Virus: win32:adware-gen
Résolu/Fermé
ramootcho
Messages postés
18
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
6 septembre 2008
-
14 juil. 2008 à 00:30
noctambule28 - 23 juil. 2008 à 16:37
noctambule28 - 23 juil. 2008 à 16:37
A voir également:
- Virus: win32:adware-gen
- Svchost.exe virus - Guide
- Myavids virus ✓ - Forum Téléphones & tablettes Android
- Vérificateur de lien virus - Guide
- Produkey virus ✓ - Forum Windows 10
- Faux message virus iphone - Forum iPhone
25 réponses
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
14 juil. 2008 à 01:38
14 juil. 2008 à 01:38
Bonsoir
Fixer les lignes avec Hijackthis ne supprime pas les infections... Souvent, les lignes reviennent, et même si ce n'est pas le cas, la plupart du temps l'infection est toujours présente
Pour ce genre de problème, il faut commencer par utiliser SmitfraudFix :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse stp.
Tutorial ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php
Fixer les lignes avec Hijackthis ne supprime pas les infections... Souvent, les lignes reviennent, et même si ce n'est pas le cas, la plupart du temps l'infection est toujours présente
Pour ce genre de problème, il faut commencer par utiliser SmitfraudFix :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse stp.
Tutorial ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php
jorginho67
Messages postés
14716
Date d'inscription
mardi 11 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
11 février 2011
1 169
14 juil. 2008 à 21:53
14 juil. 2008 à 21:53
Oui, mais HijackThis supprimera une partie des infections. FAUX...
Hjt arrete l'execution du programe, il faut ensuite supprimer manuellement ou a l'aide d'un outil spécifique l'exe causeur de l'infection .
C'est pour cela qu'un scan antivirus permet de (normalement) supprimer l'infection entière. FAUX
a ton avis, comment se font-ils ( ou elles ) infectér alors qu'un antivirus est sur le pc ??
@+
Hjt arrete l'execution du programe, il faut ensuite supprimer manuellement ou a l'aide d'un outil spécifique l'exe causeur de l'infection .
C'est pour cela qu'un scan antivirus permet de (normalement) supprimer l'infection entière. FAUX
a ton avis, comment se font-ils ( ou elles ) infectér alors qu'un antivirus est sur le pc ??
@+
ramootcho
Messages postés
18
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
6 septembre 2008
14 juil. 2008 à 00:37
14 juil. 2008 à 00:37
voilà le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:35:02, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\tmp0.exe
C:\Program Files\tmp2.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ram\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: sqvgnrpx - {88BD6C7F-49B8-4873-AF65-38706E659377} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\Ram\LOCALS~1\Temp\Setup_ver1.1400.0.exe
O4 - HKLM\..\Run: [ec5e8ca7] rundll32.exe "C:\WINDOWS\system32\fdmkqeqi.dll",b
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: fsrpknov - {86F6B7A8-86D9-478E-88EC-D8A7DC464694} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {971F28ED-5A6C-45FD-8BFB-BB4604492E52} - C:\WINDOWS\fdxbameg.dll (file missing)
O21 - SSODL: CheckRunOnce - {67449a72-4b47-41dc-8cc3-14da2bc6fd84} - C:\WINDOWS\Resources\CheckRunOnce.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:35:02, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\tmp0.exe
C:\Program Files\tmp2.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ram\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: sqvgnrpx - {88BD6C7F-49B8-4873-AF65-38706E659377} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\Ram\LOCALS~1\Temp\Setup_ver1.1400.0.exe
O4 - HKLM\..\Run: [ec5e8ca7] rundll32.exe "C:\WINDOWS\system32\fdmkqeqi.dll",b
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: fsrpknov - {86F6B7A8-86D9-478E-88EC-D8A7DC464694} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {971F28ED-5A6C-45FD-8BFB-BB4604492E52} - C:\WINDOWS\fdxbameg.dll (file missing)
O21 - SSODL: CheckRunOnce - {67449a72-4b47-41dc-8cc3-14da2bc6fd84} - C:\WINDOWS\Resources\CheckRunOnce.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
14 juil. 2008 à 00:58
14 juil. 2008 à 00:58
Il y en a beaucoup de dangereux à supprimer!
Les voici:
C:\Program Files\tmp0.exe
C:\Program Files\tmp2.exe
O3 - Toolbar: sqvgnrpx - {88BD6C7F-49B8-4873-AF65-38706E659377} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\Ram\LOCALS~1\Temp\Setup_ver1.1400.0.exe
O4 - HKLM\..\Run: [ec5e8ca7] rundll32.exe "C:\WINDOWS\system32\fdmkqeqi.dll",b
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O21 - SSODL: fsrpknov - {86F6B7A8-86D9-478E-88EC-D8A7DC464694} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {971F28ED-5A6C-45FD-8BFB-BB4604492E52} - C:\WINDOWS\fdxbameg.dll (file missing)
Rappel: Pour supprimer, les cohcer puis cliquez sur Fix Checked & sur oui.
Les voici:
C:\Program Files\tmp0.exe
C:\Program Files\tmp2.exe
O3 - Toolbar: sqvgnrpx - {88BD6C7F-49B8-4873-AF65-38706E659377} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\Ram\LOCALS~1\Temp\Setup_ver1.1400.0.exe
O4 - HKLM\..\Run: [ec5e8ca7] rundll32.exe "C:\WINDOWS\system32\fdmkqeqi.dll",b
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O21 - SSODL: fsrpknov - {86F6B7A8-86D9-478E-88EC-D8A7DC464694} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {971F28ED-5A6C-45FD-8BFB-BB4604492E52} - C:\WINDOWS\fdxbameg.dll (file missing)
Rappel: Pour supprimer, les cohcer puis cliquez sur Fix Checked & sur oui.
ramootcho
Messages postés
18
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
6 septembre 2008
14 juil. 2008 à 01:20
14 juil. 2008 à 01:20
Merci pour ta réponse, mais comment je m'y prends pour faire ça:
Rappel: Pour supprimer, les cohcer puis cliquez sur Fix Checked & sur oui.
Rappel: Pour supprimer, les cohcer puis cliquez sur Fix Checked & sur oui.
ramootcho
Messages postés
18
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
6 septembre 2008
14 juil. 2008 à 01:45
14 juil. 2008 à 01:45
J'ai refait un rapport hijackthis car mon pc a planté entre temps:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:43:48, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\antiviirus.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Windows\xpupdate.exe
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Ram\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: sqvgnrpx - {88BD6C7F-49B8-4873-AF65-38706E659377} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\Ram\LOCALS~1\Temp\Setup_ver1.1400.0.exe
O4 - HKLM\..\Run: [ec5e8ca7] rundll32.exe "C:\WINDOWS\system32\fdmkqeqi.dll",b
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: CheckRunOnce - {67449a72-4b47-41dc-8cc3-14da2bc6fd84} - C:\WINDOWS\Resources\CheckRunOnce.dll
O21 - SSODL: fsrpknov - {A8008A24-94E1-47BA-A80D-B5E9DCE9A552} - C:\WINDOWS\fsrpknov.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:43:48, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\antiviirus.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Windows\xpupdate.exe
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Ram\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: sqvgnrpx - {88BD6C7F-49B8-4873-AF65-38706E659377} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\Ram\LOCALS~1\Temp\Setup_ver1.1400.0.exe
O4 - HKLM\..\Run: [ec5e8ca7] rundll32.exe "C:\WINDOWS\system32\fdmkqeqi.dll",b
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: CheckRunOnce - {67449a72-4b47-41dc-8cc3-14da2bc6fd84} - C:\WINDOWS\Resources\CheckRunOnce.dll
O21 - SSODL: fsrpknov - {A8008A24-94E1-47BA-A80D-B5E9DCE9A552} - C:\WINDOWS\fsrpknov.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
ramootcho
Messages postés
18
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
6 septembre 2008
14 juil. 2008 à 01:59
14 juil. 2008 à 01:59
voici le rapport de smitfraudfix:
SmitFraudFix v2.329
Rapport fait à 1:55:53,78, 14/07/2008
Executé à partir de C:\Documents and Settings\Ram\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\antiviirus.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Windows\xpupdate.exe
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Ram\Bureau\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\privacy_danger PRESENT !
C:\WINDOWS\xpupdate.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ram
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ram\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ram\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\tmp???????.exe PRESENT !
C:\Program Files\antiviirus.exe PRESENT !
C:\Program Files\tmp?.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
[!] Suspicious: iefl.dll
BHO: IE.Filter - {8B2AE9C0-1555-4C92-905A-531532F15698}
TypeLib: {15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF}
Interface: {4937D5D1-2039-409A-BD83-FEC9B39B2356}
Interface: {CAF9D798-C659-4B9B-8E19-EE27C3D04EE7}
VersionIndependentProgID: BhoNew.Bho
ProgID: BhoNew.Bho.1
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
[!] Suspicious: sqvgnrpx.dll
Toolbar: sqvgnrpx - {88BD6C7F-49B8-4873-AF65-38706E659377}
TypeLib: {8D4BDEC1-4445-4B2F-9F1E-873CA0C56D1D}
Interface: {6E6224FD-1E7D-4897-8407-C9F4023A70DA}
Classe: sqvgnrpx.borm
Classe: sqvgnrpx.ToolBar.1
[!] Suspicious: fsrpknov.dll
SSODL: fsrpknov - {A8008A24-94E1-47BA-A80D-B5E9DCE9A552}
[!] Suspicious: CheckRunOnce.dll
SSODL: CheckRunOnce - {67449a72-4b47-41dc-8cc3-14da2bc6fd84}
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E905521-0A27-4436-B466-F3BDFBEC97AD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E905521-0A27-4436-B466-F3BDFBEC97AD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7E905521-0A27-4436-B466-F3BDFBEC97AD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.329
Rapport fait à 1:55:53,78, 14/07/2008
Executé à partir de C:\Documents and Settings\Ram\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\antiviirus.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Windows\xpupdate.exe
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Ram\Bureau\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\privacy_danger PRESENT !
C:\WINDOWS\xpupdate.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ram
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ram\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ram\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\tmp???????.exe PRESENT !
C:\Program Files\antiviirus.exe PRESENT !
C:\Program Files\tmp?.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
[!] Suspicious: iefl.dll
BHO: IE.Filter - {8B2AE9C0-1555-4C92-905A-531532F15698}
TypeLib: {15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF}
Interface: {4937D5D1-2039-409A-BD83-FEC9B39B2356}
Interface: {CAF9D798-C659-4B9B-8E19-EE27C3D04EE7}
VersionIndependentProgID: BhoNew.Bho
ProgID: BhoNew.Bho.1
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
[!] Suspicious: sqvgnrpx.dll
Toolbar: sqvgnrpx - {88BD6C7F-49B8-4873-AF65-38706E659377}
TypeLib: {8D4BDEC1-4445-4B2F-9F1E-873CA0C56D1D}
Interface: {6E6224FD-1E7D-4897-8407-C9F4023A70DA}
Classe: sqvgnrpx.borm
Classe: sqvgnrpx.ToolBar.1
[!] Suspicious: fsrpknov.dll
SSODL: fsrpknov - {A8008A24-94E1-47BA-A80D-B5E9DCE9A552}
[!] Suspicious: CheckRunOnce.dll
SSODL: CheckRunOnce - {67449a72-4b47-41dc-8cc3-14da2bc6fd84}
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E905521-0A27-4436-B466-F3BDFBEC97AD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E905521-0A27-4436-B466-F3BDFBEC97AD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7E905521-0A27-4436-B466-F3BDFBEC97AD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
14 juil. 2008 à 02:45
14 juil. 2008 à 02:45
Ok, maintenant on peut passer au nettoyage :
1) Démarre en mode sans échec. Pour cela, tu tapotes la touche F8 dès le début de l’allumage du PC sans t’arrêter (avant le logo windows). Un menu va apparaitre, déplace-toi avec les flèches du clavier sur Démarrer en mode sans échec puis tape Entrée. Une fois sur le bureau, s’il n’y a pas toutes les couleurs et autres, c’est normal !
Relance le programme SmitfraudFix.
Cette fois, choisis l’option 2, répond oui à tous;
A la fin, sauvegarde le rapport, redémarre en mode normal, copie-colle le rapport sauvegardé sur le forum.
2) Installe et scanne avec MalwareByte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Télécharge le, installe le, lance le, mets le à jour.
Puis, redémarre ton ordinateur en mode sans échec (redémarre et tapote sur F8 avant l'apparition du logo Windows), fais un scan complet de ton ordinateur et supprime tout ce qui est détecté.
Redémarre en mode normal et poste le rapport ici également.
N'hésite pas à consulter dès maintenant le tutorial ici car tu n'auras plus accès a internet en mode sans échec : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
3) Poste un nouveau rapport hijackthis stp
1) Démarre en mode sans échec. Pour cela, tu tapotes la touche F8 dès le début de l’allumage du PC sans t’arrêter (avant le logo windows). Un menu va apparaitre, déplace-toi avec les flèches du clavier sur Démarrer en mode sans échec puis tape Entrée. Une fois sur le bureau, s’il n’y a pas toutes les couleurs et autres, c’est normal !
Relance le programme SmitfraudFix.
Cette fois, choisis l’option 2, répond oui à tous;
A la fin, sauvegarde le rapport, redémarre en mode normal, copie-colle le rapport sauvegardé sur le forum.
2) Installe et scanne avec MalwareByte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Télécharge le, installe le, lance le, mets le à jour.
Puis, redémarre ton ordinateur en mode sans échec (redémarre et tapote sur F8 avant l'apparition du logo Windows), fais un scan complet de ton ordinateur et supprime tout ce qui est détecté.
Redémarre en mode normal et poste le rapport ici également.
N'hésite pas à consulter dès maintenant le tutorial ici car tu n'auras plus accès a internet en mode sans échec : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
3) Poste un nouveau rapport hijackthis stp
ramootcho
Messages postés
18
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
6 septembre 2008
14 juil. 2008 à 12:15
14 juil. 2008 à 12:15
Bonjour, merci de ton aide
voici le rapport smitfraudfix en mode sans échec (le pc est toujours infecté)
SmitFraudFix v2.329
Rapport fait à 11:52:37,20, 14/07/2008
Executé à partir de C:\Documents and Settings\Ram\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E905521-0A27-4436-B466-F3BDFBEC97AD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E905521-0A27-4436-B466-F3BDFBEC97AD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7E905521-0A27-4436-B466-F3BDFBEC97AD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
voici le rapport smitfraudfix en mode sans échec (le pc est toujours infecté)
SmitFraudFix v2.329
Rapport fait à 11:52:37,20, 14/07/2008
Executé à partir de C:\Documents and Settings\Ram\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E905521-0A27-4436-B466-F3BDFBEC97AD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E905521-0A27-4436-B466-F3BDFBEC97AD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7E905521-0A27-4436-B466-F3BDFBEC97AD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
14 juil. 2008 à 12:25
14 juil. 2008 à 12:25
Très bien, passe à la deuxième étape du message 8 stp (MalwareByte's qui devrait finir le nettoyage + nouveau rapport Hijackthis pour vérifier)
ramootcho
Messages postés
18
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
6 septembre 2008
14 juil. 2008 à 21:17
14 juil. 2008 à 21:17
Voici le rapport MalwareByte's (avast a encore trouvé une infection au démarrage en mode normale):
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 948
Windows 5.1.2600 Service Pack 2
16:10:32 14/07/2008
mbam-log-7-14-2008 (16-10-32).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 80145
Temps écoulé: 3 hour(s), 4 minute(s), 44 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 59
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\rqRJBQjK.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\hgGywWom.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43f5aff0-27a6-4d41-b0cf-aca3866b4308} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{43f5aff0-27a6-4d41-b0cf-aca3866b4308} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggywwom (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Carlson (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Carlson (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ec5e8ca7 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrjbqjk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrjbqjk -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\SpyShredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\rqRJBQjK.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\KjQBJRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KjQBJRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfvhaaxt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\txaahvft.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGywWom.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Ram\win.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsc83.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsd6C.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nse6F.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nseA5.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsf7D.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsg80.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsj8A.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsp72.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsp93.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsp9F.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsr75.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nst96.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsu7A.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsu90.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nswA2.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsz8D.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsz9E.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A529C7C-2090-4243-8648-22FBFCD7EF73}\RP189\A0026915.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A529C7C-2090-4243-8648-22FBFCD7EF73}\RP189\A0027884.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A529C7C-2090-4243-8648-22FBFCD7EF73}\RP189\A0028865.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A529C7C-2090-4243-8648-22FBFCD7EF73}\RP189\A0032953.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A529C7C-2090-4243-8648-22FBFCD7EF73}\RP189\A0032969.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\espk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bYOFYqnO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbyvsk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkIBTkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnlJddA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMgdEUM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rzxjqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vgnohhll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayAqqpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ypndmbhr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder.lic (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder0.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder1.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\Uninstall.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav.ooo (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 948
Windows 5.1.2600 Service Pack 2
16:10:32 14/07/2008
mbam-log-7-14-2008 (16-10-32).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 80145
Temps écoulé: 3 hour(s), 4 minute(s), 44 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 59
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\rqRJBQjK.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\hgGywWom.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43f5aff0-27a6-4d41-b0cf-aca3866b4308} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{43f5aff0-27a6-4d41-b0cf-aca3866b4308} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggywwom (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Carlson (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Carlson (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ec5e8ca7 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrjbqjk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrjbqjk -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\SpyShredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\rqRJBQjK.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\KjQBJRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KjQBJRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfvhaaxt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\txaahvft.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGywWom.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Ram\win.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsc83.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsd6C.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nse6F.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nseA5.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsf7D.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsg80.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsj8A.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsp72.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsp93.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsp9F.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsr75.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nst96.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsu7A.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsu90.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nswA2.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsz8D.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ram\Local Settings\Temp\nsz9E.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A529C7C-2090-4243-8648-22FBFCD7EF73}\RP189\A0026915.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A529C7C-2090-4243-8648-22FBFCD7EF73}\RP189\A0027884.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A529C7C-2090-4243-8648-22FBFCD7EF73}\RP189\A0028865.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A529C7C-2090-4243-8648-22FBFCD7EF73}\RP189\A0032953.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A529C7C-2090-4243-8648-22FBFCD7EF73}\RP189\A0032969.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\espk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bYOFYqnO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbyvsk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkIBTkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnlJddA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMgdEUM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rzxjqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vgnohhll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayAqqpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ypndmbhr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder.lic (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder0.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder1.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\Uninstall.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav.ooo (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
14 juil. 2008 à 21:21
14 juil. 2008 à 21:21
Peux-tu poster un nouveau rapport hijackthis stp ?
ramootcho
Messages postés
18
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
6 septembre 2008
14 juil. 2008 à 21:21
14 juil. 2008 à 21:21
et le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:05, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ram\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {8e613408-e519-a149-6894-febb68d267d1} - {1d762d86-bbef-4986-941a-915e804316e8} - C:\WINDOWS\system32\hyxfph.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {86FA5B05-DA25-4376-8E05-05E6033B3BCB} - C:\WINDOWS\system32\rqRJBQjK.dll
O2 - BHO: (no name) - {F8AC36D7-F602-4B69-99B5-2A812E05779F} - C:\WINDOWS\system32\hgGywWom.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\Ram\LOCALS~1\Temp\Setup_ver1.1400.0.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: hgGywWom - C:\WINDOWS\SYSTEM32\hgGywWom.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:05, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ram\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {8e613408-e519-a149-6894-febb68d267d1} - {1d762d86-bbef-4986-941a-915e804316e8} - C:\WINDOWS\system32\hyxfph.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {86FA5B05-DA25-4376-8E05-05E6033B3BCB} - C:\WINDOWS\system32\rqRJBQjK.dll
O2 - BHO: (no name) - {F8AC36D7-F602-4B69-99B5-2A812E05779F} - C:\WINDOWS\system32\hgGywWom.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\Ram\LOCALS~1\Temp\Setup_ver1.1400.0.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: hgGywWom - C:\WINDOWS\SYSTEM32\hgGywWom.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
Utilisateur anonyme
14 juil. 2008 à 21:26
14 juil. 2008 à 21:26
Il y en a encore des mauvais!
Voilà la liste à supprimer:
Inconnu
O2 - BHO: {8e613408-e519-a149-6894-febb68d267d1} - {1d762d86-bbef-4986-941a-915e804316e8} - C:\WINDOWS\system32\hyxfph.dll
O2 - BHO: (no name) - {86FA5B05-DA25-4376-8E05-05E6033B3BCB} - C:\WINDOWS\system32\rqRJBQjK.dll
O2 - BHO: (no name) - {F8AC36D7-F602-4B69-99B5-2A812E05779F} - C:\WINDOWS\system32\hgGywWom.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\Ram\LOCALS~1\Temp\Setup_ver1.1400.0.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O20 - Winlogon Notify: hgGywWom - C:\WINDOWS\SYSTEM32\hgGywWom.dll
Voilà la liste à supprimer:
Inconnu
O2 - BHO: {8e613408-e519-a149-6894-febb68d267d1} - {1d762d86-bbef-4986-941a-915e804316e8} - C:\WINDOWS\system32\hyxfph.dll
O2 - BHO: (no name) - {86FA5B05-DA25-4376-8E05-05E6033B3BCB} - C:\WINDOWS\system32\rqRJBQjK.dll
O2 - BHO: (no name) - {F8AC36D7-F602-4B69-99B5-2A812E05779F} - C:\WINDOWS\system32\hgGywWom.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\Ram\LOCALS~1\Temp\Setup_ver1.1400.0.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O20 - Winlogon Notify: hgGywWom - C:\WINDOWS\SYSTEM32\hgGywWom.dll
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
14 juil. 2008 à 21:37
14 juil. 2008 à 21:37
@ Jirachi :
Evite d'utiliser le robot http://www.hijackthis.de/fr, il donne parfois des résultats bidons...
Et surtout, arrête de donner à tout le monde des listes de lignes à fixer ! Hijackthis ne va pas supprimer l'infection à lui tout seul... (relis le message 5)
Bon sinon, il reste bien du Vundo dans ce rapport...
@ramootcho :
L'infection Vundo n'a pas été totalement supprimée.
Télécharge VirtumondeBeGone : http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau, celui de vundofix situé dans C:\vundofix.txt et un nouveau rapport HijackThis dans ta prochaine réponse.
Evite d'utiliser le robot http://www.hijackthis.de/fr, il donne parfois des résultats bidons...
Et surtout, arrête de donner à tout le monde des listes de lignes à fixer ! Hijackthis ne va pas supprimer l'infection à lui tout seul... (relis le message 5)
Bon sinon, il reste bien du Vundo dans ce rapport...
@ramootcho :
L'infection Vundo n'a pas été totalement supprimée.
Télécharge VirtumondeBeGone : http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau, celui de vundofix situé dans C:\vundofix.txt et un nouveau rapport HijackThis dans ta prochaine réponse.
Utilisateur anonyme
14 juil. 2008 à 21:40
14 juil. 2008 à 21:40
Je regarde aussi par moi-même!
Une partie n'est pas reconnu mais je l'ai déjà eu alors je dis aussi de le supprimer.
donc ce site est un complément, c'est tout.
Une partie n'est pas reconnu mais je l'ai déjà eu alors je dis aussi de le supprimer.
donc ce site est un complément, c'est tout.
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
14 juil. 2008 à 21:45
14 juil. 2008 à 21:45
Sauf que fixer ces lignes avec Hijackthis ne supprimera pas l'infection (je me répète...)
A part la ligne "no file", les autres risquent bien de revenir
A part la ligne "no file", les autres risquent bien de revenir
Utilisateur anonyme
14 juil. 2008 à 21:47
14 juil. 2008 à 21:47
Oui, mais HijackThis supprimera une partie des infections.
C'est pour cela qu'un scan antivirus permet de (normalement) supprimer l'infection entière.
C'est pour cela qu'un scan antivirus permet de (normalement) supprimer l'infection entière.
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
14 juil. 2008 à 21:52
14 juil. 2008 à 21:52
Non, Hijackthis supprimera définitivement les lignes "no file", montrant une ligne du registre utilisant un fichier déja supprimé, mais pour la plupart des autres lignes, il ne pourra rien faire...
Hijackthis est plus un outil de diagnostique qu'un outil de désinfection
Hijackthis est plus un outil de diagnostique qu'un outil de désinfection
ramootcho
Messages postés
18
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
6 septembre 2008
14 juil. 2008 à 22:09
14 juil. 2008 à 22:09
Voici le rapport VirtumundoBeGone:
mon pc est encore infecté
[07/14/2008, 21:55:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ram\Bureau\VirtumundoBeGone.exe" )
[07/14/2008, 21:55:41] - Detected System Information:
[07/14/2008, 21:55:41] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 21:55:41] - Current Username: Ram (Admin)
[07/14/2008, 21:55:41] - Windows is in NORMAL mode.
[07/14/2008, 21:55:41] - Searching for Browser Helper Objects:
[07/14/2008, 21:55:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/14/2008, 21:55:41] - BHO 2: {1d762d86-bbef-4986-941a-915e804316e8} ()
[07/14/2008, 21:55:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:41] - Checking for HKLM\...\Winlogon\Notify\hyxfph
[07/14/2008, 21:55:41] - Key not found: HKLM\...\Winlogon\Notify\hyxfph, continuing.
[07/14/2008, 21:55:41] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 21:55:41] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/14/2008, 21:55:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:41] - No filename found. Continuing.
[07/14/2008, 21:55:41] - BHO 5: {86FA5B05-DA25-4376-8E05-05E6033B3BCB} ()
[07/14/2008, 21:55:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:41] - Checking for HKLM\...\Winlogon\Notify\rqRJBQjK
[07/14/2008, 21:55:41] - Key not found: HKLM\...\Winlogon\Notify\rqRJBQjK, continuing.
[07/14/2008, 21:55:41] - BHO 6: {F8AC36D7-F602-4B69-99B5-2A812E05779F} ()
[07/14/2008, 21:55:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:41] - Checking for HKLM\...\Winlogon\Notify\hgGywWom
[07/14/2008, 21:55:41] - Found: HKLM\...\Winlogon\Notify\hgGywWom - This is probably Virtumundo.
[07/14/2008, 21:55:41] - Assigning {F8AC36D7-F602-4B69-99B5-2A812E05779F} MSEvents Object
[07/14/2008, 21:55:41] - BHO list has been changed! Starting over...
[07/14/2008, 21:55:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/14/2008, 21:55:41] - BHO 2: {1d762d86-bbef-4986-941a-915e804316e8} ()
[07/14/2008, 21:55:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:41] - Checking for HKLM\...\Winlogon\Notify\hyxfph
[07/14/2008, 21:55:41] - Key not found: HKLM\...\Winlogon\Notify\hyxfph, continuing.
[07/14/2008, 21:55:41] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 21:55:41] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/14/2008, 21:55:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:41] - No filename found. Continuing.
[07/14/2008, 21:55:41] - BHO 5: {86FA5B05-DA25-4376-8E05-05E6033B3BCB} ()
[07/14/2008, 21:55:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:41] - Checking for HKLM\...\Winlogon\Notify\rqRJBQjK
[07/14/2008, 21:55:41] - Key not found: HKLM\...\Winlogon\Notify\rqRJBQjK, continuing.
[07/14/2008, 21:55:41] - BHO 6: {F8AC36D7-F602-4B69-99B5-2A812E05779F} (MSEvents Object)
[07/14/2008, 21:55:41] - ALERT: Found MSEvents Object!
[07/14/2008, 21:55:41] - Finished Searching Browser Helper Objects
[07/14/2008, 21:55:41] - *** Detected MSEvents Object
[07/14/2008, 21:55:41] - Trying to remove MSEvents Object...
[07/14/2008, 21:55:42] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 21:55:43] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 21:55:43] - Disabling Automatic Shell Restart
[07/14/2008, 21:55:43] - Terminating Process: EXPLORER.EXE
[07/14/2008, 21:55:43] - Suspending the NT Session Manager System Service
[07/14/2008, 21:55:43] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 21:55:44] - Re-enabling Automatic Shell Restart
[07/14/2008, 21:55:44] - File to disable: C:\WINDOWS\system32\hgGywWom.dll
[07/14/2008, 21:55:44] - Renaming C:\WINDOWS\system32\hgGywWom.dll -> C:\WINDOWS\system32\hgGywWom.dll.vir
[07/14/2008, 21:55:46] - File successfully renamed!
[07/14/2008, 21:55:46] - Removing HKLM\...\Browser Helper Objects\{F8AC36D7-F602-4B69-99B5-2A812E05779F}
[07/14/2008, 21:55:46] - Removing HKCR\CLSID\{F8AC36D7-F602-4B69-99B5-2A812E05779F}
[07/14/2008, 21:55:46] - Adding Kill Bit for ActiveX for GUID: {F8AC36D7-F602-4B69-99B5-2A812E05779F}
[07/14/2008, 21:55:46] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 21:55:46] - Removing HKLM\...\Winlogon\Notify\hgGywWom
[07/14/2008, 21:55:46] - Searching for Browser Helper Objects:
[07/14/2008, 21:55:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/14/2008, 21:55:46] - BHO 2: {1d762d86-bbef-4986-941a-915e804316e8} ()
[07/14/2008, 21:55:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:46] - Checking for HKLM\...\Winlogon\Notify\hyxfph
[07/14/2008, 21:55:46] - Key not found: HKLM\...\Winlogon\Notify\hyxfph, continuing.
[07/14/2008, 21:55:46] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 21:55:46] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/14/2008, 21:55:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:46] - No filename found. Continuing.
[07/14/2008, 21:55:46] - BHO 5: {86FA5B05-DA25-4376-8E05-05E6033B3BCB} ()
[07/14/2008, 21:55:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:46] - Checking for HKLM\...\Winlogon\Notify\rqRJBQjK
[07/14/2008, 21:55:46] - Key not found: HKLM\...\Winlogon\Notify\rqRJBQjK, continuing.
[07/14/2008, 21:55:46] - Finished Searching Browser Helper Objects
[07/14/2008, 21:55:46] - Finishing up...
[07/14/2008, 21:55:46] - A restart is needed.
[07/14/2008, 21:55:46] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[07/14/2008, 21:55:59] - Attempting to Restart via STOP error (Blue Screen!)
[07/14/2008, 21:59:52] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ram\Bureau\VirtumundoBeGone.exe" )
[07/14/2008, 22:00:06] - Detected System Information:
[07/14/2008, 22:00:06] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 22:00:06] - Current Username: Ram (Admin)
[07/14/2008, 22:00:06] - Windows is in NORMAL mode.
[07/14/2008, 22:00:06] - Searching for Browser Helper Objects:
[07/14/2008, 22:00:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/14/2008, 22:00:06] - BHO 2: {1d762d86-bbef-4986-941a-915e804316e8} ()
[07/14/2008, 22:00:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 22:00:06] - Checking for HKLM\...\Winlogon\Notify\hyxfph
[07/14/2008, 22:00:06] - Key not found: HKLM\...\Winlogon\Notify\hyxfph, continuing.
[07/14/2008, 22:00:06] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 22:00:06] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/14/2008, 22:00:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 22:00:06] - No filename found. Continuing.
[07/14/2008, 22:00:06] - BHO 5: {86FA5B05-DA25-4376-8E05-05E6033B3BCB} ()
[07/14/2008, 22:00:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 22:00:06] - Checking for HKLM\...\Winlogon\Notify\rqRJBQjK
[07/14/2008, 22:00:06] - Key not found: HKLM\...\Winlogon\Notify\rqRJBQjK, continuing.
[07/14/2008, 22:00:06] - Finished Searching Browser Helper Objects
[07/14/2008, 22:00:06] - Finishing up...
[07/14/2008, 22:00:06] - Nothing found! Exiting...
mon pc est encore infecté
[07/14/2008, 21:55:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ram\Bureau\VirtumundoBeGone.exe" )
[07/14/2008, 21:55:41] - Detected System Information:
[07/14/2008, 21:55:41] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 21:55:41] - Current Username: Ram (Admin)
[07/14/2008, 21:55:41] - Windows is in NORMAL mode.
[07/14/2008, 21:55:41] - Searching for Browser Helper Objects:
[07/14/2008, 21:55:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/14/2008, 21:55:41] - BHO 2: {1d762d86-bbef-4986-941a-915e804316e8} ()
[07/14/2008, 21:55:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:41] - Checking for HKLM\...\Winlogon\Notify\hyxfph
[07/14/2008, 21:55:41] - Key not found: HKLM\...\Winlogon\Notify\hyxfph, continuing.
[07/14/2008, 21:55:41] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 21:55:41] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/14/2008, 21:55:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:41] - No filename found. Continuing.
[07/14/2008, 21:55:41] - BHO 5: {86FA5B05-DA25-4376-8E05-05E6033B3BCB} ()
[07/14/2008, 21:55:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:41] - Checking for HKLM\...\Winlogon\Notify\rqRJBQjK
[07/14/2008, 21:55:41] - Key not found: HKLM\...\Winlogon\Notify\rqRJBQjK, continuing.
[07/14/2008, 21:55:41] - BHO 6: {F8AC36D7-F602-4B69-99B5-2A812E05779F} ()
[07/14/2008, 21:55:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:41] - Checking for HKLM\...\Winlogon\Notify\hgGywWom
[07/14/2008, 21:55:41] - Found: HKLM\...\Winlogon\Notify\hgGywWom - This is probably Virtumundo.
[07/14/2008, 21:55:41] - Assigning {F8AC36D7-F602-4B69-99B5-2A812E05779F} MSEvents Object
[07/14/2008, 21:55:41] - BHO list has been changed! Starting over...
[07/14/2008, 21:55:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/14/2008, 21:55:41] - BHO 2: {1d762d86-bbef-4986-941a-915e804316e8} ()
[07/14/2008, 21:55:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:41] - Checking for HKLM\...\Winlogon\Notify\hyxfph
[07/14/2008, 21:55:41] - Key not found: HKLM\...\Winlogon\Notify\hyxfph, continuing.
[07/14/2008, 21:55:41] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 21:55:41] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/14/2008, 21:55:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:41] - No filename found. Continuing.
[07/14/2008, 21:55:41] - BHO 5: {86FA5B05-DA25-4376-8E05-05E6033B3BCB} ()
[07/14/2008, 21:55:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:41] - Checking for HKLM\...\Winlogon\Notify\rqRJBQjK
[07/14/2008, 21:55:41] - Key not found: HKLM\...\Winlogon\Notify\rqRJBQjK, continuing.
[07/14/2008, 21:55:41] - BHO 6: {F8AC36D7-F602-4B69-99B5-2A812E05779F} (MSEvents Object)
[07/14/2008, 21:55:41] - ALERT: Found MSEvents Object!
[07/14/2008, 21:55:41] - Finished Searching Browser Helper Objects
[07/14/2008, 21:55:41] - *** Detected MSEvents Object
[07/14/2008, 21:55:41] - Trying to remove MSEvents Object...
[07/14/2008, 21:55:42] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 21:55:43] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 21:55:43] - Disabling Automatic Shell Restart
[07/14/2008, 21:55:43] - Terminating Process: EXPLORER.EXE
[07/14/2008, 21:55:43] - Suspending the NT Session Manager System Service
[07/14/2008, 21:55:43] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 21:55:44] - Re-enabling Automatic Shell Restart
[07/14/2008, 21:55:44] - File to disable: C:\WINDOWS\system32\hgGywWom.dll
[07/14/2008, 21:55:44] - Renaming C:\WINDOWS\system32\hgGywWom.dll -> C:\WINDOWS\system32\hgGywWom.dll.vir
[07/14/2008, 21:55:46] - File successfully renamed!
[07/14/2008, 21:55:46] - Removing HKLM\...\Browser Helper Objects\{F8AC36D7-F602-4B69-99B5-2A812E05779F}
[07/14/2008, 21:55:46] - Removing HKCR\CLSID\{F8AC36D7-F602-4B69-99B5-2A812E05779F}
[07/14/2008, 21:55:46] - Adding Kill Bit for ActiveX for GUID: {F8AC36D7-F602-4B69-99B5-2A812E05779F}
[07/14/2008, 21:55:46] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 21:55:46] - Removing HKLM\...\Winlogon\Notify\hgGywWom
[07/14/2008, 21:55:46] - Searching for Browser Helper Objects:
[07/14/2008, 21:55:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/14/2008, 21:55:46] - BHO 2: {1d762d86-bbef-4986-941a-915e804316e8} ()
[07/14/2008, 21:55:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:46] - Checking for HKLM\...\Winlogon\Notify\hyxfph
[07/14/2008, 21:55:46] - Key not found: HKLM\...\Winlogon\Notify\hyxfph, continuing.
[07/14/2008, 21:55:46] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 21:55:46] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/14/2008, 21:55:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:46] - No filename found. Continuing.
[07/14/2008, 21:55:46] - BHO 5: {86FA5B05-DA25-4376-8E05-05E6033B3BCB} ()
[07/14/2008, 21:55:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 21:55:46] - Checking for HKLM\...\Winlogon\Notify\rqRJBQjK
[07/14/2008, 21:55:46] - Key not found: HKLM\...\Winlogon\Notify\rqRJBQjK, continuing.
[07/14/2008, 21:55:46] - Finished Searching Browser Helper Objects
[07/14/2008, 21:55:46] - Finishing up...
[07/14/2008, 21:55:46] - A restart is needed.
[07/14/2008, 21:55:46] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[07/14/2008, 21:55:59] - Attempting to Restart via STOP error (Blue Screen!)
[07/14/2008, 21:59:52] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ram\Bureau\VirtumundoBeGone.exe" )
[07/14/2008, 22:00:06] - Detected System Information:
[07/14/2008, 22:00:06] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 22:00:06] - Current Username: Ram (Admin)
[07/14/2008, 22:00:06] - Windows is in NORMAL mode.
[07/14/2008, 22:00:06] - Searching for Browser Helper Objects:
[07/14/2008, 22:00:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/14/2008, 22:00:06] - BHO 2: {1d762d86-bbef-4986-941a-915e804316e8} ()
[07/14/2008, 22:00:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 22:00:06] - Checking for HKLM\...\Winlogon\Notify\hyxfph
[07/14/2008, 22:00:06] - Key not found: HKLM\...\Winlogon\Notify\hyxfph, continuing.
[07/14/2008, 22:00:06] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 22:00:06] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/14/2008, 22:00:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 22:00:06] - No filename found. Continuing.
[07/14/2008, 22:00:06] - BHO 5: {86FA5B05-DA25-4376-8E05-05E6033B3BCB} ()
[07/14/2008, 22:00:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 22:00:06] - Checking for HKLM\...\Winlogon\Notify\rqRJBQjK
[07/14/2008, 22:00:06] - Key not found: HKLM\...\Winlogon\Notify\rqRJBQjK, continuing.
[07/14/2008, 22:00:06] - Finished Searching Browser Helper Objects
[07/14/2008, 22:00:06] - Finishing up...
[07/14/2008, 22:00:06] - Nothing found! Exiting...
ramootcho
Messages postés
18
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
6 septembre 2008
14 juil. 2008 à 22:10
14 juil. 2008 à 22:10
et le nouveau hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:47, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ram\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {8e613408-e519-a149-6894-febb68d267d1} - {1d762d86-bbef-4986-941a-915e804316e8} - C:\WINDOWS\system32\hyxfph.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {86FA5B05-DA25-4376-8E05-05E6033B3BCB} - C:\WINDOWS\system32\rqRJBQjK.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\Ram\LOCALS~1\Temp\Setup_ver1.1400.0.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:47, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ram\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {8e613408-e519-a149-6894-febb68d267d1} - {1d762d86-bbef-4986-941a-915e804316e8} - C:\WINDOWS\system32\hyxfph.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {86FA5B05-DA25-4376-8E05-05E6033B3BCB} - C:\WINDOWS\system32\rqRJBQjK.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\Ram\LOCALS~1\Temp\Setup_ver1.1400.0.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe