpld.dll

19/06/2006 02:40 PM 393 MsnPUpld.inf

09/01/2007 08:30 AM 110,592 PURfr-fr.dll

15/10/2007 10:02 AM 465,472 wlscBase.dll

15/10/2007 10:11 AM 320 wlscBase.inf

25/11/2007 11:43 PM 2,663,944 ImageUploader4.1.ocx

25/11/2007 11:43 PM 351 ImageUploader4.1.inf

31/05/2006 04:15 AM 10 oscan81.ocx_x

14/03/2005 02:38 PM 126 live.ini

14/03/2005 02:58 PM 7,073 scanoptions.tsi

16/03/2005 12:34 PM 7,407 lang.ini

25/05/2006 01:21 AM 53,248 ipsupd.dll

25/05/2006 01:21 AM 118,784 bdupd.dll

07/12/2004 05:07 PM 32 libfn.dll

07/12/2004 05:07 PM 32 bdcore.dll

01/06/2006 02:54 AM 471,040 oscan8.ocx

01/06/2006 02:57 AM 1,331 oscan8.inf

25 File(s) 5,093,977 bytes

 

Directory of C:\WINDOWS\Downloaded Program Files\CONFLICT.1

 

18/09/2007 09:07 PM <DIR> .

18/09/2007 09:07 PM <DIR> ..

02/08/2007 11:31 AM 67,456 PURen-us.dll

02/08/2007 11:31 AM 360,320 MsnPUpld.dll

02/08/2007 03:47 PM 569 MSNPUpld.inf

06/08/2007 12:10 PM 68,992 PURfr-fr.dll

4 File(s) 497,337 bytes

 

Total Files Listed:

29 File(s) 5,591,314 bytes

5 Dir(s) 32,221,495,296 bytes free

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

 

Export des clefs sensibles..

 

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\\civcity rome\\CivCity Rome.exe"="D:\\civcity rome\\CivCity Rome.exe:*:Enabled:CivCity Rome"

"D:\\Gamez\\civcity rome\\CivCity Rome.exe"="D:\\Gamez\\civcity rome\\CivCity Rome.exe:*:Enabled:CivCity Rome"

"C:\\Documents and Settings\\USER\\My Documents\\VideoPak2.exe"="C:\\Documents and Settings\\USER\\My Documents\\VideoPak2.exe:*:Enabled:STOIK Video Converter"

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"D:\\downloadlimewire\\LimeWire\\LimeWire.exe"="D:\\downloadlimewire\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"

"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"

"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"

"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"

"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"

"E:\\Half-Life 2\\hl2.exe"="E:\\Half-Life 2\\hl2.exe:*:Enabled:hl2"

"D:\\Age of Empires\\empires2.exe"="D:\\Age of Empires\\empires2.exe:*:Enabled:Age of Empires II"

"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"

"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

 

 

 

exports des policies

REGEDIT4

 

[system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

 

 

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-27 17:10:32

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

IPC error: 2 The system cannot find the file specified.

scan completed successfully

hidden services: 0

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

4 - System

200 - NVSVC32.EXE

208 - SPOOLSV.EXE

276 - ADMSERV.EXE

312 - AVGUARD.EXE

344 - MSNMSGR.EXE

528 - AVGCC.EXE

540 - AVGNT.EXE

548 - MONITOR.EXE

556 - EPOWER_DMC.EXE

608 - EDSLOADER.EXE

668 - CSRSS.EXE

696 - WINLOGON.EXE

740 - SERVICES.EXE

752 - LSASS.EXE

884 - ADMTRAY.EXE

924 - SVCHOST.EXE

948 - SYNTPENH.EXE

1016 - SVCHOST.EXE

1068 - SVCHOST.EXE

1148 - EVTENG.EXE

1196 - S24EVMON.EXE

1240 - SVCHOST.EXE

1324 - RTHDCPL.EXE

1336 - SVCHOST.EXE

1424 - SVCHOST.EXE

1524 - RUNDLL32.EXE

1540 - SCHED.EXE

1584 - AVGAMSVR.EXE

1604 - AAWSERVICE.EXE

1676 - LMANAGER.EXE

1732 - ISSCH.EXE

1860 - READER_SL.EXE

1880 - AVGEMC.EXE

1900 - EXPLORER.EXE

2124 - SVCHOST.EXE

3056 - ALG.EXE

3092 - WMIPRVSE.EXE

3256 - RtkBtMnt.exe

3316 - cmd.exe

3492 - IEXPLORE.EXE

3508 - WUAUCLT.EXE

3588 - WMIPRVSE.EXE

4192 - livecall.exe

 

Total number of processes = 44

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D7000 - \WINDOWS\system32\ntkrnlpa.exe

806E2000 - \WINDOWS\system32\hal.dll

F7A52000 - \WINDOWS\system32\KDCOM.DLL

F7962000 - \WINDOWS\system32\BOOTVID.dll

F7369000 - sptd.sys

F7A54000 - \WINDOWS\System32\Drivers\WMILIB.SYS

F7351000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS

F7323000 - ACPI.sys

F7312000 - pci.sys

F7552000 - ohci1394.sys

F7562000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS

F7572000 - isapnp.sys

F7966000 - compbatt.sys

F796A000 - \WINDOWS\system32\DRIVERS\BATTC.SYS

F7B1A000 - pciide.sys

F77D2000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

F7582000 - MountMgr.sys

F72D5000 - ftdisk.sys

F796E000 - ACPIEC.sys

F7B1B000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

F77DA000 - PartMgr.sys

F7972000 - UBHelper.sys

F7592000 - VolSnap.sys

F72BD000 - atapi.sys

F75A2000 - disk.sys

F75B2000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

F729D000 - fltMgr.sys

F728B000 - sr.sys

F7268000 - Fastfat.sys

F7251000 - KSecDD.sys

F7224000 - NDIS.sys

F7209000 - Mup.sys

F75D2000 - \SystemRoot\system32\DRIVERS\intelppm.sys

F7A2A000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys

F6D84000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys

F6D70000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

F6D4B000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys

F6BED000 - \SystemRoot\system32\DRIVERS\w39n51.sys

F780A000 - \SystemRoot\system32\DRIVERS\usbuhci.sys

F6BCA000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS

F7812000 - \SystemRoot\system32\DRIVERS\usbehci.sys

F75E2000 - \SystemRoot\system32\DRIVERS\EMS7SK.sys

F6BB9000 - \SystemRoot\system32\DRIVERS\sdbus.sys

F6BA6000 - \SystemRoot\system32\DRIVERS\ESM7SK.sys

F75F2000 - \SystemRoot\system32\DRIVERS\ESD7SK.sys

F7A3E000 - \SystemRoot\system32\DRIVERS\CmBatt.sys

F7602000 - \SystemRoot\system32\DRIVERS\i8042prt.sys

F781A000 - \SystemRoot\system32\DRIVERS\DKbFltr.sys

F7822000 - \SystemRoot\system32\DRIVERS\kbdclass.sys

F6B76000 - \SystemRoot\system32\DRIVERS\SynTP.sys

F7A56000 - \SystemRoot\system32\DRIVERS\USBD.SYS

F782A000 - \SystemRoot\system32\DRIVERS\mouclass.sys

F7612000 - \SystemRoot\system32\DRIVERS\imapi.sys

F7622000 - \SystemRoot\system32\DRIVERS\cdrom.sys

F7632000 - \SystemRoot\system32\DRIVERS\redbook.sys

F6B53000 - \SystemRoot\system32\DRIVERS\ks.sys

F7A58000 - \SystemRoot\system32\DRIVERS\NTIDrvr.sys

F6AED000 - \SystemRoot\System32\Drivers\ajbj2kn0.SYS

F717F000 - \SystemRoot\system32\DRIVERS\audstub.sys

F7642000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys

F71C1000 - \SystemRoot\system32\DRIVERS\ndistapi.sys

F6AD6000 - \SystemRoot\system32\DRIVERS\ndiswan.sys

F7652000 - \SystemRoot\system32\DRIVERS\raspppoe.sys

F7662000 - \SystemRoot\system32\DRIVERS\raspptp.sys

F788A000 - \SystemRoot\system32\DRIVERS\TDI.SYS

F6AC5000 - \SystemRoot\system32\DRIVERS\psched.sys

F7672000 - \SystemRoot\system32\DRIVERS\msgpc.sys

F7892000 - \SystemRoot\system32\DRIVERS\ptilink.sys

F789A000 - \SystemRoot\system32\DRIVERS\raspti.sys

F7682000 - \SystemRoot\system32\DRIVERS\termdd.sys

F7A5E000 - \SystemRoot\system32\DRIVERS\swenum.sys

F6A6C000 - \SystemRoot\system32\DRIVERS\update.sys

F71A4000 - \SystemRoot\system32\DRIVERS\mssmbios.sys

F7692000 - \SystemRoot\System32\Drivers\NDProxy.SYS

F4562000 - \SystemRoot\system32\drivers\RtkHDAud.sys

F4540000 - \SystemRoot\system32\drivers\portcls.sys

F76A2000 - \SystemRoot\system32\drivers\drmk.sys

F450A000 - \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

F4416000 - \SystemRoot\system32\DRIVERS\HSF_DPV.sys

F4365000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

F78AA000 - \SystemRoot\System32\Drivers\Modem.SYS

F76B2000 - \SystemRoot\system32\DRIVERS\usbhub.sys

F7A64000 - \SystemRoot\System32\Drivers\i2omgmt.SYS

F7A66000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

F7C1D000 - \SystemRoot\System32\Drivers\Null.SYS

F7A68000 - \SystemRoot\System32\Drivers\Beep.SYS

F7186000 - \SystemRoot\System32\Drivers\avgclean.sys

F78CA000 - \SystemRoot\System32\drivers\vga.sys

F7A6A000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F7A6C000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

F78D2000 - \SystemRoot\System32\Drivers\Msfs.SYS

F78DA000 - \SystemRoot\System32\Drivers\Npfs.SYS

F7112000 - \SystemRoot\system32\DRIVERS\rasacd.sys

F430A000 - \SystemRoot\system32\DRIVERS\ipsec.sys

F42B2000 - \SystemRoot\system32\DRIVERS\tcpip.sys

F428A000 - \SystemRoot\system32\DRIVERS\netbt.sys

F4269000 - \SystemRoot\system32\DRIVERS\ipnat.sys

F76C2000 - \SystemRoot\system32\DRIVERS\wanarp.sys

F4247000 - \SystemRoot\System32\drivers\afd.sys

F76D2000 - \SystemRoot\system32\DRIVERS\netbios.sys

F78E2000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys

F421C000 - \SystemRoot\system32\DRIVERS\rdbss.sys

F7A4E000 - \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys

F41AD000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys

F76E2000 - \SystemRoot\System32\Drivers\Fips.SYS

F76F2000 - \SystemRoot\system32\DRIVERS\avipbb.sys

F7A6E000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys

F40E4000 - \SystemRoot\System32\Drivers\avg7core.sys

F71E5000 - \SystemRoot\system32\DRIVERS\hidusb.sys

F7702000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

F78EA000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

F71E1000 - \SystemRoot\system32\DRIVERS\mouhid.sys

F7A70000 - \SystemRoot\System32\Drivers\avg7rsw.sys

F78F2000 - \SystemRoot\System32\Drivers\avg7rsxp.sys

F7712000 - \SystemRoot\System32\Drivers\Cdfs.SYS

F78FA000 - \SystemRoot\System32\Drivers\ASPI32.SYS

F40A4000 - \SystemRoot\System32\Drivers\dump_atapi.sys

F7A72000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000 - \SystemRoot\System32\win32k.sys

F6A5C000 - \SystemRoot\System32\drivers\Dxapi.sys

F7902000 - \SystemRoot\System32\watchdog.sys

BF9C3000 - \SystemRoot\System32\drivers\dxg.sys

F7C04000 - \SystemRoot\System32\drivers\dxgthk.sys

BF9D5000 - \SystemRoot\System32\nv4_disp.dll

F7912000 - \SystemRoot\system32\DRIVERS\AegisP.sys

BA59C000 - \SystemRoot\system32\DRIVERS\s24trans.sys

BA578000 - \SystemRoot\system32\DRIVERS\ndisuio.sys

BA0EB000 - \SystemRoot\system32\drivers\wdmaud.sys

BA270000 - \SystemRoot\system32\drivers\sysaudio.sys

BA0BE000 - \SystemRoot\system32\DRIVERS\mrxdav.sys

B9DDB000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

B9D48000 - \SystemRoot\system32\DRIVERS\atksgt.sys

F7A8C000 - \SystemRoot\System32\Drivers\avgtdi.sys

F7C5D000 - \??\C:\WINDOWS\system32\drivers\epm-psd.sys

B999C000 - \??\C:\WINDOWS\system32\drivers\epm-shd.sys

B9974000 - \SystemRoot\system32\DRIVERS\ithsgt.sys

B9922000 - \SystemRoot\system32\DRIVERS\srv.sys

B9A84000 - \SystemRoot\system32\DRIVERS\lilsgt.sys

F7932000 - \SystemRoot\system32\DRIVERS\lirsgt.sys

B9A80000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys

F7A80000 - \??\C:\WINDOWS\system32\drivers\osaio.sys

F7B6D000 - \??\C:\WINDOWS\system32\drivers\osanbm.sys

B9A48000 - \SystemRoot\system32\DRIVERS\secdrv.sys

F78B2000 - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys

B97F2000 - \??\C:\WINDOWS\system32\drivers\tmcomm.sys

B9466000 - \SystemRoot\System32\Drivers\HTTP.sys

B942D000 - \??\C:\Acer\Empowering Technology\eRecovery\int15.sys

F7A96000 - \SystemRoot\System32\Drivers\NdisFilt.sys

B95EA000 * --[Hidden]--

B6711000 - \SystemRoot\system32\drivers\kmixer.sys

F7179000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

 

Total number of drivers = 151

 

Liste des programmes installes

 

Acer eDataSecurity Management

Acer eDataSecurity Management 1.00.26

Acer eLock Management

Acer eLock Management

Acer Empowering Technology framework

Acer Empowering Technology framework

Acer eNet Management

Acer ePerformance Management

Acer ePerformance Management

Acer ePower Management

Acer ePresentation Management

Acer eSettings Management

Acer eSettings Management

Acer GridVista

Acer Screensaver

Ad-Aware 2007

Adobe Flash Player 9 ActiveX

Adobe Photoshop 7.0

Adobe Reader 8.1.1

AVG 7.5

Avira AntiVir PersonalEdition Classic

Barre d'outils Outlook de Windows Live (Windows Live Toolbar)

BitLord 1.1

Bloqueur de fenêtres pop-up (Windows Live Toolbar)

CCleaner (remove only)

DreamStation DXi

Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)

Extension de Windows Live Toolbar (Windows Live Toolbar)

Fahrenheit

HDAUDIO Soft Data Fax Modem with SmartCP

HijackThis 2.0.2

Intel® PROSet/Wireless Software

Java 6 Update 2

Java 6 Update 3

L&H TTS3000 Français

Launch Manager

Lernout & Hauspie TruVoice American English TTS Engine

Les Chevaliers de Baphomet - Les Gardiens du Temple de Salomon

LightScribe 1.4.97.1

mCore

Menus intelligents (Windows Live Toolbar)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

Microsoft Visual C++ 2005 Redistributable

mMHouse

MotionDV STUDIO 5.3E LE for DV

Mozilla Firefox (2.0.0.9)

mPfMgr

mProSafe

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

Music Visualizer Library 1.4.00

mWlsSafe

mXML

Navigation par onglets (Windows Live Toolbar)

Nero OEM

NeroVision Express

neroxml

NetGammon8

NTI Backup NOW! 4.5

NTI CD & DVD-Maker

NTI CD & DVD-Maker

NVIDIA Drivers

OneCare Advisor (Windows Live Toolbar)

OpenAL

OpenMG Limited Patch 3.2-03-02-21-08

OpenMG Limited Patch 3.2-03-04-14-02

OpenMG Limited Patch 3.2-03-04-17-02

OpenMG Secure Module 3.2

PowerDVD

Qloud Plug-in for WM

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 2.0 (KB928365)

Security Update for Windows XP (KB923789)

Skype 3.5

SonicStage

Spybot - Search & Destroy 1.4

SpywareBlaster v3.5.1

Symantec KB-DocID:2003093015493306

Synaptics Pointing Device Driver

VeloMaster Lite CW

Video Stream Driver for Panasonic DVC

Video Stream Driver for Panasonic DVC

Virtual DJ - Atomix Productions

Virtual DJ Home Edition - Atomix Productions

Virtual Sound Canvas DXi

VoipBuster

WebFldrs XP

WinAce Archiver

Winamp (remove only)

Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5)

Windows Genuine Advantage Notifications (KB905474)

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Toolbar

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

WinZip

Zeb-Utility 1.2

 

 

 

Volume in drive C is ACER

Volume Serial Number is 320D-180E

 

Directory of C:\Program Files

 

01/10/2006 03:09 AM <DIR> .

01/10/2006 03:09 AM <DIR> ..

23/08/2006 12:13 AM <DIR> Acer Inc

23/08/2006 12:14 AM <DIR> Adobe

03/07/2007 08:50 PM <DIR> Ahead

13/05/2007 07:03 PM <DIR> Astonsoft

25/12/2007 09:44 AM <DIR> Avira

28/08/2007 05:56 PM <DIR> BitLord

19/04/2007 02:46 PM <DIR> CCleaner

22/08/2006 11:49 PM <DIR> Common Files

22/08/2006 11:56 PM <DIR> ComPlus Applications

23/08/2006 12:10 AM <DIR> CONEXANT

23/08/2006 12:15 AM <DIR> CyberLink

02/07/2007 09:24 PM <DIR> DAEMON Tools

08/08/2007 12:58 PM <DIR> DIFX

07/05/2007 05:22 PM <DIR> directx

03/11/2007 07:40 PM <DIR> Goto.Games

12/07/2007 03:19 PM <DIR> Grisoft

24/09/2007 07:33 PM <DIR> GSM

16/12/2007 04:51 PM <DIR> Helper

22/08/2006 03:50 AM <DIR> i386

19/04/2007 05:25 PM <DIR> Image-Line

23/08/2006 12:04 AM <DIR> Intel

22/08/2006 11:57 PM <DIR> Internet Explorer

13/05/2007 05:56 PM <DIR> iSofter

11/08/2007 06:38 PM <DIR> Java

11/10/2006 12:15 PM <DIR> Launch Manager

19/11/2007 05:25 PM <DIR> Lavasoft

22/08/2006 11:55 PM <DIR> Messenger

22/08/2006 11:59 PM <DIR> microsoft frontpage

15/09/2007 08:17 AM <DIR> Microsoft SQL Server

22/08/2006 11:57 PM <DIR> Movie Maker

19/11/2007 05:47 PM <DIR> Mozilla Firefox

22/08/2006 11:55 PM <DIR> MSN

22/08/2006 11:55 PM <DIR> MSN Gaming Zone

12/07/2007 03:40 PM <DIR> MSN Messenger

22/08/2007 09:17 AM <DIR> MSXML 4.0

21/05/2007 05:30 PM <DIR> MusicLab

22/08/2006 11:57 PM <DIR> NetMeeting

23/08/2006 12:18 AM <DIR> NewTech Infosystems

19/11/2007 03:32 PM <DIR> NoAdware5.0

23/08/2006 12:53 AM <DIR> Norton AntiVirus

22/08/2006 11:56 PM <DIR> Online Services

14/09/2007 11:34 AM <DIR> OpenAL

22/08/2006 11:57 PM <DIR> Outlook Express

24/04/2007 05:06 PM <DIR> Panasonic

23/08/2006 12:09 AM <DIR> Realtek

13/09/2007 02:25 PM <DIR> Skype

19/04/2007 02:55 PM <DIR> Spybot - Search & Destroy

21/04/2007 06:23 PM <DIR> SpywareBlaster

23/08/2006 12:12 AM <DIR> Synaptics

02/07/2007 07:05 PM <DIR> Ubisoft

28/08/2007 05:28 PM <DIR> VirtualDJ

01/11/2007 07:09 PM <DIR> VoipBuster.com

17/09/2007 06:33 PM <DIR> WinAce

11/05/2007 03:50 PM <DIR> Winamp

17/11/2007 09:42 PM <DIR> Windows Live Safety Center

19/04/2007 01:30 PM <DIR> Windows Media Connect 2

22/08/2006 11:56 PM <DIR> Windows Media Player

22/08/2006 11:55 PM <DIR> Windows NT

11/10/2006 12:16 PM <DIR> WinPCap

20/07/2007 09:17 PM <DIR> WinZip

22/08/2006 11:59 PM <DIR> xerox

26/12/2007 08:04 PM <DIR> Zeb-Utility

0 File(s) 0 bytes

64 Dir(s) 32,220,119,040 bytes free

Volume in drive C is ACER

Volume Serial Number is 320D-180E

 

Directory of C:\Program Files\common files

 

01/10/2006 03:09 AM <DIR> .

01/10/2006 03:09 AM <DIR> ..

22/08/2006 11:49 PM <DIR> Microsoft Shared

22/08/2006 11:49 PM <DIR> SpeechEngines

22/08/2006 11:49 PM <DIR> ODBC

22/08/2006 11:57 PM <DIR> System

22/08/2006 11:57 PM <DIR> MSSoap

22/08/2006 11:57 PM <DIR> Services

23/08/2006 12:09 AM <DIR> InstallShield

23/08/2006 12:14 AM <DIR> Adobe

23/08/2006 12:18 AM <DIR> NewTech Infosystems

23/08/2006 12:19 AM <DIR> muvee Technologies

23/08/2006 12:19 AM <DIR> LightScribe

23/08/2006 12:52 AM <DIR> Symantec Shared

24/04/2007 05:06 PM <DIR> Panasonic

07/05/2007 05:21 PM <DIR> Sony Shared

03/07/2007 08:51 PM <DIR> Ahead

11/08/2007 06:36 PM <DIR> Java

13/09/2007 02:25 PM <DIR> Skype

23/10/2007 05:05 PM <DIR> DirectX

19/11/2007 05:25 PM <DIR> Wise Installation Wizard

0 File(s) 0 bytes

21 Dir(s) 32,220,119,040 bytes free

 

 

 

 

c:\Documents and Settings\Default User\Local Settings\Temp\RtkBtMnt.exe

c:\Documents and Settings\user\Local Settings\Temp\RtkBtMnt.exe

c:\Documents and Settings\user\Local Settings\Temp\IXP000.TMP\redist.exe

c:\Documents and Settings\user\Local Settings\Temp\DirectX9\dxsetup.exe

c:\Documents and Settings\user\Local Settings\Temp\ICD1.tmp\setup.exe

c:\Documents and Settings\user\Local Settings\Temp\IXP001.TMP\MSNOIEF.exe

c:\Documents and Settings\user\My Documents\internet download\3nityVideoConvert.exe

c:\Documents and Settings\user\My Documents\internet download\ccsetup139.exe

c:\Documents and Settings\user\My Documents\internet download\cdex_170b2_enu.exe

c:\Documents and Settings\user\My Documents\internet download\DivXInstaller.exe

c:\Documents and Settings\user\My Documents\internet download\DVDFabDecrypter3096.exe

c:\Documents and Settings\user\My Documents\internet download\DVDTOAVI.exe

c:\Documents and Settings\user\My Documents\internet download\flstudio7_RC6b.exe

c:\Documents and Settings\user\My Documents\internet download\FreeDVD.exe

c:\Documents and Settings\user\My Documents\internet download\idvdrip_38242.exe

c:\Documents and Settings\user\My Documents\internet download\JAD7_BASIC.exe

c:\Documents and Settings\user\My Documents\internet download\music_morpher_gold_cnt.exe

c:\Documents and Settings\user\My Documents\internet download\RC2004Setup129Light.exe

c:\Documents and Settings\user\My Documents\internet download\Setupex_QuartzStudioFreeF.exe

c:\Documents and Settings\user\My Documents\internet download\SonicStageInstaller.exe

c:\Documents and Settings\user\My Documents\internet download\SprBd081.exe

c:\Documents and Settings\user\My Documents\internet download\winamp534_full_emusic-7plus.exe

c:\Documents and Settings\user\My Documents\internet download\wpsetup.exe

c:\Documents and Settings\user\My Documents\My Received Files\BitTorrent-6.0-Beta.exe

c:\Documents and Settings\user\My Documents\My Received Files\emule048a.exe

c:\Documents and Settings\user\My Documents\My Received Files\wace265i.exe

c:\Documents and Settings\user\My Documents\VirtualDJ\crashguard3.exe

c:\Documents and Settings\user\My Documents\VirtualDJ\ripdvd.exe

c:\Documents and Settings\user\My Documents\VirtualDJ\ripvinyl.exe

c:\Documents and Settings\user\My Documents\VirtualDJ\UNWISE.EXE

c:\Documents and Settings\user\My Documents\VirtualDJ\virtualdj.exe

c:\Documents and Settings\user\Desktop\antivir_workstation_win7u_en_h.exe

c:\Documents and Settings\user\Desktop\ATF-Cleaner.exe

c:\Documents and Settings\user\Desktop\avg75free_476a1048.exe

c:\Documents and Settings\user\Desktop\Setup_Zeb-Utility.exe

c:\Documents and Settings\user\Desktop\setupfre.exe

c:\Documents and Settings\user\Desktop\VundoFix.exe

c:\Documents and Settings\user\Desktop\WMQloudSetup.exe

c:\Documents and Settings\user\Desktop\web files\winamp535_full_emusic-7plus.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\dumphive.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\exit.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\GenericRenosFix.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\HostsChk.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\Process.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\Reboot.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\restart.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\SmiUpdate.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\SrchSTS.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\swreg.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\swsc.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\swxcacls.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\unzip.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\VCCLSID.exe

c:\Documents and Settings\user\Desktop\SmitfraudFix\WS2Fix.exe

c:\Documents and Settings\user\Desktop\DiagHelp\catchme.exe

c:\Documents and Settings\user\Desktop\DiagHelp\diff.exe

c:\Documents and Settings\user\Desktop\DiagHelp\dumphive.exe

c:\Documents and Settings\user\Desktop\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\user\Desktop\DiagHelp\find2.exe

c:\Documents and Settings\user\Desktop\DiagHelp\Fport.exe

c:\Documents and Settings\user\Desktop\DiagHelp\grep.exe

c:\Documents and Settings\user\Desktop\DiagHelp\gzip.exe

c:\Documents and Settings\user\Desktop\DiagHelp\KProcCheck.exe

c:\Documents and Settings\user\Desktop\DiagHelp\LFiles.exe

c:\Documents and Settings\user\Desktop\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\user\Desktop\DiagHelp\md5sums.exe

c:\Documents and Settings\user\Desktop\DiagHelp\pslist.exe

c:\Documents and Settings\user\Desktop\DiagHelp\sigcheck.exe

c:\Documents and Settings\user\Desktop\DiagHelp\streams.exe

c:\Documents and Settings\user\Desktop\DiagHelp\swreg.exe

c:\Documents and Settings\user\Desktop\DiagHelp\tar.exe

c:\Documents and Settings\user\Desktop\virtual dj\Atomix.Virtualdj.v3.0.Skins.Effects.Samples.by.GT-R\update virtualdj v3.0.exe

c:\Documents and Settings\user\Desktop\virtual dj\Atomix.Virtualdj.v3.0.Skins.Effects.Samples.by.GT-R\crack v3.0\virtualdj.exe

c:\Documents and Settings\user\Desktop\virtual dj\Atomix.Virtualdj.v3.0.Skins.Effects.Samples.by.GT-R\Virtual.DJ.v2.1 + crack\Virtualdj v2.1.exe

c:\Documents and Settings\user\Desktop\virtual dj\Atomix.Virtualdj.v3.0.Skins.Effects.Samples.by.GT-R\Virtual.DJ.v2.1 + crack\crack\virtualdj.exe

c:\Documents and Settings\user\Application Data\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\ARPPRODUCTICON.exe

c:\Documents and Settings\user\Application Data\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Fahrenheit.exe_B11493A1D18C4B5FAD8D53D777C9C16A.exe

c:\Documents and Settings\user\Application Data\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Uninstall_Fahrenheit_8C2B6FBDC8D14FA595F7B3231B7D8CBC.exe

c:\Documents and Settings\user\Application Data\LimeWire\.NetworkShare\LimeWireWin4.14.8.exe

c:\Documents and Settings\user\.housecall6.6\getMac.exe

c:\Documents and Settings\user\.housecall6.6\patch.exe

c:\Documents and Settings\user\.housecall6.6\tsc.exe

c:\Documents and Settings\Bart\Local Settings\Temp\RtkBtMnt.exe

c:\Documents and Settings\Guest\Local Settings\Temp\RtkBtMnt.exe

c:\Documents and Settings\Administrator\Local Settings\Temp\RtkBtMnt.exe

c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll

c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

c:\Documents and Settings\user\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

c:\Documents and Settings\Guest\Application Data\InstallShield\Professional\RunTime\Objectps.dll

c:\Documents and Settings\Guest\Application Data\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

c:\Documents and Settings\Guest\Application Data\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

c:\Documents and Settings\Guest\Application Data\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

c:\Documents and Settings\Guest\Application Data\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

c:\Documents and Settings\Guest\Application Data\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

c:\Documents and Settings\Guest\Application Data\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

 

****** Fin du rapport DiagHelp

Veuillez svp envoyer le fichier C:\upload_moi_ACER-537DA73FD4.tar.gz a l'adresse http://upload.malekal.com

abousimbel Junior Member

abousimbel

Posté(e)
  • Auteur
Posté(e)

et voila le rapport antivir

 

 

 

 

 

AntiVir PersonalEdition Classic

Report file date: Thursday, 27 December 2007 17:32

 

Scanning for 992748 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: ACER-537DA73FD4

 

Version information:

BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 04:16:30

AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 03:23:52

LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 06:32:48

LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 03:35:22

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 05:27:16

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 12/14/2007 23:52:10

ANTIVIR2.VDF : 7.0.1.157 286720 Bytes 12/26/2007 07:09:06

ANTIVIR3.VDF : 7.0.1.158 2048 Bytes 12/26/2007 07:09:06

AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 12/24/2007 23:52:12

AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 01:36:28

AVPREF.DLL : 7.0.2.2 25640 Bytes 7/17/2007 22:39:18

AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 04:16:24

AVPACK32.DLL : 7.6.0.2 360488 Bytes 12/24/2007 23:52:12

AVREG.DLL : 7.0.1.6 30760 Bytes 7/17/2007 22:17:08

AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 03:26:34

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/17/2007 22:10:20

NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 02:09:44

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 03:38:14

RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 03:50:38

SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 00:37:22

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: Thursday, 27 December 2007 17:32

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned

Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned

Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned

Scan process 'unsecapp.exe' - '1' Module(s) have been scanned

Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned

Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned

Scan process 'ALG.EXE' - '1' Module(s) have been scanned

Scan process 'SYMLCSVC.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned

Scan process 'admServ.exe' - '1' Module(s) have been scanned

Scan process 'AVGEMC.EXE' - '1' Module(s) have been scanned

Scan process 'AVGUPSVC.EXE' - '1' Module(s) have been scanned

Scan process 'ISSCH.EXE' - '1' Module(s) have been scanned

Scan process 'LManager.exe' - '1' Module(s) have been scanned

Scan process 'AVGAMSVR.EXE' - '1' Module(s) have been scanned

Scan process 'SCHED.EXE' - '1' Module(s) have been scanned

Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned

Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'ADMTRAY.EXE' - '1' Module(s) have been scanned

Scan process 'eDSloader.exe' - '1' Module(s) have been scanned

Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned

Scan process 'Monitor.exe' - '1' Module(s) have been scanned

Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned

Scan process 'AVGCC.EXE' - '1' Module(s) have been scanned

Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned

Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned

Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

Scan process 'EvtEng.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'LSASS.EXE' - '1' Module(s) have been scanned

Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned

Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned

Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned

Scan process 'SMSS.EXE' - '1' Module(s) have been scanned

49 processes with 49 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '44' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <ACER>

C:\upload_moi_ACER-537DA73FD4.tar.gz

[0] Archive type: GZ

--> upload_moi.tar

[1] Archive type: TAR (tape archiver)

--> WINDOWS/System32/vturo.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[WARNING] The file was ignored!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\vturo.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[WARNING] The file was ignored!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll

[WARNING] The file could not be opened!

C:\System Volume Information\_restore{8C0206E2-F928-4261-9A88-2ACD4745FD52}\RP1\A0000018.DLL

[DETECTION] Is the Trojan horse TR/Vundo.DST

[WARNING] The file was ignored!

C:\VundoFix Backups\xxyxwwt.dll.bad

[DETECTION] Is the Trojan horse TR/Vundo.DST

[WARNING] The file was ignored!

Begin scan in 'D:\' <ACERDATA>

 

 

End of the scan: Thursday, 27 December 2007 18:38

Used time: 1:06:22 min

 

The scan has been done completely.

 

4808 Scanning directories

175874 Files were scanned

4 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

4 Files cannot be scanned

175870 Files not concerned

6745 Archives were scanned

8 Warnings

0 Notes

  • 2 semaines après...
rololo88 Junior Member

rololo88

Posté(e)
Posté(e)

J'avais aussi Vundo qu'un de mes contacts msn m'avait gentillement filé.

C'est une vraie plaie. Alors j'ai trouvé une solution radicale, elle prends 5mn

tout au plus.

 

ATTENTION CETTE SOLUTION DÉSACTIVE LE VIRUS MAIS NE LE SUPPRIME PAS

POUR MOI C LA MÊME CHOSE CAR LE VIRUS N EST PLUS ACTIF APRÈS C'EST A

VOUS DE VOIR. MOI JE PRÉFÈRE LE DÉSACTIVER QUE DE JOUER AVEC PLEINS

DE LOGICIELS ET FAIRE UNE CRISE DE NERFS LOOOL.

 

CETTE SOLUTION EST RAPIDE EST PRENDS TRÈS PEUX DE TEMPS, APRÈS

VOUS POUVEZ VOUS AMUSER TRANQUILLEMENT A EFFACER VOS DLL

OU AUTRES FICHIER TMP QUI ON VERMINE VOTRE PC, ITS UP TO YOU :P .

 

VOICI LA SOLUTION:

 

Il suffit de cliquer sur démarrer -> exécuter tapez msconfig

puis cliquez sur l'onglet démarrage puis sur désactiver tout.

Validez par ok et choisissez de redémarrer quand windows vous

y invites.

Vous redémarrez votre pc et c'est terminé le virus est KO.

Maintenant il suffit de réinstaller vos programmes comme msn, gtalk

et autres qui se chargeaient au démarrage.

 

ensuite faites un nettoyage avec spybot et autres....

 

Bonne chance. :P

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

abousimbel , je te prie de m'excuser car je n'avais pas vu ta réponse... :P

Etant donné que ton dernier message date du jeudi 27 décembre, j'aimerai que tu me dises si tu comptes continuer la désinfection :P

 

Pour rololo88 >

ATTENTION CETTE SOLUTION DÉSACTIVE LE VIRUS MAIS NE LE SUPPRIME PAS

POUR MOI C LA MÊME CHOSE CAR LE VIRUS N EST PLUS ACTIF APRÈS C'EST A

VOUS DE VOIR. MOI JE PRÉFÈRE LE DÉSACTIVER QUE DE JOUER AVEC PLEINS

DE LOGICIELS ET FAIRE UNE CRISE DE NERFS LOOOL.

rololo88, détrompe toi.... il y a de multiples lancements depuis la base de registre et pas seulement celui auquel tu fais allusion (à savoir les clés Run que l'on retrouve sous msconfig )

Vous redémarrez votre pc et c'est terminé le virus est KO.

Faux!! Il est toujours actif...

rololo88, au vu des actions que tu as effectué pour nettoyer le pc, je te conseille fortement de te créer un sujet sur le forum. Pourquoi ? d'une part, parce que tu ne vas certainement pas tarder à voir le malware repointer son nez, et d'autre part, parce qu'un malware ne vient jamais seul...

 

@++

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...