Gros probleme! virtumonde
Fermé
link
-
6 sept. 2008 à 15:52
plm69 Messages postés 527 Date d'inscription dimanche 27 juillet 2008 Statut Membre Dernière intervention 8 septembre 2008 - 6 sept. 2008 à 18:56
plm69 Messages postés 527 Date d'inscription dimanche 27 juillet 2008 Statut Membre Dernière intervention 8 septembre 2008 - 6 sept. 2008 à 18:56
27 réponses
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
6 sept. 2008 à 15:57
6 sept. 2008 à 15:57
Télécharge et installe Malwarebyte's Anti-Malware:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
Laisse les Mises à jour se télécharger
*** Referme le programme ***
2) Scan avec Malwarebyte's Anti-Malware
Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un examen complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>>
supprime ce qu'il a trouvé vide également les éléments de la quarantaine
S'il t'es demandé de redémarrer >>> clique sur "Yes"
--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
Laisse les Mises à jour se télécharger
*** Referme le programme ***
2) Scan avec Malwarebyte's Anti-Malware
Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un examen complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>>
supprime ce qu'il a trouvé vide également les éléments de la quarantaine
S'il t'es demandé de redémarrer >>> clique sur "Yes"
--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse
Voila le rapport
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1119
Windows 5.1.2600 Service Pack 2
06/09/2008 16:29:49
mbam-log-2008-09-06 (16-29-44).txt
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 113515
Temps écoulé: 26 minute(s), 23 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 40
Processus mémoire infecté(s):
C:\WINDOWS\system32\Cpl32ver.exe (Trojan.Downloadere) -> No action taken.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\dfuqkibk.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tuvUKBuU.dll (Trojan.Vundo.H) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{148167aa-f80a-42f2-a176-393287955ee6} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{148167aa-f80a-42f2-a176-393287955ee6} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c85bd9f1-5b95-46da-9f39-979db6b58484} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljcundb (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c85bd9f1-5b95-46da-9f39-979db6b58484} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3229dfcd-3eaf-4712-ed45-4876fedc170c} (Trojan.Zlob.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{24a1e1cc-4393-941e-b765-2264a695d4e3} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24a1e1cc-4393-941e-b765-2264a695d4e3} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\34455008 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{3229dfcd-3eaf-4712-ed45-4876fedc170c} (Trojan.Zlob.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpl32ver (Trojan.Downloadere) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcca9j0ea5r (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvukbuu -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvukbuu -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\tuvUKBuU.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\UuBKUvut.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\UuBKUvut.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mlJCUNdB.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\dfuqkibk.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kbikqufd.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\winload.dll (Trojan.Zlob.H) -> No action taken.
C:\WINDOWS\system32\Cpl32ver.exe (Trojan.Downloadere) -> No action taken.
C:\WINDOWS\system32\browsearch.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047829.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047823.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047824.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047825.scr (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047826.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047828.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047830.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047833.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047834.dll (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906133943765.log (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906135754390.log (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906143225703.log (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906144257906.log (Rogue.Multiple) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Christophe\Local Settings\Temp\BN6C.tmp (Trojan.Agent) -> No action taken.
C:\d.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mscert.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\netd.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pxcrt.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mt_32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\lphcca9j0ea5r.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcca9j0ea5r.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN12.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN73.tmp (Trojan.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1119
Windows 5.1.2600 Service Pack 2
06/09/2008 16:29:49
mbam-log-2008-09-06 (16-29-44).txt
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 113515
Temps écoulé: 26 minute(s), 23 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 40
Processus mémoire infecté(s):
C:\WINDOWS\system32\Cpl32ver.exe (Trojan.Downloadere) -> No action taken.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\dfuqkibk.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tuvUKBuU.dll (Trojan.Vundo.H) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{148167aa-f80a-42f2-a176-393287955ee6} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{148167aa-f80a-42f2-a176-393287955ee6} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c85bd9f1-5b95-46da-9f39-979db6b58484} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljcundb (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c85bd9f1-5b95-46da-9f39-979db6b58484} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3229dfcd-3eaf-4712-ed45-4876fedc170c} (Trojan.Zlob.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{24a1e1cc-4393-941e-b765-2264a695d4e3} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24a1e1cc-4393-941e-b765-2264a695d4e3} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\34455008 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{3229dfcd-3eaf-4712-ed45-4876fedc170c} (Trojan.Zlob.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpl32ver (Trojan.Downloadere) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcca9j0ea5r (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvukbuu -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvukbuu -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\tuvUKBuU.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\UuBKUvut.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\UuBKUvut.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mlJCUNdB.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\dfuqkibk.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kbikqufd.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\winload.dll (Trojan.Zlob.H) -> No action taken.
C:\WINDOWS\system32\Cpl32ver.exe (Trojan.Downloadere) -> No action taken.
C:\WINDOWS\system32\browsearch.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047829.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047823.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047824.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047825.scr (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047826.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047828.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047830.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047833.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047834.dll (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906133943765.log (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906135754390.log (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906143225703.log (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906144257906.log (Rogue.Multiple) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Christophe\Local Settings\Temp\BN6C.tmp (Trojan.Agent) -> No action taken.
C:\d.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mscert.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\netd.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pxcrt.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mt_32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\lphcca9j0ea5r.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcca9j0ea5r.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN12.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN73.tmp (Trojan.Agent) -> No action taken.
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
6 sept. 2008 à 16:37
6 sept. 2008 à 16:37
Ta bien suprimé la séléction ?
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1119
Windows 5.1.2600 Service Pack 2
06/09/2008 16:30:27
mbam-log-2008-09-06 (16-30-27).txt
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 113515
Temps écoulé: 26 minute(s), 23 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 40
Processus mémoire infecté(s):
C:\WINDOWS\system32\Cpl32ver.exe (Trojan.Downloadere) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\dfuqkibk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tuvUKBuU.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{148167aa-f80a-42f2-a176-393287955ee6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{148167aa-f80a-42f2-a176-393287955ee6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c85bd9f1-5b95-46da-9f39-979db6b58484} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljcundb (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c85bd9f1-5b95-46da-9f39-979db6b58484} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3229dfcd-3eaf-4712-ed45-4876fedc170c} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{24a1e1cc-4393-941e-b765-2264a695d4e3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24a1e1cc-4393-941e-b765-2264a695d4e3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\34455008 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{3229dfcd-3eaf-4712-ed45-4876fedc170c} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpl32ver (Trojan.Downloadere) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcca9j0ea5r (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvukbuu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvukbuu -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\tuvUKBuU.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\UuBKUvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UuBKUvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCUNdB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfuqkibk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kbikqufd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winload.dll (Trojan.Zlob.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Cpl32ver.exe (Trojan.Downloadere) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\browsearch.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047829.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047823.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047824.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047825.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047826.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047828.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047830.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047833.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047834.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906133943765.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906135754390.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906143225703.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906144257906.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christophe\Local Settings\Temp\BN6C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mscert.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxcrt.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mt_32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcca9j0ea5r.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcca9j0ea5r.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN73.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
Version de la base de données: 1119
Windows 5.1.2600 Service Pack 2
06/09/2008 16:30:27
mbam-log-2008-09-06 (16-30-27).txt
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 113515
Temps écoulé: 26 minute(s), 23 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 40
Processus mémoire infecté(s):
C:\WINDOWS\system32\Cpl32ver.exe (Trojan.Downloadere) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\dfuqkibk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tuvUKBuU.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{148167aa-f80a-42f2-a176-393287955ee6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{148167aa-f80a-42f2-a176-393287955ee6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c85bd9f1-5b95-46da-9f39-979db6b58484} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljcundb (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c85bd9f1-5b95-46da-9f39-979db6b58484} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3229dfcd-3eaf-4712-ed45-4876fedc170c} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{24a1e1cc-4393-941e-b765-2264a695d4e3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24a1e1cc-4393-941e-b765-2264a695d4e3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\34455008 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{3229dfcd-3eaf-4712-ed45-4876fedc170c} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpl32ver (Trojan.Downloadere) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcca9j0ea5r (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvukbuu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvukbuu -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\tuvUKBuU.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\UuBKUvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UuBKUvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCUNdB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfuqkibk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kbikqufd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winload.dll (Trojan.Zlob.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Cpl32ver.exe (Trojan.Downloadere) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\browsearch.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047829.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047823.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047824.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047825.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047826.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047828.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047830.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047833.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A152F389-7C48-4C18-9BFC-645775CCBE61}\RP129\A0047834.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906133943765.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906135754390.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906143225703.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080906144257906.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christophe\Local Settings\Temp\BN6C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mscert.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxcrt.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mt_32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcca9j0ea5r.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcca9j0ea5r.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN73.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
6 sept. 2008 à 16:44
6 sept. 2008 à 16:44
Ok maintenant fais ceci :
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
ComboFix 08-09-05.02 - Christophe 2008-09-06 16:49:29.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1649 [GMT 2:00]
Endroit: C:\Documents and Settings\Christophe\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kpykovdy.dll
C:\WINDOWS\system32\taedrd.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
.
2008-09-06 16:34 . 2008-09-06 16:34 18,432 --a------ C:\WINDOWS\system32\browsearch.dll
2008-09-06 16:34 . 2008-09-06 16:34 6,656 --a------ C:\WINDOWS\system32\netd.dll
2008-09-06 16:34 . 2008-09-06 16:34 3,072 --a------ C:\WINDOWS\system32\pxcrt.dll
2008-09-06 16:02 . 2008-09-06 16:02 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-06 16:02 . 2008-09-06 16:02 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\Malwarebytes
2008-09-06 16:02 . 2008-09-06 16:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-06 16:02 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-06 16:02 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-06 15:00 . 2008-09-06 15:00 <REP> d-------- C:\VundoFix Backups
2008-09-06 13:58 . 2008-09-06 16:34 19,456 --a------ C:\WINDOWS\system32\mshtmllib.dll
2008-09-06 13:57 . 2008-09-06 13:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\slwxenqj
2008-09-06 13:39 . 2008-09-06 16:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-09-06 13:37 . 2008-09-06 13:37 <REP> d-------- C:\Program Files\ikvcgg
2008-09-06 13:37 . 2008-09-06 13:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\vyrapqfo
2008-09-06 13:37 . 2008-09-06 13:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\hgdmlyho
2008-09-06 13:37 . 2008-09-06 16:34 5,632 --a------ C:\WINDOWS\system32\ptco.dll
2008-09-06 13:36 . 2008-09-06 13:36 32,917 --a------ C:\Documents and Settings\Christophe\loads.exe
2008-09-06 13:36 . 2008-09-06 13:36 32,256 --a------ C:\WINDOWS\system32\drivers\Ecv61.sys
2008-09-06 13:36 . 2008-09-06 13:58 9,728 --a------ C:\WINDOWS\system32\browserui.dll
2008-09-06 13:36 . 2008-09-06 13:58 4,096 --a------ C:\WINDOWS\system32\clfsw.dll
2008-09-06 13:36 . 2008-09-06 16:33 2,098 --a------ C:\WINDOWS\system32\fdeploy.ocx
2008-09-06 13:36 . 2008-09-06 13:40 2 --a------ C:\876957863
2008-09-04 18:43 . 2008-09-04 18:43 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-09-04 18:43 . 2008-09-04 18:43 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-09-04 18:43 . 2008-09-04 18:43 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-04 09:56 . 2008-09-04 10:05 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-04 09:44 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-04 09:44 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-04 09:44 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-03 20:01 . 2008-09-03 20:01 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\Sports Interactive
2008-09-03 20:01 . 2008-09-03 20:01 <REP> dr-h----- C:\Documents and Settings\Christophe\Application Data\SecuROM
2008-09-03 19:58 . 2008-09-03 20:00 <REP> d--h----- C:\Program Files\Zero G Registry
2008-09-03 19:58 . 2008-09-03 19:58 <REP> d--h----- C:\Documents and Settings\Christophe\InstallAnywhere
2008-09-03 18:14 . 2008-09-03 18:14 <REP> d-------- C:\Program Files\Ares
2008-09-03 17:09 . 2008-09-03 17:12 <REP> d-------- C:\Program Files\Movies2iPhone
2008-09-03 15:59 . 2008-09-03 17:27 <REP> d-------- C:\Documents and Settings\Christophe\Contacts
2008-09-03 15:58 . 2008-09-03 15:59 <REP> d-------- C:\Program Files\Windows Live
2008-09-03 15:58 . 2008-09-03 15:58 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-03 15:58 . 2008-09-03 15:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-03 15:56 . 2008-09-03 15:56 <REP> d-------- C:\Program Files\iTunes
2008-09-03 15:56 . 2008-09-03 15:56 <REP> d-------- C:\Program Files\iPod
2008-09-03 15:55 . 2008-09-03 15:55 <REP> d-------- C:\Program Files\QuickTime
2008-09-03 15:55 . 2008-09-03 15:55 <REP> d-------- C:\Program Files\Bonjour
2008-09-03 15:54 . 2008-09-03 15:59 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-03 15:54 . 2008-09-03 15:54 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-09-03 15:54 . 2008-09-03 15:54 <REP> d-------- C:\Program Files\Apple Software Update
2008-09-03 15:54 . 2008-09-03 15:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-03 15:54 . 2008-07-22 20:32 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-03 15:44 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-03 14:43 . 2008-09-03 14:43 <REP> d-------- C:\Program Files\Alwil Software
2008-09-03 14:35 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-03 14:34 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-03 14:30 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-09-03 14:30 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-03 14:30 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-03 14:30 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 18:01 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-03 16:13 --------- d-----w C:\Program Files\eMule
2008-09-03 15:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 14:10 --------- d-----w C:\Documents and Settings\Christophe\Application Data\Apple Computer
2008-09-03 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-03 13:44 --------- d-----w C:\Program Files\Java
2008-09-03 12:40 --------- d-----w C:\Program Files\Symantec
2008-09-03 12:40 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-09-03 12:37 --------- d-----w C:\Program Files\Norton AntiVirus
2008-09-03 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2006-11-06 16:34 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-08-21 888832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 7557120]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 86016]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2004-10-04 176216]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 32768]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 861184]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"Cloneur Expert Monitor"="C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2006-12-01 437675]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-12-01 61440]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"nwiz"="nwiz.exe" [2006-02-13 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"uhexzVfzg9"="C:\Documents and Settings\All Users\Application Data\slwxenqj\wfsjcbcb.exe" [2008-09-06 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AppAdm"= {49BD36A7-F680-A785-B01E-005FC47E944E} - C:\Program Files\ikvcgg\AppAdm.dll [2008-09-06 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=taedrd.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ecv61.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Icône AOL.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2004-04-08 06:25 496752 C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 16:09 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
R0 Ecv61;Ecv61;C:\WINDOWS\system32\Drivers\Ecv61.sys [2008-09-06 32256]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ADSLAutoconnect;ADSLAutoconnect;C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe [2006-09-01 450560]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
S3 r_server;Remote Administrator Service;C:\WINDOWS\system32\r_server.exe [2005-06-21 724992]
S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [ ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\d91z5n6d.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.gamekult.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 16:52:22
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ATWPKT2]
"ImagePath"="\??\C:\PROGRA~1\FICHIE~1\AOL\ACS\ATWPKT2.SYS"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-06 16:54:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-06 14:54:40
Pre-Run: 16,312,188,928 octets libres
Post-Run: 16,339,914,752 octets libres
206 --- E O F --- 2008-09-05 16:02:01
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1649 [GMT 2:00]
Endroit: C:\Documents and Settings\Christophe\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kpykovdy.dll
C:\WINDOWS\system32\taedrd.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
.
2008-09-06 16:34 . 2008-09-06 16:34 18,432 --a------ C:\WINDOWS\system32\browsearch.dll
2008-09-06 16:34 . 2008-09-06 16:34 6,656 --a------ C:\WINDOWS\system32\netd.dll
2008-09-06 16:34 . 2008-09-06 16:34 3,072 --a------ C:\WINDOWS\system32\pxcrt.dll
2008-09-06 16:02 . 2008-09-06 16:02 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-06 16:02 . 2008-09-06 16:02 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\Malwarebytes
2008-09-06 16:02 . 2008-09-06 16:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-06 16:02 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-06 16:02 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-06 15:00 . 2008-09-06 15:00 <REP> d-------- C:\VundoFix Backups
2008-09-06 13:58 . 2008-09-06 16:34 19,456 --a------ C:\WINDOWS\system32\mshtmllib.dll
2008-09-06 13:57 . 2008-09-06 13:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\slwxenqj
2008-09-06 13:39 . 2008-09-06 16:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-09-06 13:37 . 2008-09-06 13:37 <REP> d-------- C:\Program Files\ikvcgg
2008-09-06 13:37 . 2008-09-06 13:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\vyrapqfo
2008-09-06 13:37 . 2008-09-06 13:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\hgdmlyho
2008-09-06 13:37 . 2008-09-06 16:34 5,632 --a------ C:\WINDOWS\system32\ptco.dll
2008-09-06 13:36 . 2008-09-06 13:36 32,917 --a------ C:\Documents and Settings\Christophe\loads.exe
2008-09-06 13:36 . 2008-09-06 13:36 32,256 --a------ C:\WINDOWS\system32\drivers\Ecv61.sys
2008-09-06 13:36 . 2008-09-06 13:58 9,728 --a------ C:\WINDOWS\system32\browserui.dll
2008-09-06 13:36 . 2008-09-06 13:58 4,096 --a------ C:\WINDOWS\system32\clfsw.dll
2008-09-06 13:36 . 2008-09-06 16:33 2,098 --a------ C:\WINDOWS\system32\fdeploy.ocx
2008-09-06 13:36 . 2008-09-06 13:40 2 --a------ C:\876957863
2008-09-04 18:43 . 2008-09-04 18:43 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-09-04 18:43 . 2008-09-04 18:43 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-09-04 18:43 . 2008-09-04 18:43 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-04 09:56 . 2008-09-04 10:05 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-04 09:44 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-04 09:44 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-04 09:44 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-03 20:01 . 2008-09-03 20:01 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\Sports Interactive
2008-09-03 20:01 . 2008-09-03 20:01 <REP> dr-h----- C:\Documents and Settings\Christophe\Application Data\SecuROM
2008-09-03 19:58 . 2008-09-03 20:00 <REP> d--h----- C:\Program Files\Zero G Registry
2008-09-03 19:58 . 2008-09-03 19:58 <REP> d--h----- C:\Documents and Settings\Christophe\InstallAnywhere
2008-09-03 18:14 . 2008-09-03 18:14 <REP> d-------- C:\Program Files\Ares
2008-09-03 17:09 . 2008-09-03 17:12 <REP> d-------- C:\Program Files\Movies2iPhone
2008-09-03 15:59 . 2008-09-03 17:27 <REP> d-------- C:\Documents and Settings\Christophe\Contacts
2008-09-03 15:58 . 2008-09-03 15:59 <REP> d-------- C:\Program Files\Windows Live
2008-09-03 15:58 . 2008-09-03 15:58 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-03 15:58 . 2008-09-03 15:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-03 15:56 . 2008-09-03 15:56 <REP> d-------- C:\Program Files\iTunes
2008-09-03 15:56 . 2008-09-03 15:56 <REP> d-------- C:\Program Files\iPod
2008-09-03 15:55 . 2008-09-03 15:55 <REP> d-------- C:\Program Files\QuickTime
2008-09-03 15:55 . 2008-09-03 15:55 <REP> d-------- C:\Program Files\Bonjour
2008-09-03 15:54 . 2008-09-03 15:59 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-03 15:54 . 2008-09-03 15:54 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-09-03 15:54 . 2008-09-03 15:54 <REP> d-------- C:\Program Files\Apple Software Update
2008-09-03 15:54 . 2008-09-03 15:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-03 15:54 . 2008-07-22 20:32 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-03 15:44 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-03 14:43 . 2008-09-03 14:43 <REP> d-------- C:\Program Files\Alwil Software
2008-09-03 14:35 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-03 14:34 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-03 14:30 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-09-03 14:30 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-03 14:30 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-03 14:30 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 18:01 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-03 16:13 --------- d-----w C:\Program Files\eMule
2008-09-03 15:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 14:10 --------- d-----w C:\Documents and Settings\Christophe\Application Data\Apple Computer
2008-09-03 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-03 13:44 --------- d-----w C:\Program Files\Java
2008-09-03 12:40 --------- d-----w C:\Program Files\Symantec
2008-09-03 12:40 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-09-03 12:37 --------- d-----w C:\Program Files\Norton AntiVirus
2008-09-03 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2006-11-06 16:34 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-08-21 888832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 7557120]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 86016]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2004-10-04 176216]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 32768]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 861184]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"Cloneur Expert Monitor"="C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2006-12-01 437675]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-12-01 61440]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"nwiz"="nwiz.exe" [2006-02-13 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"uhexzVfzg9"="C:\Documents and Settings\All Users\Application Data\slwxenqj\wfsjcbcb.exe" [2008-09-06 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AppAdm"= {49BD36A7-F680-A785-B01E-005FC47E944E} - C:\Program Files\ikvcgg\AppAdm.dll [2008-09-06 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=taedrd.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ecv61.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Icône AOL.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2004-04-08 06:25 496752 C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 16:09 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
R0 Ecv61;Ecv61;C:\WINDOWS\system32\Drivers\Ecv61.sys [2008-09-06 32256]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ADSLAutoconnect;ADSLAutoconnect;C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe [2006-09-01 450560]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
S3 r_server;Remote Administrator Service;C:\WINDOWS\system32\r_server.exe [2005-06-21 724992]
S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [ ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\d91z5n6d.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.gamekult.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 16:52:22
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ATWPKT2]
"ImagePath"="\??\C:\PROGRA~1\FICHIE~1\AOL\ACS\ATWPKT2.SYS"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-06 16:54:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-06 14:54:40
Pre-Run: 16,312,188,928 octets libres
Post-Run: 16,339,914,752 octets libres
206 --- E O F --- 2008-09-05 16:02:01
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
6 sept. 2008 à 16:58
6 sept. 2008 à 16:58
Quel antivirus tu as ? appart antispyware 2008 et anitvirus 2008 qui sonts des rogues(faux antivirus pour infécté ton pc)
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
6 sept. 2008 à 17:00
6 sept. 2008 à 17:00
je vois que tu as norton desinstalle le ici stp
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
Telecharge Avira antivir(français gratuit) ici http://dl1.avgate.net/down/windows/antivir_workstation_winu_fr_h.exe
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
Telecharge Avira antivir(français gratuit) ici http://dl1.avgate.net/down/windows/antivir_workstation_winu_fr_h.exe
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
6 sept. 2008 à 17:02
6 sept. 2008 à 17:02
ok desinstall aussi avast avant de telecharger avira ici https://www.avast.com/fr-fr/uninstall-utility
On n'a supprimé deux rogues et une infection virtumonde sa doit aller mieux pour ton ordi
On n'a supprimé deux rogues et une infection virtumonde sa doit aller mieux pour ton ordi
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
6 sept. 2008 à 17:06
6 sept. 2008 à 17:06
ok je t'attend
Je n'arrive pas a supprimé avast, car apparament avast est en fonctionnement or, je ne le vois pas fonctionner, dois je lancer mon pc en mode sans echec pour essayer ?
De plus, en coupe feu j'utilisais celui intégrer a xp est il suffisant ?
Enfin, je n'ai pas encore installer le sp3, j'ai eu peur car au dire de certain il est pas super fiable et alors que je l'avait installé j'ai fait une mise a jour d'itunes et ensuite impossible de charger windows, et meme de passer en mode sans echec, heureusement que j'ai une image de ma partition C.
Si tu peux m'aider sur ces 3 cas.
Encore merci de ton aide
De plus, en coupe feu j'utilisais celui intégrer a xp est il suffisant ?
Enfin, je n'ai pas encore installer le sp3, j'ai eu peur car au dire de certain il est pas super fiable et alors que je l'avait installé j'ai fait une mise a jour d'itunes et ensuite impossible de charger windows, et meme de passer en mode sans echec, heureusement que j'ai une image de ma partition C.
Si tu peux m'aider sur ces 3 cas.
Encore merci de ton aide
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
6 sept. 2008 à 17:28
6 sept. 2008 à 17:28
demarre en mode sans echec Va dans poste de travail>C:/>Programe files>et supprime entierment le dossier appeler "avast".
Pour le parfeu on verras a la fin
"Charger windows" ?
Pour le parfeu on verras a la fin
"Charger windows" ?
c'est vrai que je n'ai pas été clair
J'ai voulu dire lorsque 'il y a la petite barre bleue au lancement qui défile avec au dessus écrit: " Windows xp" et le logo
La barre de chargement bleue restait figé et impossible d'aller sur le bureau, j'était bloqué.
Maintenant j'hésite a réinstaller le SP3!
Bon je redémarre en sans echec.
Sinon merci beaucoup, je n'ai plus le message d'infection et j'ai l'impression qUe c'est revenu a la normal :)
J'ai voulu dire lorsque 'il y a la petite barre bleue au lancement qui défile avec au dessus écrit: " Windows xp" et le logo
La barre de chargement bleue restait figé et impossible d'aller sur le bureau, j'était bloqué.
Maintenant j'hésite a réinstaller le SP3!
Bon je redémarre en sans echec.
Sinon merci beaucoup, je n'ai plus le message d'infection et j'ai l'impression qUe c'est revenu a la normal :)
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
6 sept. 2008 à 17:46
6 sept. 2008 à 17:46
Ok de rien, après l'installation d'avira, je vouderais que tu fasse un netoyage avec cleaner.
Telecharge ccleaner ici http://www.infos-du-net.com/telecharger/CCleaner,0301-1039.html
Une fois ouvert verifie a ce que toutes les cases soit coché dans "applications" et "windows"puis
clique sur "Analyse" et a la fin clique sur "Lancer le nettoyage" ensuite va dans la partie "Registre"
coche toutes les cases puis clique sur "Chercher des erreurs" et a la fin "Corrgier les erreurs" repond "Non"
au message puis refais "Chercher des erreurs" et corrige les jusqu'a qu'il y'en n'ai plus.
Puis
Télécharge ToolsCleaner sur ton bureau> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
-Double-clique sur « Toolscleaner.exe »
-Clique sur "restauration" pour créer un point de restauration.
-Puis clique sur « recherche »
-Quand la recherche sera terminée, clique sur "suppression".
-A la fin (il y aura des indications dans le cadre en-dessous), clique sur "quitter" et poste le rapport qui se trouve dans %systemdrive%\Tcleaner.txt dans ton prochain message.
Telecharge ccleaner ici http://www.infos-du-net.com/telecharger/CCleaner,0301-1039.html
Une fois ouvert verifie a ce que toutes les cases soit coché dans "applications" et "windows"puis
clique sur "Analyse" et a la fin clique sur "Lancer le nettoyage" ensuite va dans la partie "Registre"
coche toutes les cases puis clique sur "Chercher des erreurs" et a la fin "Corrgier les erreurs" repond "Non"
au message puis refais "Chercher des erreurs" et corrige les jusqu'a qu'il y'en n'ai plus.
Puis
Télécharge ToolsCleaner sur ton bureau> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
-Double-clique sur « Toolscleaner.exe »
-Clique sur "restauration" pour créer un point de restauration.
-Puis clique sur « recherche »
-Quand la recherche sera terminée, clique sur "suppression".
-A la fin (il y aura des indications dans le cadre en-dessous), clique sur "quitter" et poste le rapport qui se trouve dans %systemdrive%\Tcleaner.txt dans ton prochain message.
Ma question peut te paraitre stupide mais j'ai tune up utilities, il est pas suffisant par rapport à ccleaner ???
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
6 sept. 2008 à 17:58
6 sept. 2008 à 17:58
Non supprime le
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
6 sept. 2008 à 18:01
6 sept. 2008 à 18:01
http://forum.telecharger.01net.com/forum/high-tech/LOGICIELS/Logiciels-divers/antivir-personnal-francais-sujet_279110_1.htm
Lien d'avira
Lien d'avira
Maintenant je passe a Tools cleaner.
En ce qui concerne le SP3, je l'installe ???
Et pour le pare feu ???
En ce qui concerne le SP3, je l'installe ???
Et pour le pare feu ???
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
6 sept. 2008 à 18:06
6 sept. 2008 à 18:06
comodo firewall https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
pour SP3 je te consseile pas sa peut recommencer moi je l'ai pas installer
pour SP3 je te consseile pas sa peut recommencer moi je l'ai pas installer
voila le rapport !
[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\VundoFix.txt: trouvé !
C:\Combofix.txt: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\Christophe\Recent\HijackThis.lnk: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\Christophe\Recent\HijackThis.lnk: supprimé !
C:\VundoFix.txt: supprimé !
C:\Combofix.txt: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\VundoFix.txt: trouvé !
C:\Combofix.txt: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\Christophe\Recent\HijackThis.lnk: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\Christophe\Recent\HijackThis.lnk: supprimé !
C:\VundoFix.txt: supprimé !
C:\Combofix.txt: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
plm69
Messages postés
527
Date d'inscription
dimanche 27 juillet 2008
Statut
Membre
Dernière intervention
8 septembre 2008
17
6 sept. 2008 à 18:15
6 sept. 2008 à 18:15
ok supprime toolcleaner, fais un mise a jour avec avira puis un scan et poste le rapport ici a la fin du scan
6 sept. 2008 à 16:03