Multiples malwares et autres aux noms exotiques

Pierre2.0 · le 30 mars 2009

Bonjour,

j'ai peur que mon petit, croyant améliorer le pc en installant divers trucs à la mode, ne nous ait infecté de pas mal de choses :

- le pc ralentit

- on a systématiquement des pages de pub qui s'incrustent

- les pages mettent très longtemps à s'afficher.

En utilisant hijackthis (je suis très très novice), j'ai déjà fixé un certain nombre de dll aux noms exotiques, comme "horomina", "betipafe", "rugahojo" mais ils reviennent sans cesse...

Que faire?

Voici la copie de mon rapport HJT :

"Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:17:09, on 30/03/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Keyboard Driver\Keyboard Driver\ikeymain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Apps\EZHome\EZStatus.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Documents and Settings\Pieter\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

C:\Documents and Settings\Pieter\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Windows Live\Family Safety\fsssvc.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_19.04.2008_13-41.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSCNo.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://lo.st#first

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: {44badfc5-d161-ba79-8394-536ebfabb4a4} - {4a4bbafb-e635-4938-97ab-161d5cfdab44} - C:\WINDOWS\system32\otwmse.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: (no name) - {bdca25aa-8a06-457e-8fc2-a08882a2f2de} - C:\WINDOWS\system32\horomina.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [Keyboard driver ] "C:\Program Files\Keyboard Driver\Keyboard Driver\ikeymain.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [88ad7e37] rundll32.exe "C:\WINDOWS\system32\dobohero.dll",b

O4 - HKLM\..\Run: [CPM8b9e4dab] Rundll32.exe "c:\windows\system32\jebojope.dll",a

O4 - HKLM\..\Run: [sihakorayo] Rundll32.exe "C:\WINDOWS\system32\tevaziva.dll",s

O4 - HKCU\..\Run: [EzStatus] C:\Apps\EZHome\EZStatus.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [sihakorayo] Rundll32.exe "C:\WINDOWS\system32\tevaziva.dll",s (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Pieter\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Pieter\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (User 'Default user')

O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Pieter\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O15 - Trusted Zone: http://www.secuser.com

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BDA50872-4680-4ABE-A470-4CB41D13FEFE}: NameServer = 192.168.1.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\mekaboge.dll c:\windows\system32\jebojope.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jebojope.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jebojope.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: setup_7.0.0.180_19.04.2008_13-41 - Kaspersky Lab - C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_19.04.2008_13-41.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--

End of file - 13550 bytes

"

Merci de votre aide.

pear · le 30 mars 2009

Bonsoir,

# vous devez désactiver la protection en temps réel, de votre antivirus qui détecte certains composants de ce logiciel comme néfastes.

* Pour cela, faites un clic droit sur l'icône en bas à droite à côté de l'horloge.

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

Télécharger SDFix par AndyManchesta

et le sauvegarder sur le Bureau.

Double cliquer sur SDFix.exe et choisir Install pour l'extraire

SDFix s'installe à la racine de la partition système (par défaut, Généralement C:). .

Redémarrer en mode sans échec

* Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clic sur RunThis.bat pour lancer le script.

* Appuyer sur Y pour commencer le processus de nettoyage.

* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis demandera d'appuyer sur une touche pour redémarrer.

Si Sdfix ne se lance pas

1)Démarrer->Exécuter

Copiez/collez :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

cliquez ok, et validez.

Redémarrez et essayez de nouveau de lancer Sdfix.

2)Si vous avez le message Cette commande a été désactivée par votre Administrateur

Appuyez sur une touche pour continuer:

Démarrer->Exécuter

Copiez/Collez

%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg

Validez

Relancez Sdfix

* Le redémarrage sera plus lent qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.

* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt

* Postez le rapport ici.

Téléchargez Malwarebytes' Anti-Malware (MBAM)

[branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

Si la mise à jour automatique échouait pour une raison quelconque,par exemple une installation de Mbam sur clé usb,

Téléchargez la mise à jour ici

double-cliquer sur le fichier mbam-rules.exe pour installer la mise à jour

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

Modifié le 30 mars 2009 par pear

Pierre2.0 · le 1 avril 2009

Bonjour et merci pour cette procédure claire.

Tout s'est passé selon le schéma indiqué, et voici les rapports :

SDFIX

SDFix: Version 1.240

Run by Administrateur on 01/04/2009 at 16:13

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-01 16:43:47

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:9fab8b41

"s2"=dword:0b0b8170

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:8f,1a,69,92,fb,27,1e,ab,32,7b,99,e1,ee,fd,78,05,02,c6,b9,52,d7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:8f,1a,69,92,fb,27,1e,ab,32,7b,99,e1,ee,fd,78,05,02,c6,b9,52,d7,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"="C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II"

"C:\\Program Files\\Macromedia\\Dreamweaver 2\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 2\\Dreamweaver.exe:*:Enabled:Dreamweaver"

"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-frFR-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-frFR-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\Infogrames\\Civilization III\\Conquests\\Civ3Conquests.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Conquests\\Civ3Conquests.exe:*:Enabled:Civ3Conquests"

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"

"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"

"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\IS\\bin\\appletviewer.exe"="C:\\IS\\bin\\appletviewer.exe:*:Enabled:appletviewer"

"C:\\Program Files\\Cossacks\\dmcr.exe"="C:\\Program Files\\Cossacks\\dmcr.exe:*:Disabled:dmcr"

"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"

"C:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe"="C:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe:*:Enabled:CivCity Rome"

"C:\\Program Files\\NAMCO BANDAI Games\\Warhammer® Mark of Chaos\\Warhammer.exe"="C:\\Program Files\\NAMCO BANDAI Games\\Warhammer® Mark of Chaos\\Warhammer.exe:*:Disabled:Warhammer®: Mark of Chaos™"

"C:\\Program Files\\Wings of War DEMO\\WOWdemo.exe"="C:\\Program Files\\Wings of War DEMO\\WOWdemo.exe:*:Enabled:WOWdemo"

"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\Program Files\\Railroad Tycoon 3\\RT3.exe"="C:\\Program Files\\Railroad Tycoon 3\\RT3.exe:*:Disabled:Railroad Tycoon 3"

"C:\\Program Files\\Metin2_France\\metin2.bin"="C:\\Program Files\\Metin2_France\\metin2.bin:*:Enabled:metin2"

"C:\\Documents and Settings\\Pieter\\Bureau\\DYLAN DOCS\\metihn2\\metin2.bin"="C:\\Documents and Settings\\Pieter\\Bureau\\DYLAN DOCS\\metihn2\\metin2.bin:*:Enabled:metin2"

"C:\\Documents and Settings\\Pieter\\Bureau\\DYLAN DOCS\\Jeux\\Rôle\\metihn2\\metin2.bin"="C:\\Documents and Settings\\Pieter\\Bureau\\DYLAN DOCS\\Jeux\\Rôle\\metihn2\\metin2.bin:*:Enabled:metin2"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"

"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"

"C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exe:*:Enabled:logonui"

"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"

"C:\\Documents and Settings\\Pieter\\Bureau\\40000\\Warahmer40000.exe"="C:\\Documents and Settings\\Pieter\\Bureau\\40000\\Warahmer40000.exe:*:Enabled:Warahmer40000"

"C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"="C:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*:Enabled:Zapu Control"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

Remaining Files :

Files with Hidden Attributes :

Wed 10 Nov 2004 215 A.SHR --- "C:\BOOT.BAK"

Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"

Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

Mon 26 Jan 2009 2,144,088 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

--- 61,440 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc1.exe"

Sat 21 Feb 2009 2,724 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc10.dll"

--- 72,192 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc100.dll"

--- 73,216 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc101.dll"

--- 109,056 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc102.dll"

--- 99,328 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc103.dll"

--- 99,328 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc104.dll"

--- 101,888 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc105.dll"

Sun 28 Sep 2008 63,488 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc106.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc107.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc108.dll"

--- 108,544 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc109.dll"

--- 64,512 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc11.dll"

--- 68,096 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc110.dll"

--- 61,440 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc111.dll"

--- 86,016 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc112.dll"

--- 62,976 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc113.dll"

--- 102,912 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc114.dll"

--- 102,912 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc115.dll"

--- 72,192 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc116.dll"

--- 109,056 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc117.dll"

--- 97,792 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc118.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc119.dll"

Sat 14 Feb 2009 2,724 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc12.dll"

--- 99,840 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc120.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc121.dll"

--- 84,992 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc122.dll"

--- 102,912 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc123.dll"

--- 72,192 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc124.dll"

Mon 29 Sep 2008 87,040 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc125.dll"

--- 91,648 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc126.dll"

--- 107,520 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc127.dll"

--- 64,512 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc13.dll"

--- 65,024 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc14.dll"

--- 68,096 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc15.dll"

--- 109,056 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc16.dll"

--- 107,520 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc17.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc18.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc2.dll"

--- 107,520 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc20.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc22.dll"

Fri 26 Dec 2008 2,724 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc23.dll"

--- 104,448 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc24.dll"

--- 98,816 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc25.dll"

--- 108,032 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc26.dll"

--- 65,024 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc27.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc28.dll"

--- 108,544 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc29.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc3.dll"

--- 72,192 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc30.dll"

--- 109,568 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc31.dll"

--- 72,704 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc32.dll"

--- 110,080 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc33.dll"

--- 72,192 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc34.dll"

--- 73,216 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc35.dll"

--- 102,400 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc36.dll"

--- 100,352 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc37.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc38.dll"

Tue 23 Sep 2008 62,464 A..H. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc39.dll"

Thu 26 Mar 2009 140,800 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc4.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc40.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc41.dll"

--- 73,728 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc42.dll"

--- 72,192 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc43.dll"

--- 72,704 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc44.dll"

--- 109,056 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc46.dll"

--- 100,352 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc47.dll"

--- 97,280 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc48.dll"

--- 101,376 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc49.dll"

--- 74,240 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc5.dll"

Wed 18 Feb 2009 2,724 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc50.dll"

Fri 6 Feb 2009 2,724 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc51.dll"

--- 140,800 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc52.dll"

--- 86,016 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc53.dll"

--- 74,240 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc54.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc55.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc56.dll"

Mon 29 Sep 2008 61,440 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc57.dll"

--- 109,056 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc58.dll"

--- 73,728 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc59.dll"

--- 109,568 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc6.dll"

--- 90,624 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc60.dll"

Tue 30 Sep 2008 96,256 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc61.dll"

--- 24,418 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc62.dll"

--- 100,352 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc63.dll"

--- 67,072 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc64.dll"

--- 109,056 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc65.dll"

--- 64,000 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc66.dll"

--- 97,280 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc67.dll"

--- 74,240 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc68.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc69.dll"

--- 110,080 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc7.dll"

--- 72,704 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc70.dll"

--- 109,568 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc71.dll"

--- 108,544 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc72.dll"

--- 109,568 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc73.dll"

Tue 17 Feb 2009 2,724 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc74.dll"

Tue 17 Feb 2009 2,724 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc75.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc76.dll"

--- 107,520 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc77.dll"

--- 86,528 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc78.dll"

--- 73,728 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc79.dll"

--- 74,240 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc8.dll"

--- 90,624 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc80.dll"

--- 64,000 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc81.dll"

--- 73,728 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc82.dll"

--- 63,488 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc83.dll"

--- 101,888 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc84.dll"

--- 109,568 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc85.dll"

--- 101,888 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc86.dll"

--- 109,568 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc87.dll"

--- 108,032 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc88.dll"

--- 109,568 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc89.dll"

Thu 26 Mar 2009 69,191 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc9.dll"

--- 63,488 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc90.dll"

--- 73,728 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc91.dll"

--- 95,232 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc92.dll"

Sat 3 Jan 2009 2,724 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc93.dll"

--- 131,584 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc94.dll"

Tue 24 Feb 2009 2,724 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc95.dll"

--- 109,568 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc96.dll"

--- 90,624 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc97.dll"

--- 65,024 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc98.dll"

--- 86,016 A.SH. --- "C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc99.dll"

--- 104,960 A.SH. --- "C:\WINDOWS\system32\buyetuza.dll"

Mon 30 Mar 2009 99,840 A..H. --- "C:\WINDOWS\system32\hahohetu.dll"

Mon 30 Mar 2009 104,448 A..H. --- "C:\WINDOWS\system32\jebojope.dll"

Sat 28 Mar 2009 61,440 A.SH. --- "C:\WINDOWS\system32\jorujedi.exe"

Thu 26 Mar 2009 140,800 A.SH. --- "C:\WINDOWS\system32\otwmse.dll"

--- 99,840 A.SH. --- "C:\WINDOWS\system32\ratijipe.dll"

Sat 31 Jan 2009 2,724 A.SH. --- "C:\WINDOWS\system32\rifubuko.dll"

--- 95,232 A.SH. --- "C:\WINDOWS\system32\rigitaza.dll"

--- 108,032 A.SH. --- "C:\WINDOWS\system32\rilonake.dll"

--- 108,032 A.SH. --- "C:\WINDOWS\system32\riyakuge.dll"

--- 109,056 A.SH. --- "C:\WINDOWS\system32\rizepato.dll"

--- 99,328 A.SH. --- "C:\WINDOWS\system32\rodudaya.dll"

--- 109,056 A.SH. --- "C:\WINDOWS\system32\romabotu.dll"

--- 61,440 A.SH. --- "C:\WINDOWS\system32\romekaye.exe"

--- 63,488 A.SH. --- "C:\WINDOWS\system32\romopifo.dll"

--- 109,568 A.SH. --- "C:\WINDOWS\system32\roweyubo.dll"

Sun 29 Mar 2009 100,352 A.SH. --- "C:\WINDOWS\system32\ruginefo.dll"

--- 73,728 A.SH. --- "C:\WINDOWS\system32\rujamika.dll"

--- 72,192 A.SH. --- "C:\WINDOWS\system32\rutesawo.dll"

--- 74,240 A.SH. --- "C:\WINDOWS\system32\sagimame.dll"

--- 61,440 A.SH. --- "C:\WINDOWS\system32\segorado.dll"

--- 93,184 A.SH. --- "C:\WINDOWS\system32\sejutedi.dll"

Tue 24 Feb 2009 2,724 A.SH. --- "C:\WINDOWS\system32\sesomowo.dll"

--- 95,232 A.SH. --- "C:\WINDOWS\system32\setulame.dll"

--- 87,552 A.SH. --- "C:\WINDOWS\system32\seyomaju.dll"

Sun 29 Mar 2009 61,440 A.SH. --- "C:\WINDOWS\system32\siliyada.exe"

Fri 26 Sep 2008 62,976 A.SH. --- "C:\WINDOWS\system32\sofigeda.dll"

--- 69,120 A.SH. --- "C:\WINDOWS\system32\sohovaha.dll"

Sun 29 Mar 2009 104,448 A.SH. --- "C:\WINDOWS\system32\sonumiwo.dll"

--- 71,168 A.SH. --- "C:\WINDOWS\system32\sosazeri.dll"

Fri 26 Sep 2008 87,040 A.SH. --- "C:\WINDOWS\system32\sudinasu.dll"

--- 110,080 A.SH. --- "C:\WINDOWS\system32\sufazibu.dll"

--- 95,232 A.SH. --- "C:\WINDOWS\system32\supilime.dll"

--- 100,352 A.SH. --- "C:\WINDOWS\system32\suzirowa.dll"

--- 95,232 A.SH. --- "C:\WINDOWS\system32\tehayela.dll"

Wed 11 Feb 2009 2,724 A.SH. --- "C:\WINDOWS\system32\temekatu.dll"

Sat 27 Sep 2008 63,488 A.SH. --- "C:\WINDOWS\system32\tezepugi.dll"

--- 109,056 A.SH. --- "C:\WINDOWS\system32\tifukako.dll"

--- 93,184 A.SH. --- "C:\WINDOWS\system32\tigogitu.dll"

--- 86,016 A.SH. --- "C:\WINDOWS\system32\tijevufi.dll"

--- 95,232 A.SH. --- "C:\WINDOWS\system32\timijapu.dll"

--- 100,352 A.SH. --- "C:\WINDOWS\system32\tivivapi.dll"

--- 110,080 A.SH. --- "C:\WINDOWS\system32\torayiya.dll"

Tue 23 Sep 2008 62,464 A.SH. --- "C:\WINDOWS\system32\toturobe.dll"

--- 65,024 A.SH. --- "C:\WINDOWS\system32\tubivabo.dll"

--- 99,328 A.SH. --- "C:\WINDOWS\system32\tusavila.dll"

--- 95,232 A.SH. --- "C:\WINDOWS\system32\vakumene.dll"

--- 108,032 A.SH. --- "C:\WINDOWS\system32\vamegeye.dll"

--- 74,240 A.SH. --- "C:\WINDOWS\system32\visoziyo.dll"

--- 73,216 A.SH. --- "C:\WINDOWS\system32\viveveno.dll"

--- 95,232 A.SH. --- "C:\WINDOWS\system32\viyiyini.dll"

--- 73,728 A.SH. --- "C:\WINDOWS\system32\volizita.dll"

--- 73,216 A.SH. --- "C:\WINDOWS\system32\volorume.dll"

--- 64,512 A.SH. --- "C:\WINDOWS\system32\vubuvuha.dll"

--- 73,216 A.SH. --- "C:\WINDOWS\system32\vunogenu.dll"

--- 110,080 A.SH. --- "C:\WINDOWS\system32\vupeteho.dll"

--- 95,232 A.SH. --- "C:\WINDOWS\system32\vusiwumi.dll"

--- 73,728 A.SH. --- "C:\WINDOWS\system32\wahoneza.dll"

--- 107,008 A.SH. --- "C:\WINDOWS\system32\wapozevo.dll"

--- 98,816 A.SH. --- "C:\WINDOWS\system32\warejugo.dll"

--- 95,232 A.SH. --- "C:\WINDOWS\system32\wayolelu.dll"

--- 67,072 A.SH. --- "C:\WINDOWS\system32\wehokigo.dll"

--- 86,016 A.SH. --- "C:\WINDOWS\system32\weholapa.dll"

--- 73,728 A.SH. --- "C:\WINDOWS\system32\werihova.dll"

Thu 25 Sep 2008 99,328 A.SH. --- "C:\WINDOWS\system32\werolime.dll"

--- 95,232 A.SH. --- "C:\WINDOWS\system32\wivawira.dll"

--- 64,512 A.SH. --- "C:\WINDOWS\system32\wivuvala.dll"

--- 108,544 A.SH. --- "C:\WINDOWS\system32\wobarale.dll"

--- 99,328 A.SH. --- "C:\WINDOWS\system32\wopebulu.dll"

--- 99,840 A.SH. --- "C:\WINDOWS\system32\wotologa.dll"

--- 65,024 A.SH. --- "C:\WINDOWS\system32\wowafuha.dll"

--- 65,024 A.SH. --- "C:\WINDOWS\system32\woyohipo.dll"

--- 109,568 A.SH. --- "C:\WINDOWS\system32\wudiyopi.dll"

Thu 28 Feb 2008 9 A..H. --- "C:\WINDOWS\system32\wxmmin.dll"

--- 108,544 A.SH. --- "C:\WINDOWS\system32\yadebene.dll"

--- 95,232 A.SH. --- "C:\WINDOWS\system32\yapafeju.dll"

--- 71,168 A.SH. --- "C:\WINDOWS\system32\yazelado.dll"

--- 100,864 A.SH. --- "C:\WINDOWS\system32\yebineza.dll"

Tue 30 Sep 2008 62,464 A.SH. --- "C:\WINDOWS\system32\yeyatene.dll"

--- 95,232 A.SH. --- "C:\WINDOWS\system32\yivoboki.dll"

--- 100,864 A.SH. --- "C:\WINDOWS\system32\yoguyutu.dll"

--- 101,376 A.SH. --- "C:\WINDOWS\system32\yubihimo.dll"

--- 103,936 A.SH. --- "C:\WINDOWS\system32\yunohoyo.dll"

--- 95,232 A.SH. --- "C:\WINDOWS\system32\yurezasa.dll"

--- 71,168 A.SH. --- "C:\WINDOWS\system32\zabipevi.dll"

--- 72,192 A.SH. --- "C:\WINDOWS\system32\zakupuju.dll"

--- 74,240 A.SH. --- "C:\WINDOWS\system32\zebelivu.dll"

--- 108,032 A.SH. --- "C:\WINDOWS\system32\zegofadu.dll"

--- 68,096 A.SH. --- "C:\WINDOWS\system32\zelorogi.dll"

Sun 28 Dec 2008 2,724 A.SH. --- "C:\WINDOWS\system32\zemupalu.dll"

--- 108,544 A.SH. --- "C:\WINDOWS\system32\zibuyubo.dll"

--- 64,000 A.SH. --- "C:\WINDOWS\system32\zihaleha.dll"

--- 95,232 A.SH. --- "C:\WINDOWS\system32\ziwotuha.dll"

Wed 24 Sep 2008 97,792 A.SH. --- "C:\WINDOWS\system32\zobirawa.dll"

--- 87,552 A.SH. --- "C:\WINDOWS\system32\zodofigu.dll"

--- 63,488 A.SH. --- "C:\WINDOWS\system32\zodogupe.dll"

--- 105,984 A.SH. --- "C:\WINDOWS\system32\zofosude.dll"

--- 109,056 A.SH. --- "C:\WINDOWS\system32\zudeyuwi.dll"

--- 86,016 A.SH. --- "C:\WINDOWS\system32\zulagovi.dll"

Sat 19 Feb 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Fri 4 Apr 2008 211 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiC.tmp"

Thu 27 Nov 2003 3,239,936 A..HR --- "C:\Program Files\JoWooD\SpellForce\ar.exe"

Sun 15 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Sat 12 Aug 2006 32,768 ...H. --- "C:\Documents and Settings\Pieter\Application Data\Microsoft\Word\~WRL0103.tmp"

Sat 12 Aug 2006 26,112 ...H. --- "C:\Documents and Settings\Pieter\Application Data\Microsoft\Word\~WRL0600.tmp"

Sat 12 Aug 2006 32,256 ...H. --- "C:\Documents and Settings\Pieter\Application Data\Microsoft\Word\~WRL1001.tmp"

Sat 12 Aug 2006 29,696 ...H. --- "C:\Documents and Settings\Pieter\Application Data\Microsoft\Word\~WRL1928.tmp"

Sat 12 Aug 2006 23,040 ...H. --- "C:\Documents and Settings\Pieter\Application Data\Microsoft\Word\~WRL3063.tmp"

Sat 12 Aug 2006 23,040 ...H. --- "C:\Documents and Settings\Pieter\Application Data\Microsoft\Word\~WRL3297.tmp"

Sat 12 Aug 2006 28,672 ...H. --- "C:\Documents and Settings\Pieter\Application Data\Microsoft\Word\~WRL3398.tmp"

Sat 31 Jan 2009 38,912 A..H. --- "C:\Documents and Settings\Pieter\Bureau\dyl\Coop nature Dylan\~WRL2227.tmp"

Sat 31 Jan 2009 69,632 A..H. --- "C:\Documents and Settings\Pieter\Bureau\dyl\Coop nature Dylan\~WRL3706.tmp"

Fri 12 Mar 2004 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"

Sun 23 Jul 2006 32,256 A..H. --- "C:\Documents and Settings\Pieter\Mes documents\Enfants du Lude\Dossiers par jeu\Pochtron\~WRL2567.tmp"

Sat 12 Aug 2006 20,480 A..H. --- "C:\Documents and Settings\Pieter\Mes documents\Enfants du Lude\Dossiers par jeu\Pochtron\~WRL3183.tmp"

Tue 9 Nov 2004 19,456 A..H. --- "C:\Documents and Settings\Pieter\Mes documents\Viala\Viala 2004-5\z administration\~WRL0001.tmp"

Fri 19 Nov 2004 19,456 A..H. --- "C:\Documents and Settings\Pieter\Mes documents\Viala\Viala 2004-5\z administration\~WRL0005.tmp"

Sun 30 Sep 2001 26,624 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Id‚al\~WRL0003.tmp"

Sun 11 Nov 2001 30,208 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Id‚al\~WRL1598.tmp"

Sun 4 Nov 2001 26,112 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Id‚al\~WRL1601.tmp"

Sun 4 Nov 2001 27,648 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Id‚al\~WRL2744.tmp"

Sun 2 Dec 2001 19,456 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Jeux et textes con‡us\~WRL0001.tmp"

Wed 5 Dec 2001 20,992 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Jeux et textes con‡us\~WRL0002.tmp"

Sun 11 Nov 2001 72,192 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Progression et Agenda\~WRL0004.tmp"

Sun 11 Nov 2001 70,144 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Progression et Agenda\~WRL1318.tmp"

Sun 11 Nov 2001 65,024 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Progression et Agenda\~WRL1337.tmp"

Sat 3 Nov 2001 23,552 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Progression et Agenda\~WRL1603.tmp"

Sun 11 Nov 2001 69,632 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Progression et Agenda\~WRL1760.tmp"

Sun 11 Nov 2001 63,488 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Progression et Agenda\~WRL2060.tmp"

Sun 11 Nov 2001 25,088 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Progression et Agenda\~WRL2493.tmp"

Sat 3 Nov 2001 27,648 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Progression et Agenda\~WRL2909.tmp"

Sun 11 Nov 2001 66,048 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Progression et Agenda\~WRL3293.tmp"

Sun 11 Nov 2001 64,512 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Progression et Agenda\~WRL3476.tmp"

Sat 3 Nov 2001 24,576 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Progression et Agenda\~WRL3586.tmp"

Sun 11 Nov 2001 67,584 A..H. --- "C:\Documents and Settings\Pieter\Bureau\Rec ZIP\Zip 3\E 2001\Progression et Agenda\~WRL3663.tmp"

Thu 11 May 2006 27,136 A..H. --- "C:\Documents and Settings\Pieter\Mes documents\Viala\CREP\coordination ZEP - sauvegarde du 5 juillet\Cr‚dits ZEP\~WRL0002.tmp"

Wed 1 Dec 2004 27,136 A..H. --- "C:\Documents and Settings\Pieter\Mes documents\Viala\Viala 2006-7 Sauvegarde du 1er octobre 2007\Fran‡ais\Litt‚rature\enfant oc‚an\~WRL0003.tmp"

Wed 1 Dec 2004 27,136 A..H. --- "C:\Documents and Settings\Pieter\Mes documents\Viala\Viala 2005-6 sauvegarde du 5 juillet 2006\Fran‡ais\Litt‚rature\enfant oc‚an\~WRL0003.tmp"

Sun 9 Sep 2007 81,408 A..H. --- "C:\Documents and Settings\Pieter\Bureau\sauvegarde clef 092008\Viala 2007-8\G‚rer la classe\Emploi du temps\Journal de 2007-2008\per 1\~WRL0002.tmp"

Wed 1 Dec 2004 27,136 A..H. --- "C:\Documents and Settings\Pieter\Bureau\sauvegarde clef 092008\Viala 2007-8\Les matiŠres\Fran‡ais\Litt‚rature\enfant oc‚an\~WRL0003.tmp"

Finished!

MBAM

Malwarebytes' Anti-Malware 1.35

Version de la base de données: 1929

Windows 5.1.2600 Service Pack 2

01/04/2009 18:56:06

mbam-log-2009-04-01 (18-56-06).txt

Type de recherche: Examen complet (C:\|F:\|)

Eléments examinés: 208958

Temps écoulé: 53 minute(s), 39 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 2

Clé(s) du Registre infectée(s): 12

Valeur(s) du Registre infectée(s): 5

Elément(s) de données du Registre infecté(s): 4

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 112

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\hahohetu.dll (Trojan.Vundo.H) -> Delete on reboot.

c:\WINDOWS\system32\jebojope.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4a4bbafb-e635-4938-97ab-161d5cfdab44} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4a4bbafb-e635-4938-97ab-161d5cfdab44} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bdca25aa-8a06-457e-8fc2-a08882a2f2de} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bdca25aa-8a06-457e-8fc2-a08882a2f2de} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\88ad7e37 (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm8b9e4dab (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sihakorayo (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jebojope.dll -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jebojope.dll -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

C:\WINDOWS\system32\otwmse.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hahohetu.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\utehohah.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zilabivi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ivibaliz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\jebojope.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\Program Files\Trend Micro\HijackThis\backups\backup-20090304-160608-874.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Program Files\Trend Micro\HijackThis\backups\backup-20090329-220823-415.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Program Files\Trend Micro\HijackThis\backups\backup-20090330-190944-781.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Program Files\Trend Micro\HijackThis\backups\backup-20090330-214531-113.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc1.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc101.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc104.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc107.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc108.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc109.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc11.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc111.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc28.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc29.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc3.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc30.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc31.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc32.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc33.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc34.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc35.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc38.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc39.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc4.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc40.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc41.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc42.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc44.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc46.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc49.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc5.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc54.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc55.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc56.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc57.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc59.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc6.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc60.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc61.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc62.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc64.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc65.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc68.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc69.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc7.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc70.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc71.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc72.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc73.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc76.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc77.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc78.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc79.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc8.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc80.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc82.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc85.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc87.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc88.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc89.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc9.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc91.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc92.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc94.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc96.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc97.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc99.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc117.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc118.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc120.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc122.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc123.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc124.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc125.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc13.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc16.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc17.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc18.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc2.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc20.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc22.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc24.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc26.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1563615619-1420707191-2283616952-1008\Dc116.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pieter\Local Settings\Temporary Internet Files\Content.IE5\IGLEWYYY\d[1].htm (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\instsp2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\romabotu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wobarale.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zebelivu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tehayela.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sudinasu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\supilime.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\seyomaju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\godobovo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\riyakuge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\volorume.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zegofadu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\werihova.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\timijapu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yapafeju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yurezasa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zodofigu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\torayiya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

A noter que MBAM n'a pu supprimer 5 fichiers apparement et m'a demandé de rebooter pour les supprimer, ce qui a eu l'air de marcher, mais je suis novice...

pear · le 1 avril 2009

Bonsoir,

Scan en ligne

NOTE: Le scan en ligne sera à faire avec Internet Explorer.

Désactiver l'antivirus actuel

Kaspersky

Sous Vista,il faut désactiver l'UAC, et cliquer droit sur Internet Explorer / Exécuter en tant qu'administrateur et coller l'URL de Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Vider la corbeille.

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisirr bureau et nommer le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème

Cybersécurité

Et nouvel hijackthis svp.

Modifié le 1 avril 2009 par pear

Pierre2.0 · le 2 avril 2009

Bonsoir,

je n'ai pas pu le faire car le bouton "accept" est grisé et ne fonctionne pas. Que faire?

pear · le 2 avril 2009

Ok.

Antivir est maintenant eb version9 Anglaise. Le Français est prévu fin Avril

Télécharger Avira AntiVir Personal Edition en Anglais

Télécharger Avira AntiVir Personal Edition en Français

NB : le choix d'Antivir comme antivirus à utiliser dans le cadre de cette procédure, a reposé sur les critères suivants :

--- failles de votre antivirus qui a laissé passer des malwares

--- En mode sans échec ,seuls les processus systèmes sont lancés.Il est donc plus facile de supprimer les infections

--- Antivir peut-être installé et désinstallé facilement

--- Antivir est reconnu pour son efficacité en mode sans échec

....AntiVir ne laisse pas entrer Bagle, sauf si l'utilisateur lui force la main pour récupérer un crack

Paramètres conseillés

Clic droit sur le parapluie---------------------->Configure-Configurer

Cliquer Expert mode----------------------------->Scan-Recherche:

Cocher: ----------------------------------------------->All files -Tous les Fichiers

Additionnal Settings-Autres réglages:--->tout cocher

Clic sur Scan+ -Recherche+

Action for concerning files -Action en cas de résultat positif:

Cocher-------------------------------------------------->Copie file to quarantine before action-Copier le fichier dans la quarantaine avant l'action:

Primary action-Action principale............>: Repair :Réparer ( au cas ou ce serait un fichier système corrompu)

Secondary action.-Action secondaire...>.: Delete-Supprimer ( s'il y a détection, autant supprimer. une sauvegarde sera dans la quarantaine)

Désactivez votre antivirus actuel

Redémarrez en mode sans échec.

Lancez le scan

Postez le rapport

Pierre2.0 · le 5 avril 2009

bon bon bon...

La page ne se charge pas. Désolé pour tous ces dérangements. En attendant, voici le rapport hjt :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:10:07, on 05/04/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Windows Live\Family Safety\fsssvc.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_19.04.2008_13-41.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Apps\Powercinema\PCMService.exe

C:\Program Files\Keyboard Driver\Keyboard Driver\ikeymain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Apps\EZHome\EZStatus.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Documents and Settings\Pieter\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

C:\Documents and Settings\Pieter\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSCNo.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe