Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Colonisation de Virus et Trojan en tout genre

midnight

Par midnight
dans Analyses et éradication malwares

 Partager

Messages recommandés

midnight Mega Power Member

midnight

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Il n'y a pas de problème pour l'attente déjà tu t'occupes de mon cas c'est bien.

 

Du coup j'ai tout refait.

Vundofix et SD fix rapport vide: rien trouvé.

 

Vundofix:

 

VundoFix V7.0.6

 

Scan started at 22:47:19 23/06/2008

 

Listing files found while scanning....

 

No infected files were found.

 

 

VundoFix V7.0.6

 

Scan started at 10:42:42 28/06/2008

 

Listing files found while scanning....

 

No infected files were found.

 

SDfix:

 

SDFix: Version 1.196

Run by axel on 28/06/2008 at 10:58

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

Combofix:

 

ComboFix 08-06-20.4 - axel 2008-06-28 11:39:02.6 - NTFSx86

Microsoft Windows XP Édition familiale 5.1 [GMT 2:00]

Endroit: C:\Documents and Settings\axel\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\axel\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\Documents and Settings\sabine\Local Settings\Temp\enrdiyxc.dll

C:\Documents and Settings\sabine\Local Settings\Temp\tcvnkrkn.dll

C:\Program Files\Seekmo

C:\Program Files\ShoppingReport

C:\WINDOWS\system32\agdxdckb.dll

C:\WINDOWS\system32\ahcmuwuk.dll

C:\WINDOWS\system32\bsoardym.dll

C:\WINDOWS\system32\byXNddaB.dll

C:\WINDOWS\system32\chpmxlaq.dll

C:\WINDOWS\system32\d3d8caps.dat

C:\WINDOWS\system32\ddcBUkli.dll

C:\WINDOWS\system32\ddcCVOGx.dll

C:\WINDOWS\system32\ecqvjsfv.dll

C:\WINDOWS\system32\efcBuRjk.dll

C:\WINDOWS\system32\ffpgpllx.dll

C:\WINDOWS\system32\fuudhhwq.dll

C:\WINDOWS\system32\hgGyvwwt.dll

C:\WINDOWS\system32\hmnimqpd.dll

C:\WINDOWS\system32\hvdldjnc.dll

C:\WINDOWS\system32\iifdeddD.dll

C:\WINDOWS\SYSTEM32\iifdeddD.dll

C:\WINDOWS\system32\iifdeddD.dll

C:\WINDOWS\system32\iifgDVLD.dll

C:\WINDOWS\system32\ioolguyq.dll

C:\WINDOWS\system32\jvntfdga.dll

C:\WINDOWS\system32\khfDuUKD.dll

C:\WINDOWS\system32\knsrhrsr.dll

C:\WINDOWS\system32\kttgaolh.dll

C:\WINDOWS\system32\llrpefuh.dll

C:\WINDOWS\system32\mkanwawl.dll

C:\WINDOWS\system32\mlJYpOFW.dll

C:\WINDOWS\system32\nlgjvgin.dll

C:\WINDOWS\system32\nmmyefse.dll

C:\WINDOWS\system32\okqtxxhq.dll

C:\WINDOWS\system32\prehywhb.dll

C:\WINDOWS\system32\pumynrxn.dll

C:\WINDOWS\system32\pxttieso.dll

C:\WINDOWS\system32\pycbxrbj.dll

C:\WINDOWS\system32\qofqxjwd.dll

C:\WINDOWS\system32\qoMeDVNe.dll

C:\WINDOWS\system32\qoMfdCSl.dll

C:\WINDOWS\system32\seccqyxd.dll

C:\WINDOWS\system32\tuvtSlKc.dll

C:\WINDOWS\system32\ubynotea.dll

C:\WINDOWS\system32\vdiclpyp.dll

C:\WINDOWS\system32\vwypenna.dll

C:\WINDOWS\system32\wdtfwdeb.dll

C:\WINDOWS\system32\wirllubu.dll

C:\WINDOWS\system32\wminhhqt.dll

C:\WINDOWS\system32\wtgfqmxv.dll

C:\WINDOWS\system32\xeopmcla.dll

C:\WINDOWS\system32\yltjvxru.dll

C:\WINDOWS\system32\ysksbldy.dll

D:\grabit\1\System Mechanic Share Accelerator\ShareAcceleratorMM_SSZ08_010.EXE

.

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-28 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-28 10:56 . 2008-06-28 10:56 <REP> d-------- C:\WINDOWS\ERUNT

2008-06-23 23:46 . 2005-06-23 22:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau

2008-06-23 23:46 . 2005-06-23 22:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-06-23 23:46 . 2005-06-23 22:56 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles

2008-06-23 23:46 . 2005-09-21 16:14 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents

2008-06-23 23:46 . 2005-06-23 22:56 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer

2008-06-23 23:46 . 2005-09-21 16:14 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris

2008-06-23 23:46 . 2005-06-23 22:56 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-06-23 23:46 . 2005-06-23 23:13 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec

2008-06-23 23:46 . 2008-06-23 23:46 <REP> d-------- C:\Documents and Settings\Administrateur

2008-06-23 22:56 . 2008-06-28 11:13 <REP> d-------- C:\SDFix

2008-06-23 22:47 . 2008-06-23 22:47 <REP> d-------- C:\VundoFix Backups

2008-06-23 14:13 . 2008-06-23 14:13 <REP> d-------- C:\Program Files\Avira

2008-06-23 14:13 . 2008-06-23 14:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-11 07:58 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 07:58 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-10 10:30 . 2008-06-10 10:30 <REP> d-------- C:\Program Files\WordBiz

2008-06-10 10:30 . 2008-06-10 10:30 <REP> d-------- C:\Program Files\THQ

2008-06-10 10:30 . 2008-06-10 10:30 <REP> d-------- C:\Program Files\MSXML 4.0

2008-06-10 10:30 . 2008-06-10 20:54 <REP> d-------- C:\Program Files\MSN Messenger

2008-06-08 18:38 . 2008-06-08 18:38 <REP> d-------- C:\Documents and Settings\adrien\Application Data\MSNInstaller

2008-06-06 15:31 . 2008-06-10 10:30 <REP> d-------- C:\Program Files\Fichiers communs\Adobe

2008-06-04 23:28 . 2008-06-04 23:28 <REP> d-------- C:\Documents and Settings\adrien\Application Data\Teleca

2008-06-04 23:28 . 2008-06-04 23:28 <REP> d-------- C:\Documents and Settings\adrien\Application Data\Sony Ericsson

2008-06-04 20:17 . 2007-06-19 09:51 97,704 -ra------ C:\WINDOWS\system32\drivers\s816unic.sys

2008-06-04 20:17 . 2007-06-19 09:51 21,928 -ra------ C:\WINDOWS\system32\drivers\s816nd5.sys

2008-06-04 20:17 . 2007-06-19 09:51 9,768 -ra------ C:\WINDOWS\system32\drivers\s816cr.sys

2008-06-04 20:16 . 2008-06-04 20:17 <REP> d-------- C:\Documents and Settings\axel\Application Data\Teleca

2008-06-04 20:16 . 2007-06-19 09:51 97,320 -ra------ C:\WINDOWS\system32\drivers\s816obex.sys

2008-06-04 20:08 . 2008-06-04 20:08 <REP> d-------- C:\Program Files\Sony Ericsson

2008-06-04 20:08 . 2008-06-04 20:09 <REP> d-------- C:\Program Files\Fichiers communs\Teleca Shared

2008-06-04 20:08 . 2008-06-04 20:08 <REP> d-------- C:\Program Files\Fichiers communs\Sony Ericsson Shared

2008-06-04 20:08 . 2008-06-04 20:08 <REP> d-------- C:\Documents and Settings\axel\Application Data\Sony Ericsson

2008-06-04 20:07 . 2008-06-04 20:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Teleca

2008-06-04 20:07 . 2008-06-04 20:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-06-04 19:36 . 2007-06-19 09:51 99,112 -ra------ C:\WINDOWS\system32\drivers\s816mgmt.sys

2008-06-04 19:33 . 2007-06-19 09:51 107,304 -ra------ C:\WINDOWS\system32\drivers\s816mdm.sys

2008-06-04 19:33 . 2007-06-19 09:51 13,864 -ra------ C:\WINDOWS\system32\drivers\s816mdfl.sys

2008-06-04 19:33 . 2007-06-19 09:51 11,176 -ra------ C:\WINDOWS\system32\drivers\s816cmnt.sys

2008-06-04 19:33 . 2007-06-19 09:51 11,176 -ra------ C:\WINDOWS\system32\drivers\s816cm.sys

2008-06-04 19:32 . 2007-06-19 09:51 81,832 -ra------ C:\WINDOWS\system32\drivers\s816bus.sys

2008-06-04 19:32 . 2007-06-19 09:51 11,176 -ra------ C:\WINDOWS\system32\drivers\s816whnt.sys

2008-06-04 19:32 . 2007-06-19 09:51 11,176 -ra------ C:\WINDOWS\system32\drivers\s816wh.sys

2008-06-04 19:30 . 2008-06-04 19:30 <REP> d-------- C:\Program Files\Sony

2008-06-04 18:52 . 2008-06-04 18:52 <REP> d-------- C:\Program Files\Free.fr

2008-06-02 14:02 . 2008-06-04 18:52 <REP> d-------- C:\Program Files\Free(2).fr

2008-06-01 18:30 . 2008-06-23 23:59 <REP> d-------- C:\Temp

2008-05-30 21:23 . 2008-06-17 21:44 <REP> d-------- C:\Documents and Settings\axel\Application Data\LimeWire

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-25 09:37 --------- d-----w C:\Program Files\Windows Live Toolbar

2008-06-10 08:30 --------- d-----w C:\Program Files\Google

2008-06-10 08:26 --------- d-----w C:\Documents and Settings\sabine\Application Data\EoRezo

2008-06-09 19:52 --------- d-----w C:\Documents and Settings\axel\Application Data\EoRezo

2008-06-09 18:46 --------- d-----w C:\Documents and Settings\adrien\Application Data\EoRezo

2008-05-31 08:05 --------- d-----w C:\Program Files\Weflirt

2008-05-30 20:02 --------- d-----w C:\Documents and Settings\axel\Application Data\Apple Computer

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

2008-04-30 17:34 --------- d-----w C:\Documents and Settings\axel\Application Data\Ahead

2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-05-19 13:06 74,624 -c--a-w C:\Documents and Settings\sabine\Application Data\GDIPFONTCACHEV1.DAT

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-24_ 0.15.40.25 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-23 22:09:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-28 09:40:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-23 01:14:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-06-28 08:56:52 3,784,704 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat

+ 2008-06-28 08:56:52 110,592 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-06-23 01:14:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-06-28 08:56:51 3,784,704 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

+ 2008-06-28 08:56:51 110,592 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 14:21 68856]

"Weflirt"="C:\Program Files\Weflirt\weflirt.exe" [ ]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 18:03 94208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368]

"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 06:00 98304]

"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 18:36 28672]

"BabyGoCP"="C:\Program Files\FreeAngel\FreeAngel.exe" [ ]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=jvntfdga.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 04:11]

R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]

S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2006-05-09 17:50]

S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 09:51]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 09:51]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 09:51]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 09:51]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 09:51]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 09:51]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 09:51]

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-06-11 09:26:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-28 11:41:32

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\acer\Acer eConsole\MediaServerService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-28 11:45:21 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-28 09:45:18

ComboFix2.txt 2008-06-28 09:35:00

ComboFix3.txt 2008-06-25 10:17:10

 

Pre-Run: 66,476,466,176 octets libres

Post-Run: 66,467,762,176 octets libres

 

226 --- E O F --- 2008-06-20 07:25:59

 

Hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:13:51, on 28/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\acer\Acer eConsole\MediaServerService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\axel\Bureau\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo-flash.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: (no name) - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [babyGoCP] C:\Program Files\FreeAngel\FreeAngel.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Weflirt] "C:\Program Files\Weflirt\weflirt.exe" -background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: jvntfdga.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

 

 

Pourtant il y a toujours les alertes Vundo qui remonte par Antivir.

Antivir ne veux pas se mettre à jour: lianson internet failed ???

Windows ne veut pas se mettre à jour non plus. Je l'active et il se déactive.

 

Merci,

 

Midnight

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Re,

 

La version HijackThis n'est pas à jour, désinstalle le, et télécharge la version plus récente comme indiqué ci-dessous :

 

Télécharge HijackThisV2 sur ton bureau.

  • Double-clique sur HJTInstall.exe et suis les instructions d'installation.
  • Tu trouveras un tutoriel pour l'installation et la génération d'un rapport ici
  • Lance le, valide le message d'avertissement, puis clique sur Do a system scan and save a logfile.
  • A la fin de l'analyse, le bloc-notes va s'ouvrir. Copie-colle tout son contenu ici à la suite.
  • Poste le rapport généré sur le forum.

 

Pourtant il y a toujours les alertes Vundo qui remonte par Antivir.
On va regarder ça à nouveau. Les outils utilisés créent des quarantaines des fichiers traités, il est possible qu'Antivir les détecte dans leurs dossiers de quarantaine. As-tu un rapport Antivir à me communiquer ?

 

Antivir ne veux pas se mettre à jour: lianson internet failed ???
Ces jours derniers, il y a eu un bug chez Avira au sujet des mises à jour. Le souci est-il toujours présent ?

 

Windows ne veut pas se mettre à jour non plus. Je l'active et il se déactive.
Comment les réactives-tu ? Comment constates-tu qu'elles sont désactivées à nouveau ?

 

Le message d'erreur précédent ler mode sans échec dont tu m'avais parlé est-il toujours présent ?

 

A plus.

midnight Mega Power Member

midnight

Posté(e)
  • Auteur
Posté(e)

Re,

 

La version d'Hijackthis vient du post suivant:

 

http://forum.zebulon.fr/pre-nettoyage-d-un...cte-t83986.html

 

Je viens de le mettre à jour et voilà le rapport:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:18:51, on 28/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\acer\Acer eConsole\MediaServerService.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo-flash.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: (no name) - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [babyGoCP] C:\Program Files\FreeAngel\FreeAngel.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Weflirt] "C:\Program Files\Weflirt\weflirt.exe" -background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O20 - AppInit_DLLs: jvntfdga.dll

O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O24 - Desktop Component 0: (no name) - http://images.google.fr/images?q=tbn:c2vEG.../1141823166.jpg

 

--

End of file - 7893 bytes

 

 

Pour antivir, il vient de se mettre à jour, voilà le rapport:

 

 

 

Avira AntiVir Personal

Report file date: samedi 28 juin 2008 17:56

 

Scanning for 1365397 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: CHAMBRESABINE

 

Version information:

BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56

AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37

LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23

LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 15:50:30

ANTIVIR2.VDF : 7.0.5.2 2048 Bytes 24/06/2008 15:50:30

ANTIVIR3.VDF : 7.0.5.17 102912 Bytes 27/06/2008 15:50:33

Engineversion : 8.1.0.59

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21

AESCRIPT.DLL : 8.1.0.44 278907 Bytes 23/06/2008 12:19:01

AESCN.DLL : 8.1.0.22 119157 Bytes 23/06/2008 12:19:01

AERDL.DLL : 8.1.0.20 418165 Bytes 23/06/2008 12:18:59

AEPACK.DLL : 8.1.1.6 364918 Bytes 23/06/2008 12:18:58

AEOFFICE.DLL : 8.1.0.20 192891 Bytes 23/06/2008 12:18:58

AEHEUR.DLL : 8.1.0.32 1274231 Bytes 23/06/2008 12:18:57

AEHELP.DLL : 8.1.0.15 115063 Bytes 23/06/2008 12:18:56

AEGEN.DLL : 8.1.0.29 307573 Bytes 23/06/2008 12:18:55

AEEMU.DLL : 8.1.0.6 430451 Bytes 23/06/2008 12:18:55

AECORE.DLL : 8.1.0.31 168310 Bytes 23/06/2008 12:18:54

AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53

AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47

AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25

RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: delete

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: samedi 28 juin 2008 17:56

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'epmworker.exe' - '1' Module(s) have been scanned

Scan process 'Generic.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned

Scan process 'WkUFind.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'E_FATIACE.EXE' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'wscntfy.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'MediaServerService.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

36 processes with 36 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Master boot sector HD2

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Master boot sector HD3

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Master boot sector HD4

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '33' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <ACER>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\axel\Mes documents\LimeWire\Saved\2008 Sex and the City 720p HD Official Trailer-EVERYTRAILER.net.avi

[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N

[NOTE] A backup was created as '48965f9d.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\axel\Mes documents\LimeWire\Saved\Beast City - Sex Demon Metropolis.avi

[DETECTION] Is the Trojan horse TR/Dldr.WMA.GetCodec.A

[NOTE] A backup was created as '48c75fd2.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\axel\Mes documents\LimeWire\Saved\Clara Morgane -- Les Dessous de Clara Morgane.avi

[DETECTION] Is the Trojan horse TR/Dldr.WMA.GetCodec.A

[NOTE] A backup was created as '48c75fda.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\axel\Mes documents\LimeWire\Saved\Estelle Desanges - Hard Fuck!.avi

[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N

[NOTE] A backup was created as '48da5fe1.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\axel\Mes documents\LimeWire\Saved\Marc Dorcel - Casino No Limit BO.avi

[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N

[NOTE] A backup was created as '48d85fd0.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\axel\Mes documents\LimeWire\Saved\sex city 2008 francais.mpg

[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N

[NOTE] A backup was created as '48de5fd5.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\axel\Mes documents\LimeWire\Saved\skater die.mpg

[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N

[NOTE] A backup was created as '48c75fdc.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\axel\Mes documents\LimeWire\Saved\Virtual Sex With Katsumi.avi

[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N

[NOTE] A backup was created as '48d85fdb.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\sabine\Local Settings\Temporary Internet Files\Content.IE5\SFKUBH98\kb456456[1]

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '489a6023.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\catchme2008-06-25_121132.78.zip

[0] Archive type: ZIP

--> chpmxlaq.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48da6234.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\agdxdckb.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48ca6248.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\ahcmuwuk.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48c96249.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\chpmxlaq.dll.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE] A backup was created as '48d6624a.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\ddcBUkli.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48c96246.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\ecqvjsfv.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48d76246.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\iifdeddD.dll.vir

[DETECTION] Is the Trojan horse TR/WinlogonHook.H.1

[NOTE] A backup was created as '48cc624c.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\jvntfdga.dll.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE] A backup was created as '48d4625a.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\kttgaolh.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.ESF.3

[NOTE] A backup was created as '48da6258.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\llrpefuh.dll.vir

[DETECTION] Is the Trojan horse TR/Mondera.100352

[NOTE] A backup was created as '48d86250.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\mkanwawl.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48c76250.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\nlgjvgin.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48cd6251.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\nmmyefse.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48d36252.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\prehywhb.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48cb6258.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\pxttieso.dll.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE] A backup was created as '48da625e.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\pycbxrbj.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.EUG

[NOTE] A backup was created as '48c9625f.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\qofqxjwd.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.esk.1

[NOTE] A backup was created as '48cc6256.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\vdiclpyp.dll.vir

[DETECTION] Is the Trojan horse TR/Mondera.114688.1

[NOTE] A backup was created as '48cf624b.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\vwypenna.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.ESF.3

[NOTE] A backup was created as '48df625f.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\wirllubu.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.ESF.3

[NOTE] A backup was created as '48d86251.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\wminhhqt.dll.vir

[DETECTION] Is the Trojan horse TR/Mondera.100352

[NOTE] A backup was created as '48cf6255.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\wtgfqmxv.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.eug.1

[NOTE] A backup was created as '48cd625c.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\xeopmcla.dll.vir

[DETECTION] Is the Trojan horse TR/Mondera.113664

[NOTE] A backup was created as '48d5624e.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\yltjvxru.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48da6255.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP474\A0051084.exe

[DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.4

[NOTE] A backup was created as '4896623b.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP517\A0055310.dll

[DETECTION] Is the Trojan horse TR/WinlogonHook.H.1

[NOTE] A backup was created as '48966263.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP517\A0055332.dll

[DETECTION] Is the Trojan horse TR/WinlogonHook.H.1

[NOTE] A backup was created as '49368034.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP517\A0055344.dll

[DETECTION] Is the Trojan horse TR/WinlogonHook.H.1

[NOTE] A backup was created as '48966264.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP527\A0055883.dll

[DETECTION] Is the Trojan horse TR/Mondera.111616.1

[NOTE] A backup was created as '4896626d.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP527\A0055914.dll

[DETECTION] Is the Trojan horse TR/Mondera.113664

[NOTE] A backup was created as '4896626e.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP527\A0055935.dll

[DETECTION] Is the Trojan horse TR/Mondera.113664

[NOTE] A backup was created as '4896626f.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP527\A0055938.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '49368020.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP533\A0056744.dll

[DETECTION] Is the Trojan horse TR/Mondera.97280.3

[NOTE] A backup was created as '48966281.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP535\A0057040.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48966287.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067347.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] A backup was created as '4896628e.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067348.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] A backup was created as '4896628f.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067349.exe

[DETECTION] Is the Trojan horse TR/Dldr.CWS.gen.2

[NOTE] A backup was created as '493680c0.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067350.dll

[DETECTION] Is the Trojan horse TR/Mondera.105472.1

[NOTE] A backup was created as '48966291.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067351.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '493680c2.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067352.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48966290.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067353.exe

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] A backup was created as '493680c1.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067354.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48966292.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067356.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48966293.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067357.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '493680c4.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067358.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48966295.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067361.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '493680c3.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067362.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48966294.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067363.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '493680c5.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067364.exe

[DETECTION] Is the Trojan horse TR/Dldr.VB.epp

[NOTE] A backup was created as '48966296.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067365.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] A backup was created as '493680c6.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067367.dll

[DETECTION] Is the Trojan horse TR/Mondera.101376

[NOTE] A backup was created as '48966297.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067464.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '493680c7.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067465.exe

[DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.16

[NOTE] A backup was created as '48966298.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067466.exe

[DETECTION] Contains detection pattern of the dropper DR/MartShop.2

[NOTE] A backup was created as '493680c8.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067467.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48966299.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067468.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '493680ca.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067469.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '4896629b.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067470.dll

[DETECTION] Is the Trojan horse TR/Vundo.EUG

[NOTE] A backup was created as '493680c9.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067471.dll

[DETECTION] Is the Trojan horse TR/Vundo.esk.1

[NOTE] A backup was created as '4896629a.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067472.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '493680cb.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067473.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '493680cc.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067474.dll

[DETECTION] Is the Trojan horse TR/Vundo.eug.1

[NOTE] A backup was created as '4896629d.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067475.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '493680ce.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067476.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '4896629f.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067477.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '4896629c.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067478.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '493680cd.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069563.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '4896629e.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069564.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '493680f0.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069565.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '489662a1.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069568.dll

[DETECTION] Is the Trojan horse TR/WinlogonHook.H.1

[NOTE] A backup was created as '493680f2.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069569.dll

[DETECTION] Is the Trojan horse TR/Vundo.ESF.3

[NOTE] A backup was created as '489662a3.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069570.dll

[DETECTION] Is the Trojan horse TR/Mondera.100352

[NOTE] A backup was created as '493680cf.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069571.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48966280.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069572.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '493680d1.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069573.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48966282.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069575.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '493680f4.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069576.dll

[DETECTION] Is the Trojan horse TR/Vundo.EUG

[NOTE] A backup was created as '489662a5.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069577.dll

[DETECTION] Is the Trojan horse TR/Vundo.esk.1

[NOTE] A backup was created as '493680f6.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069578.dll

[DETECTION] Is the Trojan horse TR/Mondera.114688.1

[NOTE] A backup was created as '489662a7.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069579.dll

[DETECTION] Is the Trojan horse TR/Vundo.ESF.3

[NOTE] A backup was created as '489662a0.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069580.dll

[DETECTION] Is the Trojan horse TR/Vundo.ESF.3

[NOTE] A backup was created as '493680f1.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069581.dll

[DETECTION] Is the Trojan horse TR/Mondera.100352

[NOTE] A backup was created as '489662a2.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069582.dll

[DETECTION] Is the Trojan horse TR/Vundo.eug.1

[NOTE] A backup was created as '493680f3.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069583.dll

[DETECTION] Is the Trojan horse TR/Mondera.113664

[NOTE] A backup was created as '493680f8.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069584.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '489662a9.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP545\A0070150.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '489662b0.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP545\A0070162.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE] A backup was created as '489662b1.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP545\A0070163.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE] A backup was created as '493680e2.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP545\A0070164.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE] A backup was created as '489662b2.qua' ( QUARANTINE )

[NOTE] The file was deleted!

Begin scan in 'D:\' <ACERDATA>

D:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP540\A0067479.EXE

[DETECTION] Contains detection pattern of the dropper DR/Shopper.R.4

[NOTE] A backup was created as '489663f6.qua' ( QUARANTINE )

[NOTE] The file was deleted!

 

 

End of the scan: samedi 28 juin 2008 18:16

Used time: 20:07 min

 

The scan has been done completely.

 

6459 Scanning directories

170205 Files were scanned

99 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

99 files were deleted

0 files were repaired

99 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

170106 Files not concerned

6728 Archives were scanned

6 Warnings

99 Notes

 

Pour les mises à jour j'ai utilisé le "centre de sécurité", là c'est bien activé mais j'ai un message dans la barre en bas à droite qui dit que ce n'est pas fait.

 

Pour le mode Sans echec et aussi en normal c'est sur le compte "Sabine" que je n'ai plus accès à rein ...

 

@+

Midnight

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Re,

 

La version d'Hijackthis vient du post suivant:

 

http://forum.zebulon.fr/pre-nettoyage-d-un...cte-t83986.html

D'accord, nous verrons pour corriger le lien de cette dernière.

 

Relance un scan HijackThis

  • Clique sur Do a system scan only et coche les lignes ci-dessous :

  • O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: (no name) - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)
    O20 - AppInit_DLLs: jvntfdga.dll

  • Ferme toutes les fenêtres sauf HijackThis et Fix Checked. Puis ferme le programme.

 

Antivir, comme prévu a beaucoup réagi à la quarantaine de ComboFix (c:\qoobox), et a trouvé pas mal d'éléments dans les points de restauration précédemment créés. Pour ce qui est de la restauration système, pas de soucis tant que tu ne restaures pas : on va conserver ces points pour l'instant, de sorte de disposer d'une roue de secours tant que l'on n'a pas fini de tout traiter (en cas de plantage du système). Quand tout sera propre, nous effacerons par la suite ces points de restauration pour en créer un sain afin de repartir sur de bonnes bases.

 

Supprime le répertoire suivant (puisque le soft a été désinstallé) : C:\Documents and Settings\axel\Mes documents\LimeWire

Ce dernier contenait beaucoup de vidéos vérolées comme tu as pu le constater.

 

Supprime tous les éléments contenus dans la quarantine d'antivir, nous n'en avons pas besoin.

 

Télécharge ATF Cleaner par Atribune.

  • Double-clique ATF-Cleaner.exe afin de lancer le programme.

  • Pour internet explorer
    Sous l'onglet Main, choisis : Select All
    Clique sur le bouton Empty Selected

  • Pour Firefox
    Sous l'onglet Firefox, choisis : Select All
    Clique le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

Ensuite,

télécharge systemsr4.pngMalwarebytes' Anti-Malware en cliquant sur cette image: 138421069520080425195345.jpg

  • Installe-le puis lance-le
  • Connecte tes clés USB et disques externes.
  • Dans l'onglet "mise à jour", cliquer sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Quitte le programme.

3°) Redémarre le PC, impérativement en mode sans échec.

  • Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement.
  • Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.
  • Sélectionne "Mode sans échec" et appuie sur la touche [Entrée].
  • Choisis ton compte usuel, et non Administrateur.
  • >> En images ici<<

4°) Scan avec MBAM >>

  • Lance Malwarebytes' Anti-Malware
  • Rend-toi dans l'onglet "Recherche"
  • Sélectionne "Exécuter un examen complet"
  • Clique sur "Rechercher"
  • Le scan se lance
  • A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur "OK" pour poursuivre.
  • Ferme tes navigateurs et clique en bas sur "Afficher les résultats"
  • Si des malwares ont été détectés, leur liste s'affiche.
    En cliquant sur "Supprimer la sélection" , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Sauvegarde ce rapport sur le Bureau puis quitte le programme. Tu trouveras un tuto sur le lien suivant si tu as besoin.

 

Redémarre ton pc et poste le rapport MBAM ainsi qu'un nouveau rapport HijackThis. A bientôt.

midnight Mega Power Member

midnight

Posté(e)
  • Auteur
Posté(e)

Re,

 

Voilà le rapport

 

Malwarebytes' Anti-Malware 1.18

Version de la base de données: 898

 

20:31:54 28/06/2008

mbam-log-6-28-2008 (20-31-54).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 103245

Temps écoulé: 12 minute(s), 19 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 40

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 29

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e623b96-b166-4c70-8169-820761794299} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\seekmo.desktopflash (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\seekmo.desktopflash.1 (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bd5258af-20ae-4bd3-b748-b2851aca7335} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{995e885e-3ff5-4f66-a107-8bfb3a0f8f12} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash.1 (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.0.370.0 (Adware.Zango) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\QooBox\Quarantine\C\Program Files\Seekmo\bin\10.0.406.0\CoreSrv.dll.vir (Adware.Zango) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\Seekmo\bin\10.0.406.0\HostOL.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe.vir (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe.vir (Adware.Zango) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\Seekmo\bin\10.0.406.0\SeekmoSADF.exe.vir (Adware.Zango) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\Seekmo\bin\10.0.406.0\SeekmoSAHook.dll.vir (Adware.Zango) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\Seekmo\bin\10.0.406.0\Srv.exe.vir (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\Seekmo\bin\10.0.406.0\Wallpaper.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\Seekmo\bin\10.0.406.0\firefox\extensions\plugins\npclntax_SeekmoSA.dll.vir (Adware.Zango) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\ddcCVOGx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP504\A0052525.dll (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP515\A0055072.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP516\A0055115.exe (Adware.Zango) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP517\A0055266.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP517\A0055270.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP530\A0056308.exe (Adware.Zango) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP539\A0067355.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069551.dll (Adware.Zango) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069552.dll (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069554.exe (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069555.exe (Adware.Zango) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069556.exe (Adware.Zango) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069557.dll (Adware.Zango) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069558.exe (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069559.dll (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069560.dll (Adware.Zango) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP542\A0069638.exe (Adware.Zango) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP545\A0070151.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

 

 

et le rapport hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:40:35, on 28/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\acer\Acer eConsole\MediaServerService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo-flash.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [babyGoCP] C:\Program Files\FreeAngel\FreeAngel.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Weflirt] "C:\Program Files\Weflirt\weflirt.exe" -background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O24 - Desktop Component 0: (no name) - http://images.google.fr/images?q=tbn:c2vEG.../1141823166.jpg

 

--

End of file - 7726 bytes

 

@+

 

Midnight

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Re,

 

MBAM a bien travaillé, il a traité des entrées registres restantes. Tu ne m'as pas indiqué si tu avais trouvé et supprimé le répertoire "limewire" dans le répertoire "mes documents" ?

 

Le souci d'userinit.exe est-il toujours présent sur la session "sabine" ?

 

Pour les mises à jour, télécharge Zeb-restore.

  • Exécute le.
  • Coche les restrictions que tu as constatées.
  • Clique sur Restaurer.

Dis moi si cela a suffi à résoudre le souci des mises à jour. Note : pour autant, si cela refonctionne, n'installe pas tout de suite les mises à jour, tant que l'on n'a pas fini de tout nettoyer.

 

 

Télécharge MsLook.exe, double-clique dessus. Presse une touche à la demande. Cela va travailler très rapidement et le bloc-notes va s'ouvrir, poste le contenu du bloc-notes dans ta prochaine réponse.

midnight Mega Power Member

midnight

Posté(e)
  • Auteur
Posté(e)

Re,

 

Je peux à nouveau accéder au compte Sabine.

 

J'ai éxécuté Zebrestore mais pas encore de mise à jour demandé.

 

Le rapport Mslook semble vide:

 

MsLook.exe execute le : 28/06/2008 21:35:29,85

 

 

@+

Midnight

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Re,

 

Bonnes nouvelles pour le compte "Sabine", bon boulot :P

 

flechedroite.png Rends toi dans ton Menu Démarrer>Exécuter et copie-colle : ComboFix /u puis valide par la touche Entrée ou en cliquant sur Ok.

flechedroite.png Assure toi que les répertoires suivants soient supprimés :

  • C:\QooBox
    C:\SDFix
    C:\VundoFix Backups

flechedroite.png Assure toi que les fichiers suivants soient supprimés (normalement sur ton bureau) :

  • VundoFix.exe
    SDFix.exe
    ComboFix.exe
    MsLook.exe

flechedroite.png Vide ta corbeille.

flechedroite.png Reconnecte toi sous la session Sabine, qui présentait des soucis, et redonne moi un nouveau log HijackThis sous cette session, suivi d'un rapport comme ceci :

Relance Hijackthis.

  • Clique sur Open the misc tools sections
  • Clique sur Open uninstall Manager
  • Clique sur Save list
  • Enregistre le fichier > Une fenêtre du bloc-notes va s'ouvrir, copie-colle le contenu ici.

flechedroite.png Profites en pour m'énoncer des symptômes qui seraient particulier à la session 'Sabine' que tu ne rencontrais pas sous l'autre session.

 

A plus.

midnight Mega Power Member

midnight

Posté(e)
  • Auteur
Posté(e)

Re,

 

Pour hijacthis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:34:58, on 28/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\acer\Acer eConsole\MediaServerService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [babyGoCP] C:\Program Files\FreeAngel\FreeAngel.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [bMb350b356] Rundll32.exe "C:\DOCUME~1\sabine\LOCALS~1\Temp\tcvnkrkn.dll",s

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O24 - Desktop Component 0: (no name) - http://www.meteofrance.com/img/1pix.gif

 

--

End of file - 7749 bytes

 

 

Pour le Uninstall

 

ABBYY FineReader 6.0 Sprint

Acer eConsole

Acer eMode Management

Adobe Flash Player 9 ActiveX

Adobe Flash Player ActiveX

Adobe Reader 8.1.2 - Français

Apple Mobile Device Support

Apple Software Update

Archiveur WinRAR

Athlon 64 Processor Driver

Avira AntiVir Personal – Free Antivirus

Bonjour

Complément Microsoft Word pour Microsoft Works Suite

Correctif pour Windows Internet Explorer 7 (KB947864)

Correctif pour Windows XP (KB914440)

Correctif Windows XP - KB867282

Correctif Windows XP - KB873339

Correctif Windows XP - KB885250

Correctif Windows XP - KB885835

Correctif Windows XP - KB885836

Correctif Windows XP - KB885884

Correctif Windows XP - KB886185

Correctif Windows XP - KB887472

Correctif Windows XP - KB887742

Correctif Windows XP - KB888113

Correctif Windows XP - KB888302

Correctif Windows XP - KB890047

Correctif Windows XP - KB890175

Correctif Windows XP - KB890859

Correctif Windows XP - KB890923

Correctif Windows XP - KB891781

Correctif Windows XP - KB893086

Disc2Phone

Disc2Phone

eoEngine 4.4

eoRss 2.1

EPSON Attach To Email

EPSON Copy Utility 3

EPSON Easy Photo Print

EPSON File Manager

EPSON Image Clip Palette

EPSON Logiciel imprimante

EPSON Scan

EPSON Scan Assistant

EPSON Web-To-Page

ESDX3800 Guide d'utilisation

FinePixViewer Ver.4.3

Free - Kit de connexion

FUJIFILM USB Driver

Google Earth

Google Toolbar for Internet Explorer

HijackThis 2.0.2

Hot Wheels® Mechanix

Hotfix for Windows XP (KB915865)

iTunes

J2SE Runtime Environment 5.0 Update 6

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Picture It! Photo 7.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Word 2002

Microsoft Works 7.0

Mise à jour de sécurité pour Lecteur Windows Media (KB911564)

Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)

Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)

Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)

Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)

Mise à jour de sécurité pour Windows XP (KB890046)

Mise à jour de sécurité pour Windows XP (KB893066)

Mise à jour de sécurité pour Windows XP (KB893756)

Mise à jour de sécurité pour Windows XP (KB896358)

Mise à jour de sécurité pour Windows XP (KB896422)

Mise à jour de sécurité pour Windows XP (KB896423)

Mise à jour de sécurité pour Windows XP (KB896424)

Mise à jour de sécurité pour Windows XP (KB896428)

Mise à jour de sécurité pour Windows XP (KB899587)

Mise à jour de sécurité pour Windows XP (KB899591)

Mise à jour de sécurité pour Windows XP (KB900725)

Mise à jour de sécurité pour Windows XP (KB901017)

Mise à jour de sécurité pour Windows XP (KB901190)

Mise à jour de sécurité pour Windows XP (KB901214)

Mise à jour de sécurité pour Windows XP (KB902400)

Mise à jour de sécurité pour Windows XP (KB904706)

Mise à jour de sécurité pour Windows XP (KB905414)

Mise à jour de sécurité pour Windows XP (KB905749)

Mise à jour de sécurité pour Windows XP (KB905915)

Mise à jour de sécurité pour Windows XP (KB908519)

Mise à jour de sécurité pour Windows XP (KB908531)

Mise à jour de sécurité pour Windows XP (KB911280)

Mise à jour de sécurité pour Windows XP (KB911562)

Mise à jour de sécurité pour Windows XP (KB911567)

Mise à jour de sécurité pour Windows XP (KB911927)

Mise à jour de sécurité pour Windows XP (KB912812)

Mise à jour de sécurité pour Windows XP (KB912919)

Mise à jour de sécurité pour Windows XP (KB913446)

Mise à jour de sécurité pour Windows XP (KB913580)

Mise à jour de sécurité pour Windows XP (KB914388)

Mise à jour de sécurité pour Windows XP (KB914389)

Mise à jour de sécurité pour Windows XP (KB916281)

Mise à jour de sécurité pour Windows XP (KB917159)

Mise à jour de sécurité pour Windows XP (KB917344)

Mise à jour de sécurité pour Windows XP (KB917422)

Mise à jour de sécurité pour Windows XP (KB917953)

Mise à jour de sécurité pour Windows XP (KB918118)

Mise à jour de sécurité pour Windows XP (KB918439)

Mise à jour de sécurité pour Windows XP (KB918899)

Mise à jour de sécurité pour Windows XP (KB919007)

Mise à jour de sécurité pour Windows XP (KB920213)

Mise à jour de sécurité pour Windows XP (KB920214)

Mise à jour de sécurité pour Windows XP (KB920670)

Mise à jour de sécurité pour Windows XP (KB920683)

Mise à jour de sécurité pour Windows XP (KB920685)

Mise à jour de sécurité pour Windows XP (KB921398)

Mise à jour de sécurité pour Windows XP (KB921503)

Mise à jour de sécurité pour Windows XP (KB921883)

Mise à jour de sécurité pour Windows XP (KB922616)

Mise à jour de sécurité pour Windows XP (KB922760)

Mise à jour de sécurité pour Windows XP (KB922819)

Mise à jour de sécurité pour Windows XP (KB923191)

Mise à jour de sécurité pour Windows XP (KB923414)

Mise à jour de sécurité pour Windows XP (KB923689)

Mise à jour de sécurité pour Windows XP (KB923694)

Mise à jour de sécurité pour Windows XP (KB923980)

Mise à jour de sécurité pour Windows XP (KB924191)

Mise à jour de sécurité pour Windows XP (KB924270)

Mise à jour de sécurité pour Windows XP (KB924496)

Mise à jour de sécurité pour Windows XP (KB924667)

Mise à jour de sécurité pour Windows XP (KB925486)

Mise à jour de sécurité pour Windows XP (KB925902)

Mise à jour de sécurité pour Windows XP (KB926255)

Mise à jour de sécurité pour Windows XP (KB926436)

Mise à jour de sécurité pour Windows XP (KB927779)

Mise à jour de sécurité pour Windows XP (KB927802)

Mise à jour de sécurité pour Windows XP (KB928255)

Mise à jour de sécurité pour Windows XP (KB928843)

Mise à jour de sécurité pour Windows XP (KB929123)

Mise à jour de sécurité pour Windows XP (KB930178)

Mise à jour de sécurité pour Windows XP (KB931261)

Mise à jour de sécurité pour Windows XP (KB931784)

Mise à jour de sécurité pour Windows XP (KB932168)

Mise à jour de sécurité pour Windows XP (KB933729)

Mise à jour de sécurité pour Windows XP (KB935839)

Mise à jour de sécurité pour Windows XP (KB935840)

Mise à jour de sécurité pour Windows XP (KB936021)

Mise à jour de sécurité pour Windows XP (KB938829)

Mise à jour de sécurité pour Windows XP (KB941202)

Mise à jour de sécurité pour Windows XP (KB941568)

Mise à jour de sécurité pour Windows XP (KB941569)

Mise à jour de sécurité pour Windows XP (KB941644)

Mise à jour de sécurité pour Windows XP (KB941693)

Mise à jour de sécurité pour Windows XP (KB943055)

Mise à jour de sécurité pour Windows XP (KB943460)

Mise à jour de sécurité pour Windows XP (KB943485)

Mise à jour de sécurité pour Windows XP (KB944653)

Mise à jour de sécurité pour Windows XP (KB945553)

Mise à jour de sécurité pour Windows XP (KB946026)

Mise à jour de sécurité pour Windows XP (KB948590)

Mise à jour de sécurité pour Windows XP (KB948881)

Mise à jour de sécurité pour Windows XP (KB950749)

Mise à jour de sécurité pour Windows XP (KB950760)

Mise à jour de sécurité pour Windows XP (KB950762)

Mise à jour de sécurité pour Windows XP (KB951376)

Mise à jour de sécurité pour Windows XP (KB951376-v2)

Mise à jour de sécurité pour Windows XP (KB951698)

Mise à jour pour Windows XP (KB894391)

Mise à jour pour Windows XP (KB898461)

Mise à jour pour Windows XP (KB900485)

Mise à jour pour Windows XP (KB904942)

Mise à jour pour Windows XP (KB910437)

Mise à jour pour Windows XP (KB916595)

Mise à jour pour Windows XP (KB920872)

Mise à jour pour Windows XP (KB922582)

Mise à jour pour Windows XP (KB927891)

Mise à jour pour Windows XP (KB929338)

Mise à jour pour Windows XP (KB930916)

Mise à jour pour Windows XP (KB931836)

Mise à jour pour Windows XP (KB932823-v3)

Mise à jour pour Windows XP (KB933360)

Mise à jour pour Windows XP (KB938828)

Mise à jour pour Windows XP (KB942763)

MSXML 4.0 SP2 (KB936181)

Nero 7 Ultra Edition

NTI Backup NOW! 4

NTI CD & DVD-Maker

NTI HomeVideo-Maker

NVIDIA Drivers

NvMixer

PIF DESIGNER

PowerDVD

QuickTime

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

Sélecteur d'installation de Microsoft Works Suite 2003

Share Accelerator MM Toolbar

Sony Ericsson Device Data

Sony Ericsson Drivers

Sony Ericsson PC Suite

Sony Ericsson PC Suite

VideoLAN VLC media player 0.8.6c

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Live Messenger

Windows Live Sign-in Assistant

WinPcap 4.0 alpha1

WordBiz version 1.8

 

Sur les symptomes bizarre il y a une fenêtre Rundll qui s'ouvre au démarrage de la session:

Rundll Erreur de chargement C:\document~1\sabine\\locals~1\temp\tcvnkrkn.dll Le module spécifé est introuvable.

 

 

@+

Midnight

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Re,

 

On arrive au bout visiblement. Tu ne m'as pas indiqué si la suppression des répertoires et fichiers s'est bien passée ?

 

Rends toi dans le panneau de configuration > Ajout/Suppression de programmes et désinstalle :

  • J2SE Runtime Environment 5.0 Update 6 : cette version est obsolète, la conserver introduit une vulnérabilité. Rends toi ensuite sur ce lien afin de procéder à l'installation d'une version à jour. Prends soin de décocher l'installation de la Toolbar (barre d'outils supplémentaires Yahoo).

 

Relance un scan HijackThis

  • Clique sur Do a system scan only et coche les lignes ci-dessous :

  • R3 - URLSearchHook: (no name) - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)
    O4 - HKCU\..\Run: [bMb350b356] Rundll32.exe "C:\DOCUME~1\sabine\LOCALS~1\Temp\tcvnkrkn.dll",s

  • Ferme toutes les fenêtres sauf HijackThis et Fix Checked.

 

Relance Atf-cleaner.exe comme précédemment, et renouvelle un nettoyage des fichiers temporaires. Redémarre, et assure toi que la fenêtre Rundll qui s'ouvrait au démarrage n'apparaît plus. Si tout va bien, désinstalle toujours via le Panneau de configuration>Ajout/Suppression de programmes Hijackthis. Sinon, arrête toi là et rapporte le moi.

 

Je t'avais fait télécharger Atf-cleaner : je te suggère de le conserver, il permet de vider et supprimer des fichiers temporaires très facilement. Sinon, il te suffit de supprimer le fichier tout simplement.

 

Je t'ai également télécharger MBAM : c'est un outil gratuit sans son module résident. Je te suggère de le laisser sur le PC, et de procéder de temps en temps à des mises à jours afin d'effectuer quelques analyses de prévention (à privilégier en mode sans échec). Sinon, tu peux le désinstaller via le Panneau de configuration.

 

Puisque ton pc ne présente plus de disfonctionnements, je te fais désactiver et réactiver ta restauration système de sorte d'effacer tous tes anciens points de restauration. Histoire de repartir sur des bases saines. Suis la manipulation indiquée :

 

Ne t'inquiète pas, en la réactivant, Windows recréera automatiquement un point de restauration qui sera, lui, propre. Procède comme ceci :

-clic droit sur Poste de travail / Propriétés / onglet Système de restauration

- coche la case "Désactiver le système de restauration..."

- clique sur "Appliquer" puis "oui"

- - redémarre, reviens sur ce panneau

- décoche la case "Désactiver le système de restauration..." pour remettre les choses en place.

- clique sur "Appliquer" puis "Ok"

Pour une aide visuelle, tu peux consulter ce lien de Bruce lee.

 

Pour les mises à jour windows : afin de pallier au plus pressé afin de s'assurer que ce pc dispose des mises à jour importantes, rends toi sur ce lien de sorte de les effectuer. Sue ce lien, tu trouveras une aide visuelle pour paramétrer l'activation des mises à jour automatiques. Il est possible que ces dernières te donnent l'illusion de ne pas fonctionner si tu as -sans faire attention- paramétrer une heure précise pour le téléchargement et l'installation de ces dernières.

 

Il y a-t-il d'autres soucis que tu n'aurais pas évoqué ? Comment va ce pc à présent ?

 

A bientôt.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...