Virus virtumonde, pc ralentit :(

[jcarine]

Et bien voilà, moi aussi je viens vous demander de l'aide!

Nous venons d'enménager et depuis notre nouvelle connexion, très très dur d'aller sur le PC!

Là je suis en MODE SANS ECHEC (je peux me connecter ouf ) donc ce qui me permets de vous écrire, sinon, j'en ai pour 1 heure!

J'ai scanné mon pc grâce à NOD32 (antivirus que j'ai téléchargé il y a 2 jours environ) et il me dit que j'ai le troyen virtumonde, dans le fichier vtsrr.dll, mais impossible d'effacer ce fichier!

 

Bon bref, après lu pas mal de vos discu, j'ai téléchargé hijackthis, et voici le rapport:

 

Logfile of HijackThis v1.99.1

Scan saved at 13:05:56, on 23/07/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\wt\updater\wcmdmgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\cleanmgr.exe

C:\Documents and Settings\jj\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)

O3 - Toolbar: ÌìÏÂËÑË÷ - {56A7DC70-E102-4408-A34A-AE06FEF01586} - C:\WINDOWS\Downloaded Program Files\iesmall24.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe

O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe

O4 - HKLM\..\Run: [svqjyx] C:\WINDOWS\svqjyx.exe

O4 - HKLM\..\Run: [l3mpgnaa] C:\WINDOWS\System32\l3mpgnaa.exe

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Browser PS2 mouse\mouse32a.exe

O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Multimedia keyboard utility\1.3\MMKEYBD.EXE

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\gedewm.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] G:\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [defender] C:\\dfndrac_6.exe

O4 - HKLM\..\Run: [keyboard] C:\\kybrddd_6.exe

O4 - HKLM\..\Run: [newname] C:\\nwnmdd_6.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [surfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\PROGRA~1\COPERN~1\COPERN~1.EXE" /tray

O4 - HKCU\..\Run: [spywareKilla] "d:\SpywareKilla.exe" /s

O4 - HKCU\..\Run: [stratas] xmconfig.exe

O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "G:\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [PcSync] G:\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: BitTorrent.lnk = G:\bittorrent.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZS

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.popuppers.com

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O15 - Trusted Zone: http://click.getmirar.com (HKLM)

O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (ÌìÏÂËÑË÷) - http://iebar.t2t2.com/iebar.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125047201679

O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www3.photoweb.fr/telechargement/Photoweb_uploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125047150094

O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presentation/p...ivex/Ephoto.cab

O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://click.mirarsearch.com/FIX/WinATS.cab

O16 - DPF: {A9FD89D6-C839-11D3-B0FE-0050044B8FE9} (OBInstallRunner Control) - http://www.opinionbar.com/download/resourc...tallCabinet.CAB

O16 - DPF: {B3231E01-D1EA-4BF1-B872-CF21619704F3} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/144000s/...ANEL_EUROPE.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.girafoto.fr/XUpload.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\temp\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - G:\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - G:\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

O23 - Service: Windows Process Viewer (The Windows Process Viewer) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

 

merci de m'aider, je dois accocuher dans 2 semaines max, et j'aurai aimé faire mes faires parts avant....

A bientôt

[Malekal_morte]

Bonjour,

 

Voici la manipulation à effectuer en entier

Si certains éléments ne sont pas trouvés, merci de le signaler mais de poursuivre les manipulations jusqu'au bout.

 

Dans ajout/suppression de programmes, désinstalle si présent :

MyWebSearch

SurfAccuracy

 

Sur HijackThis, refais un scan et coches les lignes suivantes :

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

O3 - Toolbar: ÌìÏÂËÑË÷ - {56A7DC70-E102-4408-A34A-AE06FEF01586} - C:\WINDOWS\Downloaded Program Files\iesmall24.dll

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe

O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe

O4 - HKLM\..\Run: [svqjyx] C:\WINDOWS\svqjyx.exe

O4 - HKLM\..\Run: [l3mpgnaa] C:\WINDOWS\System32\l3mpgnaa.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\gedewm.exe

O4 - HKLM\..\Run: [defender] C:\\dfndrac_6.exe

O4 - HKLM\..\Run: [keyboard] C:\\kybrddd_6.exe

O4 - HKLM\..\Run: [newname] C:\\nwnmdd_6.exe

O4 - HKLM\..\Run: [surfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKCU\..\Run: [spywareKilla] "d:\SpywareKilla.exe" /s

O4 - HKCU\..\Run: [stratas] xmconfig.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.popuppers.com

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O15 - Trusted Zone: http://click.getmirar.com (HKLM)

O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missin

 

---> puis clic sur le bouton "Fix Checked"

n'hésite pas à consulter l'aide HijackThis

 

- Télécharge et installe ewido

- Mets le à jour à partir du menu update en haut, n'hésite pas à consulter l'Aide ewido pour tout problème.

- Télécharge clean.zip, décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

 

-- Redémarre en mode en mode sans échec, si tu sais pas comment on fait lis ceci

-- Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.

 

Ouvre le poste de travail et navigue dans tes dossiers pour supprimer :

c:\program files\180searchassistant\

c:\program files\MYWEBSearch

C:\Program Files\SurfAccuracy\

 

- Ouvre ewido et clic sur l'onglet Scanner en haut

- Démarre ewido et clique "Complete System Scan"

** Si un fichier est infecté, choisis l'option " Apply All Actions " en fin d'analyse **

Clique sur " Save Report " puis sur " Save Report As "

Enregistre ce fichier texte sur ton bureau.

N'hésite pas à consulter l'Aide ewido pour tout problème.

 

 

-- Redémarre en mode normal : Menu Démarrer / Arreter / Redémarre l'ordinateur

Attention : dans le cas où l'ordinateur redémarre en boucle en mode sans échec, faire la manipulation inverse en décochant l'option /SAFEBOOT à l'aide de msconfig : voir à nouveau cette page : cliquez-ici

 

- Télécharge Vundoxfix - mirror si le lien ne fonctionne pas : http://www.softpedia.com/get/Antivirus/VundoFix.shtml

- Double-clique VundoFix.exe afin de le lancer.

- Coche Run VundoFix as a task.

- Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok

- Clique sur le bouton Scan for Vundo.

- Lorsque le scan est complété, clique sur le bouton Remove Vundo.

- Une invite te demandera si tu veux supprimer les fichiers, clique YES

- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.

- Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK

- Démarre ton PC à nouveau.

 

-- Fais un scan en ligne avec Internet Explorer : Scan Kaspersky et colle le rapport ici. Si tu es perdu, tu peux suivre cette aide pour les scans en ligne

-- Copie/Colle ici les rapports :

- le contenu du rapport situé dans C:\vundofix.txt

- ewido

- le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt

- ainsi qu'un nouveau log HijackThis

Modifié le 23 juillet 2006 par Malekal_morte

[jcarine]

Quelle rapidité! Merci . En ce moment, je scanne avec Ewido (j'en suis au 1/4) et il m'a déjà trouvé 56 fichiers infectés :S

 

Pour l'instant, je n'ai pas pu désinstaller MyWebSearch car le fichier est introuvable (je crois que j'avais dû l'effacer un jour, sans passer par "configuration/désinstallation")

 

Je n'ai pas, non plus, ces 2 fichiers:

C:\Documents and Settings\Jonathan\Mes documents\??pPatch\

C:\WINDOWS\YMANTE~1\

 

 

Mais à part ça, tout roule pour le moment

Modifié le 23 juillet 2006 par jcarine

[Malekal_morte]

C'est une erreur les dossier que je t'ai mis, j'ai corrigé.

 

Par contre, si tu es là c'est que tu as internet et tu fais le scan ewido ?

T'es en mode sans échec avec prise en charge du réseau ou t'es en mode normal ?

Parceque le scan vaut mieux le faire en mode sans échec...

[jcarine]

Oups, désolée, j'ai quitté mon pc le temps du scan qui a duré duré....

 

Oui, je suis en mode sans echec avec prise reseau

 

Je m'occupe du reste, c partit...

[jcarine]

Donc, voici le rapport d'ewido

 

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 19:03:25 23/07/2006

 

+ Scan result:

 

 

 

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KRJ6JUR8\AppWrap[2].exe -> Adware.AdURL : Cleaned with backup (quarantined).

C:\WINDOWS\Downloaded Program Files\barhelp22.0.dll -> Adware.Iebar : Cleaned with backup (quarantined).

C:\WINDOWS\Downloaded Program Files\iebar22.0.dll -> Adware.Iebar : Cleaned with backup (quarantined).

C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

C:\Program Files\Internet Optimizer\update -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

HKU\S-1-5-21-436374069-1677128483-854245398-1003\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag -> Adware.ISTBar : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag.1 -> Adware.ISTBar : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CLSID -> Adware.ISTBar : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CurVer -> Adware.ISTBar : Cleaned with backup (quarantined).

HKLM\SOFTWARE\ISTsvc -> Adware.ISTBar : Cleaned with backup (quarantined).

HKLM\SOFTWARE\ISTsvc\history -> Adware.ISTBar : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Adware.ISTBar : Cleaned with backup (quarantined).

HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Error during cleaning.

HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Adware.ISTBar : Error during cleaning.

HKLM\SOFTWARE\YourSiteBar\Historysearch -> Adware.ISTBar : Error during cleaning.

HKU\S-1-5-21-436374069-1677128483-854245398-1003\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Adware.MediaMotor : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined).

C:\Program Files\SideFind -> Adware.SideFind : Cleaned with backup (quarantined).

C:\Program Files\SideFind\sfexd001 -> Adware.SideFind : Cleaned with backup (quarantined).

C:\Program Files\SideFind\update -> Adware.SideFind : Cleaned with backup (quarantined).

C:\Documents and Settings\jj\Local Settings\Temp\uninstall.exe -> Adware.SurfAcc : Cleaned with backup (quarantined).

C:\WINDOWS\system32\awtqnkh.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\awtusrs.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\cbxustt.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\config\pnky.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\fccyyxv.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\gebcdaw.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\iifdeca.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\jkkjijj.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\opnlljk.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\opnonnk.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\opppmkh.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\tuvuvtt.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\vtsrr.V00dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\vtsrr.V01dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\vtsrr.V02dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\vtsrr.Vdll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\vtsrr.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\Program Files\Fichiers communs\WinFixer 2005\FCrXML.dll -> Adware.Winfixer : Cleaned with backup (quarantined).

C:\Program Files\Fichiers communs\WinSoftware\PCheck.dll -> Adware.Winfixer : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Adware.YourSiteBar : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Adware.YourSiteBar : Cleaned with backup (quarantined).

C:\WINDOWS\system32\medo.dl -> Backdoor.Flood : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JU2B8JR3\dfndrd_4[1].exe -> Downloader.Adload.cu : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9YIQN067\file[1].exe/drxvp.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined).

C:\WINDOWS\system32\config\drxvp.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined).

C:\files.exe/drxvp.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYLQ174M\loader[1].exe -> Downloader.Adload.de : Cleaned with backup (quarantined).

C:\Documents and Settings\jj\ysbinstall_1000489_3.exe -> Downloader.INService.ja : Cleaned with backup (quarantined).

G:\a\Edonkey 2000 0.53 (Pro) + Crack + Edonkey Bot Lite.16Abril2004.por.Hulhio.Pootz\adremover.dll -> Downloader.Small : Cleaned with backup (quarantined).

G:\eDonkey2000\Plugins\adremover.dll -> Downloader.Small : Cleaned with backup (quarantined).

G:\eDonkey2000\Plugins\httpprotocol.dll -> Downloader.Small : Cleaned with backup (quarantined).

G:\eDonkey2000\edonkey-overnet.v0.53.Registration.Crack-BetaMaster.rar/adremover.dll -> Downloader.Small : Cleaned with backup (quarantined).

G:\eDonkey2000\incoming\Edonkey 2000 0.53 (Pro) + Crack + Edonkey Bot Lite + Donkey Look Up 0.3 + Edonkey Crawler.16Abril2004.por.Hulhio.Pootz.zip/Edonkey 2000 0.53 (Pro) + Crack + Edonkey Bot Lite.16Abril2004.por.Hulhio.Pootz/adremover.dll -> Downloader.Small : Cleaned with backup (quarantined).

G:\eDonkey2000\incoming\Edonkey 2000 0.53 (Pro) + Crack + Edonkey Bot Lite + Donkey Look Up 0.3 + Edonkey Crawler.16Abril2004.por.Hulhio.Pootz\Edonkey 2000 0.53 (Pro) + Crack + Edonkey Bot Lite.16Abril2004.por.Hulhio.Pootz\adremover.dll -> Downloader.Small : Cleaned with backup (quarantined).

G:\eDonkey2000\incoming\edonkey.v0.53.Incl.Registration.Crack-BetaMaster.rar/edonkey-overnet.v0.53.Registration.Crack-BetaMaster.rar/adremover.dll -> Downloader.Small : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYLQ174M\kybrdac_6[1].exe -> Downloader.VB.ada : Cleaned with backup (quarantined).

C:\WINDOWS\system32\setup_71736.exe -> Dropper.Paradrop.a : Cleaned with backup (quarantined).

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Deutsch\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored.

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\English\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored.

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Español\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored.

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Français\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored.

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Italiano\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored.

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Nederlands\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored.

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Portugeses\Photos clara morgane, irina voronina, titia\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored.

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Portugeses\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.16\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.16\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.17\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.17\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.18\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.19\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.20\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.21\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.22\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.23\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.24\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.25\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.26\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.27\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.

C:\WINDOWS\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.e : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.16\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.17\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.18\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.19\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.20\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.21\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.22\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.23\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.24\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.25\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.26\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\Downloaded Program Files\UWFX5V_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Ignored.

C:\WINDOWS\ABox.exe -> Not-A-Virus.PornTool.Win32.ABox.a : Ignored.

C:\WINDOWS\system32\drivers\df_kmd.sys -> Rootkit.Agent.af : Cleaned with backup (quarantined).

C:\Documents and Settings\carine\Cookies\carine@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.

C:\Documents and Settings\carine\Cookies\carine@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.

C:\Documents and Settings\jj\Cookies\jj@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.

C:\Documents and Settings\carine\Cookies\carine@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\jj\Cookies\jj@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\carine\Cookies\carine@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.

C:\Documents and Settings\jj\Cookies\jj@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.

C:\Documents and Settings\carine\Cookies\carine@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\jj\Cookies\jj@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\carine\Cookies\carine@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\jj\Cookies\jj@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\carine\Cookies\carine@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\jj\Cookies\jj@estat[2].txt -> TrackingCookie.Estat : Cleaned.

C:\Documents and Settings\jj\Cookies\jj@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.

C:\Documents and Settings\carine\Cookies\carine@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\jj\Cookies\jj@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\carine\Cookies\carine@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.

C:\Documents and Settings\jj\Cookies\jj@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.

C:\Documents and Settings\jj\Cookies\jj@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.

C:\Documents and Settings\carine\Cookies\carine@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.

C:\Documents and Settings\jj\Cookies\jj@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.

C:\WINDOWS\system32\atfsvukh.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\system32\eeprcdte.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\system32\tdifuonh.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\system32\wkqyfwwk.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\system32\xyktfwcb.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\Downloaded Program Files\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).

C:\WINDOWS\system32\gt.x -> Trojan.Small : Cleaned with backup (quarantined).

C:\WINDOWS\system32\ksat.bat -> Trojan.Small : Cleaned with backup (quarantined).

C:\Program Files\Fichiers communs\{44D22E90-0513-1036-0524-020320030021}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).

C:\WINDOWS\system32\fgrrr.exe/dlcl.edp -> Worm.Randon : Cleaned with backup (quarantined).

 

 

::Report end

[Malekal_morte]

Il manque le rapport vundofix.

[jcarine]

Il manque le rapport vundofix.

 

Il scanne encore pour le moment....(ça fait déjà 1heure!)

[Malekal_morte]

HO ok.

 

Ca me parait bien long, il est pas bloqué ?

 

Tiens j'en profite pour te poser une question (c'est mon côté curieux). C'est pas la première fois que je vois un avatar avec un chat et meow dessus.

Ca vient d'où ?

Modifié le 23 juillet 2006 par Malekal_morte

[jcarine]

HO ok.

 

Ca me parait bien long, il est pas bloqué ?

 

Tiens j'en profite pour te poser une question (c'est mon côté curieux). C'est pas la première fois que je vois un avatar avec un chat et meow dessus.

Ca vient d'où ?

 

 

L'avatar, il est proposé sur le site

 

Bon, là je viens juste de lancer Kapersky, désolée, j'ai du monde qui est venu à l'improviste

Bon, je vais me coucher, j'espère que je n'aurai pas eu trop de virus encore de détecter, j'ai relancer le pc en Mode sans echec, car en normal, il continuait à ramer, et mon anti-virus n'arrêteait pas de me dire que j'avais encore le virus sur system32\vtsrr.dll .......

 

Bonne nuit, à demain