S'abonner :  Newsletters    Magazines
Avis sur les produits Avis sur les logiciels Avis sur les jeux Actualités A propos de 01net
258 utilisateurs connectés
Forum de 01net / Sécurité / Problème avec MSServer [résolu]

Problème avec MSServer [résolu]

aranox le 24 aout 2008 à 06h24
Bonjour.
J'ai vu que certaines personnes on eu le même problème ( ou similaire ) que moi.
Avast et AVG ( que j'avais avant ) me présente la même alerte tous les deux.
Il s'agit de dll des fois différentes situées dans :
C:\Windows\SysWOW64
Si je ne me trompe pas, c'est MSServer qui est la cause de ce soucis.
Je suis sous Vista 64 bits Intégrale.
J'ai lu différent posts, mais il est conseillé d'ouvrir un nouveau pour chaque utilisateur et non d'effectuer les manips dictées pour quelqu'un d'autre.
Donc voilà, j'espère une réponse et vous en remercie d'avance.
-->Message édité par aranox le 01/09/2008 22:25:45<--
répondre
dédétraqué le 30 aout 2008 à 00h00
Salut aranox


On va vérifier cela :

Télécharge Hijackthis V 2.02 sur le bureau :

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe


- Double clique sur HJTInstall.exe sur le bureau

- Clique sur Install ensuite sur I Accept

- ferme toutes les fenêtres, HJT doit être exécuté seul (tout autre programme fermé).

- lancer HJT et clic sur Do a system scan and save a logfile

Quand le rapport apparaît dans le bloc note, allez dans Edition, puis Sélectionner Tout, le texte est alors sélectionné, retourne dans Edition toujours en laissant le texte sélectionné, et cliquez sur copier.


Dans ta prochaine réponse, faire un clic droit et coller.


Aide : http://forum.telecharger.01net.com/microhebdo/questions-techniques-diverses/t(...)


@++
répondre
aranox le 30 aout 2008 à 16h33
Merci beaucoup de me répondre.
Voilà le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:16, on 30/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {179CAEA9-9546-4CF7-B9DA-4F1724B59D79} - C:\Windows\SysWow64\urqopoNE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E525B124-28E1-4D57-B784-B2AABFBBFA66} - C:\Windows\SysWow64\opnNFWQJ.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnNFWQJ.dll,#1
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6385 bytes
répondre
dédétraqué le 30 aout 2008 à 17h09
Salut aranox


Désactive le contrôle des comptes utilisateurs UAC (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.


Important Désactive toute protection résidente ! (Antivirus, antispywares) :
http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm


Télécharge combofix.exe (de sUBs) sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe



==> Sauvegarde et ferme toutes les fenêtres actives, il va y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

Double clique sur combofix.exe, clique sur OUI et valide par Entrée pour lancer le scan

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\ Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


@++
répondre
aranox le 30 aout 2008 à 18h12
Désolé Combofix ne fonctionne pas sous Vista 64
répondre
dédétraqué le 30 aout 2008 à 18h36
Salut aranox


- Télécharge et installe MalwareByte's Anti-Malware http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

- Mets le à jour

---

- Redémarre en mode sans échec :

Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur

---

- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Tutoriel pour MalwareByte's ici :
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php


@++
répondre
aranox le 30 aout 2008 à 19h13
Je fais ça, et je réponds un peu plus tard, je dois sortir.
Merci pour ton aide vraiment.
répondre
aranox le 30 aout 2008 à 21h48
Voilà, scan fini, voici le rapport :

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1098
Windows 6.0.6001 Service Pack 1

21:43:52 30/08/2008
mbam-log-08-30-2008 (21-43-52).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 196625
Temps écoulé: 28 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 241

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{179caea9-9546-4cf7-b9da-4f1724b59d79} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{179caea9-9546-4cf7-b9da-4f1724b59d79} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e525b124-28e1-4d57-b784-b2aabfbbfa66} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e525b124-28e1-4d57-b784-b2aabfbbfa66} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b2fcd752-e7a6-465c-8541-8b9d1c87c4cc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{334ffdfc-bf08-4cf9-be1b-27a8f2e5263c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9679043-e15e-4f11-8d7c-7a71c61ad7e1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e525b124-28e1-4d57-b784-b2aabfbbfa66} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\\windows\\system32\\iifeeexw -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\SysWOW64\urqopoNE.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ENopoqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ENopoqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\awturQkK.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\KkQrutwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\KkQrutwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\awtusTjI.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\IjTsutwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\IjTsutwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\cbxvvvvs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\svvvvxbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\svvvvxbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ddCUKEvT.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\TvEKUCdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\TvEKUCdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\geBqqPjH.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\HjPqqBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\HjPqqBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\hggGywvu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\uvwyGggh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\uvwyGggh.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\iifcBtQg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\gQtBcfii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\gQtBcfii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\jKAQifFv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vFfiQAKj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vFfiQAKj.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\jkkJbayV.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\VyabJkkj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\VyabJkkj.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\khfCrSlJ.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\JlSrCfhk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\JlSrCfhk.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJATNdE.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\EdNTAJjl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mlJDSlkJ.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\JklSDJlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nnnllLEt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\tELllnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nnnnnkLD.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\DLknnnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\opnMgGvT.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\TvGgMnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\TvGgMnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\qoMgfCvW.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\WvCfgMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\rqRIyYsq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\qsYyIRqr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\qsYyIRqr.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ssqQHbxv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vxbHQqss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vxbHQqss.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ssqRIXqo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\oqXIRqss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\oqXIRqss.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\tuVOEwUn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nUwEOVut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nUwEOVut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\tuvVMcBr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\rBcMVvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\rBcMVvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\urqopoNE.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ENopoqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ENopoqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vtuRKeFU.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\UFeKRutv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\UFeKRutv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vtuVmJBQ.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\QBJmVutv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\QBJmVutv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\wvUOhgGW.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\WGghOUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\WGghOUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\xxyvsQkl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\lkQsvyxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\lkQsvyxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\xxyyXrqP.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\PqrXyyxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\yaYOecyV.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\VyceOYay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\VyceOYay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\yaYRhHaB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\BaHhRYay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\BaHhRYay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\yayvVPFY.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\YFPVvyay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\YFPVvyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\opnNFWQJ.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Windows\System32\opnNFWQJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Neo\AppData\Local\Temp\tmp000133bd (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Neo\AppData\Local\Temp\tmp00013c19 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Neo\AppData\Local\Temp\tmp0001461c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Neo\AppData\Local\Temp\tmp000146d7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\bYOHBQHb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\byXOHYon.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cBSIbAsP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cbxyVOHY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fccbXQjk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fcCRKdBq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gebCTlii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\geBqQJAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hggdayVl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iIbAtsQh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iifDTmjJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iiFuVLeC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iiFvWMcA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jkKbBqqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jkKdbCrq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jkKebcAs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jkkLBqNe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jkkLDSif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\khfeeCRI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\khfETjhH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\khfFYPFY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJARjhi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJbBRHW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJDSLET.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ljjHyvWM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ljjkIYpP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJYPhIA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mlJBUMgf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mlJCTMcA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\nNEWolJY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\nnnOfCrP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\nnnOHbBt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\nxgeafqf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pmNETKCT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pmnmlmnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pmnoOgff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qoMdDSjK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qoMffcbX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rQHBqrol.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ssqQJyYR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ssqRhgEV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tuvWnlmk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\urqQiFXN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vtULcdaa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vtUmMCro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vtuVoMgf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wVpPfExv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wvUmmNDt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xXpMggGX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yayvSiHy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yayWMDUk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yayyAsRI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\awturQkK.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\awtusTjI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\bYOHBQHb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\byXOHYon.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\cBSIbAsP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\cbxvvvvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\cbxyVOHY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ddCUKEvT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\fccbXQjk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\fcCRKdBq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\gebCTlii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\geBqQJAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\geBqqPjH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\hggdayVl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\hggGywvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\iIbAtsQh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\iifcBtQg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\iifDTmjJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\iiFuVLeC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\iiFvWMcA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\jKAQifFv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\jkKbBqqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\jkKdbCrq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\jkKebcAs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\jkkJbayV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\jkkLBqNe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\jkkLDSif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\khfCrSlJ.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\khfeeCRI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\khfETjhH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\khfFYPFY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ljJARjhi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ljJATNdE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ljJbBRHW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ljJDSLET.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ljjHyvWM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ljjkIYpP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ljJYPhIA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\mlJBUMgf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\mlJCTMcA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\mlJDSlkJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\nNEWolJY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\nnnllLEt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\nnnnnkLD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\nnnOfCrP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\nnnOHbBt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\nxgeafqf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\opnMgGvT.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\pmNETKCT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\pmnmlmnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\pmnoOgff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\qoMdDSjK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\qoMffcbX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\qoMgfCvW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\rQHBqrol.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\rqRIyYsq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ssqQHbxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ssqQJyYR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ssqRhgEV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ssqRIXqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\tuVOEwUn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\tuvVMcBr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\tuvWnlmk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\urqQiFXN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\vtULcdaa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\vtUmMCro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\vtuRKeFU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\vtuVmJBQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\vtuVoMgf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\wVpPfExv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\wvUmmNDt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\wvUOhgGW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\xXpMggGX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\xxyvsQkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\xxyyXrqP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\yaYOecyV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\yaYRhHaB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\yayvSiHy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\yayvVPFY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\yayWMDUk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\yayyAsRI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tuvUoOIC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qoMffGyy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cbXoMEtS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cbXQgdbA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jkkKCTmm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\nnnNFuUk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\awtuRkJC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\efcCRHBt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hgGawVLf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hgGvSIYo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iifeeExW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iiFxVlKB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yayyWmME.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fcCrpppm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vtUOefgd.dll (Trojan.vundo) -> Quarantined and deleted successfully.
répondre
dédétraqué le 30 aout 2008 à 21h55
Salut aranox


Il y as tellement de monde que le rapport n'entre pas :mdr:

Poste moi un nouveau rapport HIjackThis et utilise cjoint.com http://cjoint.com/ pour poster en lien ton rapport Malwarebytes

- Clique sur Parcourir pour aller chercher le rapport
- Clique sur Ouvrir ensuite sur Créer le lien Cjoint

- Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.
répondre
aranox le 30 aout 2008 à 22h02
Nouveau rapport HJT :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:42, on 30/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5972 bytes


Lien rapport Malwarebytes

http://cjoint.com/?iEv7XrfH60
répondre
dédétraqué le 30 aout 2008 à 22h19
Salut aranox


As-tu le DVD de Vista pour réparer?


@++
répondre
aranox le 30 aout 2008 à 22h26
Oui je l'ai.
Je fais une réparation ?
répondre
dédétraqué le 30 aout 2008 à 22h30
Salut aranox


Oui absolument, voir ce lien :

http://www.micro-astuce.com/Forum/topic1637.html


@++
répondre
aranox le 30 aout 2008 à 22h34
OK je m'y mets
répondre
aranox le 30 aout 2008 à 23h06
J'ai fini la réparation système
répondre
dédétraqué le 30 aout 2008 à 23h09
Salut aranox


Poste moi un nouveau rapport HJT


@++
répondre
aranox le 30 aout 2008 à 23h12
Le voilà :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:09, on 30/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6100 bytes
répondre
aranox le 30 aout 2008 à 23h32
Je vais quitter.
Je reviendrai demain pour la suite si tu veux bien.
Je te remercie encore, bonne nuit
répondre
dédétraqué le 30 aout 2008 à 23h37
Salut aranox


Désactive le contrôle des comptes utilisateurs UAC (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.


Fais un scan en ligne ici http://webscanner.kaspersky.fr/ (A faire avec Internet Explorer)

- Désactive ton Antivirus durant le scan
- En bas à droite clique sur Démarrer Online-scanner dans la nouvelle fenêtre qui s'affiche clique sur J'accepte
- Accepte les Contrôle ActivX

- Choisis Poste de travail pour le scan. Celui-ci terminé clique sur Enregistrer rapport sous (Choisis fichier texte)
- Poste le rapport

- Pour t'aider à utiliser le scan en ligne http://www.malekal.com/scan_Av_en_ligne.html#mozTocId291566
- Si tu as un probléme pour l'installation du Contrôle ActivX lis ceci http://www.inoculer.com/activex.php3


NOTE : Si tu reçoit le message "La licence de Kaspersky On-line Scanner est périmée"
Via Ajout/Suppression de programmes supprime Kaspersky Online Scanner et refaire l’installation.


@++
-->Message édité par dédétraqué le 31/08/2008 05:28:00<--
répondre
aranox le 31 aout 2008 à 09h30
Le scan va être un peu long, j'ai 4 disques durs.

@ + tard
répondre
aranox le 31 aout 2008 à 19h35
Re !

Voilà le rapport du scan Kaspersky :

http://cjoint.com/?iFtIphOAiT
répondre
dédétraqué le 31 aout 2008 à 20h17
Salut aranox


Télécharge OTMoveIt (de Old_Timer) sur le bureau :

http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe


Double-clique sur OTMoveIt2.exe sur le bureau


- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

- Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved

C:\Windows\System32\sdfhost.exe
C:\Windows\SysWOW64\sdfhost.exe
H:\Cracks\STALKER.SOC.V1.0.ENG.HATRED.NOCD.ZIP
H:\Logiciels\Nero 8.3.6.0.1 Ultra HD Edition + serial number\keygen.exe


- Clique sur MoveIt! pour lancer la suppression.
- Lorsqu'un résultat apparaît dans le cadre Results clique sur Exit


Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles
Refais un scan en ligne avec Kaspersky pour vérification


@++
répondre
aranox le 31 aout 2008 à 20h30
Voilà le rapport :

C:\Windows\System32\sdfhost.exe moved successfully.
File/Folder C:\Windows\SysWOW64\sdfhost.exe not found.
H:\Cracks\STALKER.SOC.V1.0.ENG.HATRED.NOCD.ZIP moved successfully.
H:\Logiciels\Nero 8.3.6.0.1 Ultra HD Edition + serial number\keygen.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08312008_202746

Je refais le scan
répondre
aranox le 31 aout 2008 à 22h19
J'ai pas fini le scan que j'ai déjà 3 "virus" et 4 "objets infectés"
Je te posterai le rapport demain soir, si tu est dispo biensur.

@++
répondre
aranox le 01 septembre 2008 à 19h36
Salut.
J'ai pas pu poster avant à cause du taf.
Le rapport Kaspersky est trop volumineux, même avec cjoint.com
Je le coupe en deux et je t'envoie les deux liens.
1ere partie : http://cjoint.com/?jbtFJUvN7J
2eme partie : http://cjoint.com/?jbtJIHrKOx
répondre
dédétraqué le 01 septembre 2008 à 21h10
Salut aranox


Ton rapport est OK, on va faire un petit nettoyage de ton PC en supprimant les utilitaires téléchargés :

Double-clique sur OTMoveIt2.exe sur le bureau

Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder a Internet, Autorise le.

Une liste apparaît dans la partie gauche d'OTmoveIT.

Un message apparaît pour confirmer le nettoyage. Confirme.

Tu pourras aussi supprimer tous les rapports qui on été généré lors de la désinfection.


-----


- Je te donne quelques consignes de sécurité :

- Windows Update parfaitement à jour http://www.windowsupdate.com/ (catégories critique, Services Pack et Services Release)
- pare-feu bien paramétré
- antivirus bien paramétré et mis à jour régulièrement (quotidiennement s'il le faut) avec un scan complet régulier (journalier s'il le faut).
- une attitude prudente vis à vis de la navigation (pas de sites douteux : cracks, warez, sexe...) et vis à vis de la messagerie (fichiers joints aux messages doivent être scannés avant d'être ouverts)
- pas de téléchargement illégal, qui est le principal facteur d’infection (µTorrent, BitTorrent, eMule, Limewire, etc..)
- une attitude vigilante (être à l'affût d'un fonctionnement inhabituel de son système)
- nettoyage hebdomadaire du système (suppression des fichiers inutiles, nettoyage de la base de registre, scandisk, defrag)
- scan hebdomadaire antispyware
- un contrôle régulier de la console JAVA pour s'assurer qu'elle est à jour http://www.java.com/en/download/help/testvm.xml
- un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités :
http://www.malekal.com/scan_vulnerabilite.php


Si tu considère ton problème comme résolu, édite [:jlj:3] ton premier poste et ajoute [résolu] dans le titre.


@++
répondre
aranox le 01 septembre 2008 à 22h23
Merci infiniment pour ton aide.
Merci aussi pour tes conseils et pour le temps que tu m'as consacré.
Bonne continuation

@++
répondre


PRODUITS

TÉLÉCHARGER - LOGICIELS

JEUX VIDÉOS

LOISIRS

01NET PRO

AVIS ET COMMENTAIRES

A PROPOS DE 01NET

Forum de 01net / Sécurité / Problème avec MSServer [résolu]
publicité
> Jeu : Burger Shop 2
Votre but : reconstruire votre empire et attirer des nouveaux clients !

Service 01net
Newsletters 01net
abonnez vous gratuitement !
Actus
Voir le dernier numéro
Entreprise
Voir le dernier numéro
  
01Informatique
01 INFORMATIQUE
L'hebdo de référence des décideurs informatiques.
Micro Hebdo
MICRO HEBDO
L'hebdo qui vous simplifie la micro
et Internet.
L'Ordinateur Individuel
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter  |  Charte de confiance  |  Voir notice légale

01net.  -  01men  -  RMC  -  BFM Radio  -  BFM TV  -  TousLesPodcasts  -  01informatique.fr  -  Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.