S'abonner :

Newsletters

Magazines

01men.

Avis sur les produits

Avis sur les logiciels

Avis sur les jeux

Actualités

A propos de 01net

734 utilisateurs connectés

Forum de 01net / Sécurité / Problemes avec des fichiers Temp [ RESOLU ]

Problemes avec des fichiers Temp [ RESOLU ]

niKsy le 25 décembre 2007 à 03h09

Bonjour, je ne peut pas vous dire ce que j'ai mais le probleme est que dans "Mes documents" et "Programme files" j'ai des milliers de fichier Temp que je ne peut pas supprimer

J'ai essayer de les supprimer en mode sans echec mais lorsque je le demarre je n'ai qu'un ecran noir et mon bureau ne veut pas s'afficher :x.

Quelqu'un peut-il m'aider ?

-->Message édité par niKsy le 29/12/2007 22:24:43<--

répondre

Hageaxx le 25 décembre 2007 à 03h10

Bonsoir,

Télécharge HijackThis, renommes-le scanner.exe et place-le dans un répertoire dans les Programs Files!
Clique sur "Do a system scan and save a log file", le scan va durer environ 20 sec puis le bloc notes va s'ouvrir.
Copie/colle son contenu ici.

répondre

niKsy le 25 décembre 2007 à 03h21

Voili Voilou

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:20:37, on 25/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\jsfoikqu.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Soft4Ever\looknstop\_looknstop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\StorageProtector\strpmon.exe
C:\WINDOWS\system32\wzssvc.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\windows
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Ultimate Edition 2.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S8D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Windows Logical Driver] wzssvc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [a08f4f6d] rundll32.exe "C:\WINDOWS\system32\rtpwfgfb.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\jsfoikqu.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6155 bytes

répondre

Hageaxx le 25 décembre 2007 à 03h51

Bonsoir,

________________

1/ Relance HijackThis, coche ces lignes puis clique sur "Fix Checked" et referme HijackThis :

O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [a08f4f6d] rundll32.exe "C:\WINDOWS\system32\rtpwfgfb.dll",b

______________________________________________________________

2/ < inclued picture >

Télécharge la version d'évaluation AVG Anti-Spyware 7.5 ici :

http://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches(...)

et installe-le.

Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

Ouvre AVG Anti-Spyware et clic sur l'onglet Analyse, puis le sous-onglet Paramètres

Sélectionne dans Comment Réagir ? Quarantine. (voir l'aide l'aide AVG Anti-Spyware)

Reviens au sous-onglet Analyser puis clique sur Analyse complète du système.
---> Le scan démarre.

A la fin clique sur Appliquer toutes les actions, les éléments doivent alors être déplacés en quarantaine.
Puis clique sur Enregistrer le rapport d'analyse et enregistre le rapport sur le Bureau.

Post moi ensuite ce rapport dans ton prochain message !

___________

Bonne nuit. :hello:

répondre

niKsy le 25 décembre 2007 à 03h56

Juste avant que tu parte je voulais te dire que je n'arrive pas aller dans le mode sans echec :x, il demarre normalement, j'ai les pti msg mode sans echec dans les coins mai je ne voit pas le bureau, il ne veut pas s'afficher, ni les icones, ni le menu demmarer :x

répondre

Hageaxx le 25 décembre 2007 à 03h58

Fais-le en mode normal alors. :super:

répondre

niKsy le 25 décembre 2007 à 04h09

Je suis en train de scanner je te post le rapport juste aprés

Joyeux Noël et mercie de ton aide

répondre

niKsy le 25 décembre 2007 à 05h41

Et Hop! =)

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 05:40:19 25/12/2007

+ Résultat de l'analyse:

C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\image25.zip/image25-www.photobucket.com -> Backdoor.IRCBot.ans : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\qvqg.exe -> Proxy.Ranky.gn : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur\Cookies\administrateur@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@pinnaclesystems.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@ads.adengage[2].txt -> TrackingCookie.Adengage : Nettoyé.
:mozilla.62:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.63:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.64:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.72:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.24:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.27:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.28:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.29:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.30:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.32:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.34:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.35:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.36:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.43:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.44:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.47:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.13:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.23:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@france.real[1].txt -> TrackingCookie.Real : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@real[1].txt -> TrackingCookie.Real : Nettoyé.
:mozilla.52:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.55:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.56:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.57:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.58:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.59:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.67:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.14:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.15:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.16:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.17:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.12:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.6:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.37:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.38:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.39:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.40:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.41:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.42:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b5rzngzr.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
[896] C:\WINDOWS\system32\jsfoikqu.exe -> Trojan.Agent.aoy : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur\Local Settings\Temp\imageNew.zip/image00127.jpg-www.myphotoalbum.com -> Trojan.Agent.dcb : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wzssvc.exe -> Trojan.Agent.dcb : Nettoyé et sauvegardé (mise en quarantaine).

Fin du rapport

répondre

Hageaxx le 25 décembre 2007 à 12h15

Bonjour,

Fais un scan Panda (Nano Scan) de ton disque dur en utilisant Internet Explorer (Pas avec Firefox ni Firebird)!

http://www.pandasoftware.fr/activescan/activescan.html

Accepte l'Active X du site si nécessaire et désactive ton antivirus le temps du scan.

S'il détecte quelque chose, fais le Total Scan.

répondre

niKsy le 26 décembre 2007 à 19h29

Bon j'ai fait le scan avec panda et j'ai trouver + 170 fichier/trojan etc... mais lorsque je veux désinfecter il me demandent d'achter l'antivirus :s si je veux désinfecter :x

répondre

Hageaxx le 26 décembre 2007 à 19h55

Bonsoir,

Poste son rapport.

répondre

niKsy le 28 décembre 2007 à 01h10

Bonsoir,

J'ai refait le scan et bizzarement il n'a rien detecter ce soir :x

Félicitations !
Aucun virus, logiciel espion, cheval de Troie ou aucune autre menace ACTIVE ou LATENTE n'a été détecté(e) sur votre PC.
Nous avons détecté que avast! antivirus 4.7.1098 [VPS 071227-0] est désactivé(e).
El texto que corresponda en cada momento
Après l'analyse rapide de votre PC, aucun logiciel malveillant ACTIF ou LATENT n'a été détecté.

alors que hier soir j'ai reussi à me connecter en mode sans echec, j'ai fait un scan de avg anti-spyware qui a detecter plusieurs cookies tracking qu'il a supprimer, et j'ai supprimer les fichier .tmp que j'avait ( 15 milles a peu prés ) mais en me reconectant en mode normal les fichiers on commencer a se re-creer :s

répondre

niKsy le 28 décembre 2007 à 01h14

Le nom de la fenetre du message d'erreur est :

Important - Potencial errors found in the system

et la fenetre dit :

During a scan of files at system startup, potential errors in the system registry were found.
p-07-0100 irql: 1f SYSVER 0xff00024
NT_Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLED

voili voilou

répondre

naheulbeuk le 28 décembre 2007 à 20h18

bonsoir,

Télécharge ComboFix (créé par sUBs) sur ton Bureau

Démarre en mode sans échec : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)

Double clique combofix.exe.

Tape sur la touche Y (Yes) pour démarrer le scan.

ComboFix redémarrera ton PC

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

répondre

niKsy le 28 décembre 2007 à 22h37

Bonsoir à toi et merci de ton aide :);

Voila le rapport de ComboFix :

ComboFix 07-12-21.4 - Administrateur 2007-12-28 22:06:51.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.329 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Application Data\setup_en[1].exe
C:\Documents and Settings\Administrateur\Application Data\setup_en[2].exe
C:\Documents and Settings\Administrateur\Application Data\storageprotector
C:\Documents and Settings\Administrateur\Application Data\storageprotector\Logs\update.log
C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aakqnkcg.exe
C:\WINDOWS\system32\abktikiu.exe
C:\WINDOWS\system32\aeiyrrsc.exe
C:\WINDOWS\system32\aflmchva.dll
C:\WINDOWS\system32\ahalwamn.exe
C:\WINDOWS\system32\atpmhbto.dll
C:\WINDOWS\system32\avhbbiqu.exe
C:\WINDOWS\system32\avqhwtfh.dll
C:\WINDOWS\system32\awtqpon.dll
C:\WINDOWS\system32\awtqrqp.dll
C:\WINDOWS\system32\awtstut.dll
C:\WINDOWS\system32\awttqrq.dll
C:\WINDOWS\system32\awttrss.dll
C:\WINDOWS\system32\bauapbvy.exe
C:\WINDOWS\system32\bbctnmhj.ini
C:\WINDOWS\system32\bcaowdal.exe
C:\WINDOWS\system32\bcpfspsr.dll
C:\WINDOWS\system32\bdkrkvnf.ini
C:\WINDOWS\system32\bfaaplnq.exe
C:\WINDOWS\system32\bfgfwptr.ini
C:\WINDOWS\system32\bfjukhcm.dll
C:\WINDOWS\system32\bnaortys.ini
C:\WINDOWS\system32\bobjuhwp.dll
C:\WINDOWS\system32\btowatwe.dll
C:\WINDOWS\system32\byxutts.dll
C:\WINDOWS\system32\byxvtrr.dll
C:\WINDOWS\system32\byxxvvt.dll
C:\WINDOWS\system32\byxxwvs.dll
C:\WINDOWS\system32\cbxusqp.dll
C:\WINDOWS\system32\cbxvtrp.dll
C:\WINDOWS\system32\cbxwuss.dll
C:\WINDOWS\system32\cbxwxwv.dll
C:\WINDOWS\system32\cexyvwie.exe
C:\WINDOWS\system32\cffpdmuj.dll
C:\WINDOWS\system32\cnuwfhwy.ini
C:\WINDOWS\system32\cqhbfdwt.dll
C:\WINDOWS\system32\cvewoedt.dll
C:\WINDOWS\system32\cyxhbmvd.ini
C:\WINDOWS\system32\dachnoeq.dll
C:\WINDOWS\system32\daruvglu.ini
C:\WINDOWS\system32\dbctvyhw.dll
C:\WINDOWS\system32\dbyrliqj.exe
C:\WINDOWS\system32\debxplbc.dll
C:\WINDOWS\system32\dfqeuoqh.dll
C:\WINDOWS\system32\dfqrqcda.dll
C:\WINDOWS\system32\dhjqyoxs.dll
C:\WINDOWS\system32\dhvoxbdm.dll
C:\WINDOWS\system32\dkeuslwc.dll
C:\WINDOWS\system32\dkxumwgv.exe
C:\WINDOWS\system32\dnesjkps.dll
C:\WINDOWS\system32\dsoiqtgw.dll
C:\WINDOWS\system32\duceunoa.dll
C:\WINDOWS\system32\dvmbhxyc.dll
C:\WINDOWS\system32\dxfoovyl.dll
C:\WINDOWS\system32\dyyxwsto.exe
C:\WINDOWS\system32\ebmktbqs.dll
C:\WINDOWS\system32\eefddskp.dll
C:\WINDOWS\system32\eewqoula.dll
C:\WINDOWS\system32\efcdbyw.dll
C:\WINDOWS\system32\ehqolulv.ini
C:\WINDOWS\system32\ejnylucn.dll
C:\WINDOWS\system32\erersgjn.dll
C:\WINDOWS\system32\ewnboklq.exe
C:\WINDOWS\system32\exmhfwfm.dll
C:\WINDOWS\system32\exowatmf.dll
C:\WINDOWS\system32\fccabxu.dll
C:\WINDOWS\system32\fccawxx.dll
C:\WINDOWS\system32\fccbcde.dll
C:\WINDOWS\system32\fccdaxu.dll
C:\WINDOWS\system32\fecupejb.exe
C:\WINDOWS\system32\fhhjfkww.ini
C:\WINDOWS\system32\fjohleri.dll
C:\WINDOWS\system32\fkwlvtum.exe
C:\WINDOWS\system32\fmrengce.dll
C:\WINDOWS\system32\fnvkrkdb.dll
C:\WINDOWS\system32\fppvnqxv.exe
C:\WINDOWS\system32\fqlcumav.exe
C:\WINDOWS\system32\fqnbcpci.dll
C:\WINDOWS\system32\fuwegxpv.dll
C:\WINDOWS\system32\fytebvwc.dll
C:\WINDOWS\system32\gcpauyqx.dll
C:\WINDOWS\system32\gebbaya.dll
C:\WINDOWS\system32\gebcbxv.dll
C:\WINDOWS\system32\gebxwxw.dll
C:\WINDOWS\system32\gebxywt.dll
C:\WINDOWS\system32\ghetacdm.dll
C:\WINDOWS\system32\gjkmp.bak1
C:\WINDOWS\system32\gjkmp.bak2
C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\gjkmp.ini2
C:\WINDOWS\system32\gjkmp.tmp
C:\WINDOWS\system32\glqgqrvh.dll
C:\WINDOWS\system32\gnuoyprq.dll
C:\WINDOWS\system32\goyolaij.exe
C:\WINDOWS\system32\hdygbbtt.exe
C:\WINDOWS\system32\hftwhqva.ini
C:\WINDOWS\system32\hgedqvlh.dll
C:\WINDOWS\system32\hgghecc.dll
C:\WINDOWS\system32\hgghhfe.dll
C:\WINDOWS\system32\hglwgrts.exe
C:\WINDOWS\system32\hkrgfwgc.exe
C:\WINDOWS\system32\hqnmnrmq.exe
C:\WINDOWS\system32\hrkgyjbg.exe
C:\WINDOWS\system32\hshmclwi.exe
C:\WINDOWS\system32\hucmuhon.ini
C:\WINDOWS\system32\hwsxcbqm.exe
C:\WINDOWS\system32\hwvvjkhp.exe
C:\WINDOWS\system32\hyygbluq.dll
C:\WINDOWS\system32\ibfxcqmo.exe
C:\WINDOWS\system32\ibmwbbgi.exe
C:\WINDOWS\system32\iifcaby.dll
C:\WINDOWS\system32\iifcdcd.dll
C:\WINDOWS\system32\iifddec.dll
C:\WINDOWS\system32\iifghed.dll
C:\WINDOWS\system32\irelhojf.ini
C:\WINDOWS\system32\isuavgnp.exe
C:\WINDOWS\system32\isvsrqyu.exe
C:\WINDOWS\system32\ixptoidg.exe
C:\WINDOWS\system32\iyxxaupb.dll
C:\WINDOWS\system32\jbltrvvq.dll
C:\WINDOWS\system32\jhmntcbb.dll
C:\WINDOWS\system32\jhvmtyqk.exe
C:\WINDOWS\system32\jkkhggg.dll
C:\WINDOWS\system32\jkkkife.dll
C:\WINDOWS\system32\jlmbluot.dll
C:\WINDOWS\system32\jmvemixc.exe
C:\WINDOWS\system32\jpenqaqj.dll
C:\WINDOWS\system32\jrhcxejv.dll
C:\WINDOWS\system32\jumdpffc.ini
C:\WINDOWS\system32\jvkxqvkt.exe
C:\WINDOWS\system32\khfebyw.dll
C:\WINDOWS\system32\knowldfc.exe
C:\WINDOWS\system32\krxnmqvm.dll
C:\WINDOWS\system32\kthhwjjg.exe
C:\WINDOWS\system32\kvxvupfm.dll
C:\WINDOWS\system32\kwkmglqb.dll
C:\WINDOWS\system32\kxidpgoy.exe
C:\WINDOWS\system32\layflnus.exe
C:\WINDOWS\system32\lbinaufm.ini
C:\WINDOWS\system32\lbjjosio.exe
C:\WINDOWS\system32\lgrjhhyf.dll
C:\WINDOWS\system32\liwbdhdq.ini
C:\WINDOWS\system32\ljjigdb.dll
C:\WINDOWS\system32\ljjjhgf.dll
C:\WINDOWS\system32\lpeunwca.exe
C:\WINDOWS\system32\lvkwhmfr.dll
C:\WINDOWS\system32\lwtnntxy.dll
C:\WINDOWS\system32\mdcatehg.ini
C:\WINDOWS\system32\mdmehhef.exe
C:\WINDOWS\system32\mfjqdpoe.dll
C:\WINDOWS\system32\mfpuvxvk.ini
C:\WINDOWS\system32\mfuanibl.dll
C:\WINDOWS\system32\mfwfhmxe.ini
C:\WINDOWS\system32\mhcqckmb.exe
C:\WINDOWS\system32\mhgbuhpv.ini
C:\WINDOWS\system32\mhxwcixo.dll
C:\WINDOWS\system32\mljhghe.dll
C:\WINDOWS\system32\mljhhig.dll
C:\WINDOWS\system32\mljighi.dll
C:\WINDOWS\system32\mljjhhg.dll
C:\WINDOWS\system32\mnsankjl.exe
C:\WINDOWS\system32\mpugtnok.dll
C:\WINDOWS\system32\mweumjkb.dll
C:\WINDOWS\system32\mxkgenqk.exe
C:\WINDOWS\system32\mxlbeahy.dll
C:\WINDOWS\system32\myfdmpij.exe
C:\WINDOWS\system32\nculynje.ini
C:\WINDOWS\system32\nhkdjmgm.exe
C:\WINDOWS\system32\njstuwot.exe
C:\WINDOWS\system32\nmbhvysb.exe
C:\WINDOWS\system32\nmwlylts.exe
C:\WINDOWS\system32\nnnmjkk.dll
C:\WINDOWS\system32\nohumcuh.dll
C:\WINDOWS\system32\npccicim.exe
C:\WINDOWS\system32\nqlsngxp.dll
C:\WINDOWS\system32\nuceiedc.dll
C:\WINDOWS\system32\nugqvhww.dll
C:\WINDOWS\system32\octhbnhw.dll
C:\WINDOWS\system32\ofefenww.dll
C:\WINDOWS\system32\olcrfghf.dll
C:\WINDOWS\system32\olxikhpo.ini
C:\WINDOWS\system32\omfxuvnd.exe
C:\WINDOWS\system32\ophkixlo.dll
C:\WINDOWS\system32\opnmjih.dll
C:\WINDOWS\system32\opnmljh.dll
C:\WINDOWS\system32\opnnlmn.dll
C:\WINDOWS\system32\oshmymjv.dll
C:\WINDOWS\system32\oshposho.dll
C:\WINDOWS\system32\osuvbxck.exe
C:\WINDOWS\system32\otbhmpta.ini
C:\WINDOWS\system32\otigxjuq.dll
C:\WINDOWS\system32\otknmrdm.exe
C:\WINDOWS\system32\owrdytrf.dll
C:\WINDOWS\system32\oxiimvli.dll
C:\WINDOWS\system32\oywxcobs.dll
C:\WINDOWS\system32\piigkbup.dll
C:\WINDOWS\system32\pksddfee.ini
C:\WINDOWS\system32\plvubssv.exe
C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmnkiii.dll
C:\WINDOWS\system32\pmnmjgg.dll
C:\WINDOWS\system32\ppfeufrh.dll
C:\WINDOWS\system32\pphuwope.exe
C:\WINDOWS\system32\prqsqqhb.exe
C:\WINDOWS\system32\prtihgpd.exe
C:\WINDOWS\system32\ptyymufo.exe
C:\WINDOWS\system32\pvpgejkq.exe
C:\WINDOWS\system32\pyeydciw.exe
C:\WINDOWS\system32\pygoolek.dll
C:\WINDOWS\system32\pyiifexv.exe
C:\WINDOWS\system32\pyssfrju.dll
C:\WINDOWS\system32\qbtkjupu.exe
C:\WINDOWS\system32\qdhdbwil.dll
C:\WINDOWS\system32\qenbheoo.dll
C:\WINDOWS\system32\qkgudkqx.dll
C:\WINDOWS\system32\qnnsweck.exe
C:\WINDOWS\system32\qomjiji.dll
C:\WINDOWS\system32\qomkiij.dll
C:\WINDOWS\system32\qomlmlm.dll
C:\WINDOWS\system32\qrdsxbid.exe
C:\WINDOWS\system32\qrpyoung.ini
C:\WINDOWS\system32\qujxgito.ini
C:\WINDOWS\system32\qvrabqna.dll
C:\WINDOWS\system32\rblutirw.dll
C:\WINDOWS\system32\rdtrtgfb.dll
C:\WINDOWS\system32\rnejeagl.dll
C:\WINDOWS\system32\rnrnfwvd.dll
C:\WINDOWS\system32\rqrrstr.dll
C:\WINDOWS\system32\rqrsrrs.dll
C:\WINDOWS\system32\rtltctbq.exe
C:\WINDOWS\system32\rtpwfgfb.dll
C:\WINDOWS\system32\scaaqihx.exe
C:\WINDOWS\system32\scucppev.dll
C:\WINDOWS\system32\shoffvec.dll
C:\WINDOWS\system32\snoybrvv.ini
C:\WINDOWS\system32\souqnvpv.dll
C:\WINDOWS\system32\spkjsend.ini
C:\WINDOWS\system32\sqbtkmbe.ini
C:\WINDOWS\system32\sqkuxyor.exe
C:\WINDOWS\system32\ssqqnmj.dll
C:\WINDOWS\system32\svrhixnv.dll
C:\WINDOWS\system32\sxnfshpx.dll
C:\WINDOWS\system32\sxoyqjhd.ini
C:\WINDOWS\system32\sytroanb.dll
C:\WINDOWS\system32\sywvafgw.dll
C:\WINDOWS\system32\tklfljca.exe
C:\WINDOWS\system32\tosidmeb.exe
C:\WINDOWS\system32\tuvsqnl.dll
C:\WINDOWS\system32\twtayykx.ini
C:\WINDOWS\system32\uhavohyh.dll
C:\WINDOWS\system32\ujsumqvv.exe
C:\WINDOWS\system32\ulgvurad.dll
C:\WINDOWS\system32\uomvbpqp.dll
C:\WINDOWS\system32\uqnitxgs.exe
C:\WINDOWS\system32\urbayoyt.exe
C:\WINDOWS\system32\urqqrqo.dll
C:\WINDOWS\system32\uuliibvj.exe
C:\WINDOWS\system32\uvpkgqdx.exe
C:\WINDOWS\system32\uwvydrji.exe
C:\WINDOWS\system32\vkomyink.exe
C:\WINDOWS\system32\vluloqhe.dll
C:\WINDOWS\system32\vmpuqujy.exe
C:\WINDOWS\system32\vphubghm.dll
C:\WINDOWS\system32\vpowqade.exe
C:\WINDOWS\system32\vrgffmxm.exe
C:\WINDOWS\system32\vswrlggn.exe
C:\WINDOWS\system32\vtuusqo.dll
C:\WINDOWS\system32\vvbuggbu.dll
C:\WINDOWS\system32\vvrbyons.dll
C:\WINDOWS\system32\weaneqlc.dll
C:\WINDOWS\system32\wefqilhe.dll
C:\WINDOWS\system32\whyvtcbd.ini
C:\WINDOWS\system32\wocycsxx.dll
C:\WINDOWS\system32\wsfpumgd.dll
C:\WINDOWS\system32\wvuspmj.dll
C:\WINDOWS\system32\wvusrrp.dll
C:\WINDOWS\system32\wvuuvsr.dll
C:\WINDOWS\system32\wvuvvwu.dll
C:\WINDOWS\system32\wwkfjhhf.dll
C:\WINDOWS\system32\xfecbfqf.dll
C:\WINDOWS\system32\xkyyatwt.dll
C:\WINDOWS\system32\xlovqfcy.dll
C:\WINDOWS\system32\xnypjtlp.dll
C:\WINDOWS\system32\xtalcddt.exe
C:\WINDOWS\system32\xvwbldoj.dll
C:\WINDOWS\system32\xxyabya.dll
C:\WINDOWS\system32\xxyaxuu.dll
C:\WINDOWS\system32\xxywuut.dll
C:\WINDOWS\system32\xxywuuu.dll
C:\WINDOWS\system32\xxywvtr.dll
C:\WINDOWS\system32\xxyxvtu.dll
C:\WINDOWS\system32\xxyxyyw.dll
C:\WINDOWS\system32\yayabbb.dll
C:\WINDOWS\system32\yayayvv.dll
C:\WINDOWS\system32\yayxuur.dll
C:\WINDOWS\system32\yayyvvs.dll
C:\WINDOWS\system32\ycfqvolx.ini
C:\WINDOWS\system32\ydmbpfcx.dllbox
C:\WINDOWS\system32\yedcgbuu.exe
C:\WINDOWS\system32\yesfrqrq.dll
C:\WINDOWS\system32\yhemwpak.exe
C:\WINDOWS\system32\ykhlskch.dll
C:\WINDOWS\system32\yuhbbohy.dll
C:\WINDOWS\system32\ywhfwunc.dll
C:\WINDOWS\system32\yxkdwvkc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))))))))
.

2007-12-28 21:49 . 2007-12-28 21:49 14,033 --a------ C:\posF9F.tmp
2007-12-28 21:48 . 2007-12-28 21:48 14,033 --a------ C:\posE9F.tmp
2007-12-28 21:23 . 2007-12-28 21:24 14,033 --a------ C:\posDA4.tmp
2007-12-28 18:22 . 2007-12-28 21:24 1,031,199 ---hs---- C:\WINDOWS\system32\yctxumgv.ini
2007-12-28 18:16 . 2007-12-28 18:16 14,033 --a------ C:\posAE3.tmp
2007-12-28 15:38 . 2007-12-28 15:38 14,033 --a------ C:\pos9B7.tmp
2007-12-28 15:37 . 2007-12-28 15:38 14,033 --a------ C:\pos81C.tmp
2007-12-28 02:54 . 2007-12-28 21:43 7,168 --a------ C:\WINDOWS\system32\windows
2007-12-28 01:51 . 2007-12-28 01:51 14,033 --a------ C:\pos714.tmp
2007-12-28 00:49 . 2007-12-28 00:49 14,033 --a------ C:\pos5CB.tmp
2007-12-28 00:48 . 2007-12-28 00:48 14,033 --a------ C:\pos483.tmp
2007-12-27 17:00 . 2007-12-27 17:00 14,033 --a------ C:\pos3E8.tmp
2007-12-27 15:42 . 2007-12-27 17:03 1,031,439 ---hs---- C:\WINDOWS\system32\krmtwdyi.ini
2007-12-27 15:33 . 2007-12-27 15:34 14,033 --a------ C:\posD7.tmp
2007-12-27 12:02 . 2007-12-27 15:34 1,027,076 ---hs---- C:\WINDOWS\system32\dlbiisgf.ini
2007-12-27 03:45 . 2007-12-27 11:58 1,027,582 ---hs---- C:\WINDOWS\system32\uegtcrvl.ini
2007-12-26 16:57 . 2007-12-26 18:10 1,027,582 ---hs---- C:\WINDOWS\system32\rqaaslwo.ini
2007-12-25 15:22 . 2007-12-25 15:30 294 ---hs---- C:\WINDOWS\system32\ggpbuonb.ini
2007-12-25 12:41 . 2007-12-25 12:41 <REP> d-------- C:\Program Files\Panda Security
2007-12-25 12:33 . 2007-12-25 13:14 1,012,586 ---hs---- C:\WINDOWS\system32\tapelbex.ini
2007-12-25 06:01 . 2007-12-25 06:52 1,009,966 ---hs---- C:\WINDOWS\system32\taukdype.ini
2007-12-25 04:04 . 2007-12-25 04:04 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-12-25 04:03 . 2007-12-25 04:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-25 04:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-25 03:19 . 2007-12-25 03:19 <REP> d-------- C:\Program Files\Trend Micro
2007-12-25 01:55 . 2007-12-25 01:55 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-25 01:54 . 2007-12-25 01:54 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2007-12-25 01:22 . 2007-12-25 02:07 1,009,966 ---hs---- C:\WINDOWS\system32\exniaeln.ini
2007-12-24 23:29 . 2007-12-25 00:07 1,010,686 ---hs---- C:\WINDOWS\system32\rybbifnw.ini
2007-12-24 22:58 . 2007-12-24 23:26 1,010,566 ---hs---- C:\WINDOWS\system32\wrbdbfgf.ini
2007-12-24 22:38 . 2007-12-25 01:50 <REP> d-------- C:\Program Files\Free Window Registry Repair
2007-12-24 22:36 . 2007-12-24 22:56 1,010,446 ---hs---- C:\WINDOWS\system32\dbckiyuq.ini
2007-12-24 22:01 . 2007-12-24 22:31 1,010,326 ---hs---- C:\WINDOWS\system32\gtahtkeg.ini
2007-12-24 21:54 . 2007-12-24 21:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
2007-12-24 21:53 . 2007-12-25 01:50 <REP> d-------- C:\Program Files\Registry Repair
2007-12-24 21:39 . 2007-12-24 21:58 1,010,206 ---hs---- C:\WINDOWS\system32\yssfomtm.ini
2007-12-24 20:49 . 2007-12-24 21:39 1,010,086 ---hs---- C:\WINDOWS\system32\nwbmecei.ini
2007-12-24 20:24 . 2006-06-02 20:32 33,792 --------- C:\WINDOWS\system32\DllCache\custsat.dll
2007-12-24 20:19 . 2007-12-25 01:51 <REP> d-------- C:\ea2436970a04260a6d6c32
2007-12-24 20:15 . 2007-12-24 20:44 1,009,966 ---hs---- C:\WINDOWS\system32\pjpbewyj.ini
2007-12-24 03:51 . 2007-12-24 03:51 <REP> d-------- C:\Program Files\MSXML 6.0
2007-12-24 03:33 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS\system32\DllCache\fltmgr.sys
2007-12-24 03:33 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS\system32\DllCache\fltmc.exe
2007-12-24 03:33 . 2006-08-21 13:26 16,896 --------- C:\WINDOWS\system32\DllCache\fltlib.dll
2007-12-24 03:27 . 2007-12-24 18:59 992,130 ---hs---- C:\WINDOWS\system32\hvkwpbpk.ini
2007-12-23 20:03 . 2004-08-04 01:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-23 19:36 . 2007-12-24 03:22 992,010 ---hs---- C:\WINDOWS\system32\awmrbbqi.ini
2007-12-23 18:45 . 2007-12-23 19:33 991,890 ---hs---- C:\WINDOWS\system32\vpkpydhc.ini
2007-12-23 18:13 . 2007-12-23 18:40 991,770 ---hs---- C:\WINDOWS\system32\bphhvsbb.ini
2007-12-23 17:48 . 2007-12-23 18:11 991,650 ---hs---- C:\WINDOWS\system32\hhcnyots.ini
2007-12-23 17:14 . 2007-12-23 17:43 991,530 ---hs---- C:\WINDOWS\system32\vrsmyqbn.ini
2007-12-23 16:44 . 2007-12-23 17:12 991,410 ---hs---- C:\WINDOWS\system32\bgukbtsw.ini
2007-12-23 15:39 . 2007-12-23 16:37 991,290 ---hs---- C:\WINDOWS\system32\xuudsxya.ini
2007-12-23 15:13 . 2007-12-23 15:34 991,170 ---hs---- C:\WINDOWS\system32\ayjybtrq.ini
2007-12-23 03:54 . 2007-12-23 15:05 991,050 ---hs---- C:\WINDOWS\system32\xiqbgxxu.ini
2007-12-23 03:22 . 2007-12-23 03:47 990,930 ---hs---- C:\WINDOWS\system32\gbvvvrkm.ini
2007-12-23 02:12 . 2007-12-23 03:17 990,810 ---hs---- C:\WINDOWS\system32\finwqakw.ini
2007-12-23 01:57 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-23 01:57 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-23 01:57 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-22 18:28 . 2007-12-25 02:46 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-21 14:56 . 2007-12-21 15:58 987,454 ---hs---- C:\WINDOWS\system32\uduhpnuc.ini
2007-12-21 00:27 . 2007-12-21 11:09 987,514 ---hs---- C:\WINDOWS\system32\vojcmlyc.ini
2007-12-21 00:18 . 2007-12-21 00:18 165,472 --a------ C:\WINDOWS\system32\ydmbpfcx.dll
2007-12-21 00:18 . 2007-12-21 00:18 165,472 --a------ C:\WINDOWS\system32\scwcdkwr.dll
2007-12-19 15:28 . 2007-12-20 15:28 988,421 ---hs---- C:\WINDOWS\system32\jijgefec.ini
2007-12-18 22:46 . 2007-12-19 15:19 986,574 ---hs---- C:\WINDOWS\system32\fuxwuyuu.ini
2007-12-18 20:46 . 2007-12-18 20:46 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-12-18 13:33 . 2007-12-18 22:35 980,214 ---hs---- C:\WINDOWS\system32\hivxsubo.ini
2007-12-17 13:30 . 2007-12-18 13:31 970,674 ---hs---- C:\WINDOWS\system32\rgeiddbo.ini
2007-12-16 22:02 . 2007-12-16 22:01 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-16 22:01 . 2007-12-16 22:03 <REP> d-------- C:\Documents and Settings\Administrateur\.housecall6.6
2007-12-16 18:18 . 2007-12-17 13:27 970,614 ---hs---- C:\WINDOWS\system32\vgtcpjok.ini
2007-12-16 17:14 . 2007-12-16 18:10 970,494 ---hs---- C:\WINDOWS\system32\rdahrgbb.ini
2007-12-16 14:55 . 2007-12-16 14:55 <REP> d-------- C:\Program Files\Google
2007-12-16 13:29 . 2007-12-16 17:12 970,374 ---hs---- C:\WINDOWS\system32\xfdxpegv.ini
2007-12-16 13:09 . 2007-12-16 13:09 6,272 --a------ C:\WINDOWS\system32\keaocmxa.exe
2007-12-16 13:09 . 2007-12-16 13:10 131 --a------ C:\WINDOWS\ODBC.INI
2007-12-16 12:40 . 2007-12-16 12:40 <REP> d-------- C:\Program Files\Alwil Software
2007-12-16 12:40 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-16 12:40 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-16 12:40 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-12-16 12:40 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-16 12:40 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-16 12:40 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-16 12:40 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-16 12:40 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-16 12:37 . 2007-12-16 12:37 6,272 --a------ C:\WINDOWS\system32\ntftr.exe
2007-12-16 04:32 . 2007-12-16 12:37 970,743 ---hs---- C:\WINDOWS\system32\verrnkyg.ini
2007-12-16 04:26 . 2007-12-16 04:26 6,272 --a------ C:\WINDOWS\system32\oagiub.exe
2007-12-16 04:06 . 2007-12-16 04:06 6,272 --a------ C:\WINDOWS\system32\colwcmiq.exe
2007-12-16 00:13 . 2007-12-16 04:26 970,614 ---hs---- C:\WINDOWS\system32\qgaghylt.ini
2007-12-16 00:08 . 2007-12-16 00:08 6,272 --a------ C:\WINDOWS\system32\szklor.exe
2007-12-15 23:47 . 2007-12-15 23:47 6,272 --a------ C:\WINDOWS\system32\oqbnax.exe
2007-12-15 18:40 . 2007-12-16 00:08 970,494 ---hs---- C:\WINDOWS\system32\toqvrwjc.ini
2007-12-15 13:58 . 2007-12-15 18:38 956,696 ---hs---- C:\WINDOWS\system32\jlvgchtn.ini
2007-12-15 02:07 . 2007-12-15 13:32 950,009 ---hs---- C:\WINDOWS\system32\trtgbbci.ini
2007-12-14 12:06 . 2007-12-14 12:06 61,440 --------- C:\WINDOWS\system32\xdkm.exe
2007-12-14 11:37 . 2007-12-15 02:04 935,288 ---hs---- C:\WINDOWS\system32\mjlwagen.ini
2007-12-14 00:42 . 2007-12-14 00:42 61,440 --------- C:\WINDOWS\system32\lsqke.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 23:51 --------- d-----w C:\Program Files\Winamp Remote
2007-12-25 02:19 --------- d-----w C:\Program Files\Conquer 2.0
2007-12-25 00:55 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-25 00:50 --------- d-----w C:\Program Files\QuickTime
2007-12-25 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-24 21:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 03:25 --------- d-----w C:\Program Files\eMule
2007-12-16 13:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 21:39 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
2007-12-10 20:47 --------- d-----w C:\Program Files\Windows Live
2007-12-03 21:39 --------- d-----w C:\Program Files\Pinnacle
2007-12-01 14:24 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Winamp
2007-11-30 10:34 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AdobeUM
2007-11-26 16:38 --------- d-----w C:\Program Files\BatchDPG
2007-11-24 21:39 229,057 ----a-w C:\WINDOWS\Alcohol_Toolbar_Uninstaller_7734.exe
2007-11-24 21:39 --------- d-----w C:\Program Files\Alcohol Toolbar
2007-11-24 21:39 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-24 19:42 --------- d-----w C:\Program Files\Winamp
2007-11-24 11:16 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-20 17:44 --------- d-----w C:\Program Files\AviSynth 2.5
2007-11-20 14:26 --------- d-----w C:\Program Files\Java
2007-11-20 14:25 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-11-20 14:20 --------- d-----w C:\Program Files\DLDIrc
2007-11-16 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-11-16 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-11-16 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-11-16 13:09 --------- d-----w C:\Program Files\SmartSound Software
2007-11-16 13:07 --------- d-----w C:\Program Files\DivX
2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\DllCache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 21:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ventrilo
2007-11-12 21:25 --------- d-----w C:\Program Files\Ventrilo
2007-11-12 21:25 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-07 20:33 --------- d-----w C:\Program Files\MSBuild
2007-11-07 20:23 --------- d-----w C:\Program Files\Reference Assemblies
2007-11-07 16:17 --------- d-----w C:\Program Files\PhotoFiltre
2007-11-05 21:05 --------- d-----w C:\Program Files\Virtualdub
2007-11-05 03:11 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2007-11-04 21:38 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-04 21:36 --------- d-----w C:\Program Files\SLD Codec Pack
2007-11-04 15:57 --------- d-----w C:\Program Files\uTorrent
2007-10-30 10:18 3,079,680 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\DllCache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\DllCache\shell32.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01 227,328 ------w C:\WINDOWS\system32\DllCache\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-11 06:13 96,768 ------w C:\WINDOWS\system32\DllCache\inseng.dll
2007-10-11 06:13 663,552 ------w C:\WINDOWS\system32\DllCache\wininet.dll
2007-10-11 06:13 617,472 ------w C:\WINDOWS\system32\DllCache\urlmon.dll
2007-10-11 06:13 55,808 ------w C:\WINDOWS\system32\DllCache\extmgr.dll
2007-10-11 06:13 532,480 ------w C:\WINDOWS\system32\DllCache\mstime.dll
2007-10-11 06:13 474,624 ------w C:\WINDOWS\system32\DllCache\shlwapi.dll
2007-10-11 06:13 449,024 ------w C:\WINDOWS\system32\DllCache\mshtmled.dll
2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\DllCache\pngfilt.dll
2007-10-11 06:13 357,888 ------w C:\WINDOWS\system32\DllCache\dxtmsft.dll
2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\DllCache\iepeers.dll
2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\DllCache\dxtrans.dll
2007-10-11 06:13 16,384 ------w C:\WINDOWS\system32\DllCache\jsproxy.dll
2007-10-11 06:13 152,064 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\DllCache\msrating.dll
2007-10-11 06:13 1,495,040 ------w C:\WINDOWS\system32\DllCache\shdocvw.dll
2007-10-11 06:13 1,056,768 ------w C:\WINDOWS\system32\DllCache\danim.dll
2007-10-11 06:13 1,024,000 ------w C:\WINDOWS\system32\DllCache\browseui.dll
2007-10-10 11:16 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe
2007-09-29 13:55 107,134 ----a-w C:\WINDOWS\UninstallFirefox.exe
2007-09-28 17:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 17:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-12-21 00:18 165472 --a------ C:\WINDOWS\system32\ydmbpfcx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-11-30 11:34]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-23 01:47]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Look 'n' Stop"="C:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2004-06-04 09:49]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:55 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:55 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-23 03:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ydmbpfcx]
ydmbpfcx.dll 2007-12-21 00:18 165472 C:\WINDOWS\system32\ydmbpfcx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2003-05-28 19:01]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-22 22:35:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 22:28:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ydmbpfcx.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ydmbpfcx.dll
.
Completion time: 2007-12-28 22:33:32 - machine was rebooted
.
2007-12-24 19:47:04 --- E O F ---

et le nouveau HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Soft4Ever\looknstop\_looknstop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ydmbpfcx.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O20 - Winlogon Notify: ydmbpfcx - C:\WINDOWS\SYSTEM32\ydmbpfcx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6547 bytes

Et merci encor de ton aide =)

répondre

naheulbeuk le 29 décembre 2007 à 10h17

bonjour,

1/ Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton "Scan for Vundo"
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt dans ta prochaine réponse.

2/ Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau
dans ta prochaine réponse avec un nouveau rapport HijackThis.

Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.

bonne journée :super:

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

répondre

niKsy le 29 décembre 2007 à 14h11

Salut à toi =)

Voila le rapport de Vundo :

VundoFix V6.7.7

Checking Java version...

Scan started at 12:37:09 29/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\abwv.exe
C:\WINDOWS\system32\beigfapt.exe
C:\WINDOWS\system32\bngyd.exe
C:\WINDOWS\system32\hhvus.exe
C:\WINDOWS\system32\ifhkmrep.exe
C:\WINDOWS\system32\igmessd.exe
C:\WINDOWS\system32\jwcam.exe
C:\WINDOWS\system32\lsqke.exe
C:\WINDOWS\system32\lxwkr.exe
C:\WINDOWS\system32\mstr.exe
C:\WINDOWS\system32\mvtesi.exe
C:\WINDOWS\system32\nabi.exe
C:\WINDOWS\system32\owwm.exe
C:\WINDOWS\system32\oyeoapo.exe
C:\WINDOWS\system32\rkydjj.exe
C:\WINDOWS\system32\tqoou.exe
C:\WINDOWS\system32\uvwmguuw.exe
C:\WINDOWS\system32\xcleaner_free.exe
C:\WINDOWS\system32\xdkm.exe
C:\WINDOWS\system32\ydmbpfcx.dll
C:\windows\system32\ydmbpfcx.dllbox
C:\WINDOWS\system32\yyqdiwj.exe
C:\WINDOWS\system32\zbjyhlx.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\abwv.exe
C:\WINDOWS\system32\abwv.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\beigfapt.exe
C:\WINDOWS\system32\beigfapt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\bngyd.exe
C:\WINDOWS\system32\bngyd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hhvus.exe
C:\WINDOWS\system32\hhvus.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ifhkmrep.exe
C:\WINDOWS\system32\ifhkmrep.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\igmessd.exe
C:\WINDOWS\system32\igmessd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jwcam.exe
C:\WINDOWS\system32\jwcam.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lsqke.exe
C:\WINDOWS\system32\lsqke.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lxwkr.exe
C:\WINDOWS\system32\lxwkr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mstr.exe
C:\WINDOWS\system32\mstr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mvtesi.exe
C:\WINDOWS\system32\mvtesi.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nabi.exe
C:\WINDOWS\system32\nabi.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\owwm.exe
C:\WINDOWS\system32\owwm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\oyeoapo.exe
C:\WINDOWS\system32\oyeoapo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rkydjj.exe
C:\WINDOWS\system32\rkydjj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tqoou.exe
C:\WINDOWS\system32\tqoou.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvwmguuw.exe
C:\WINDOWS\system32\uvwmguuw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xcleaner_free.exe
C:\WINDOWS\system32\xcleaner_free.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xdkm.exe
C:\WINDOWS\system32\xdkm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ydmbpfcx.dll
C:\WINDOWS\system32\ydmbpfcx.dll Has been deleted!

Attempting to delete C:\windows\system32\ydmbpfcx.dllbox
C:\windows\system32\ydmbpfcx.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\yyqdiwj.exe
C:\WINDOWS\system32\yyqdiwj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\zbjyhlx.exe
C:\WINDOWS\system32\zbjyhlx.exe Has been deleted!

Performing Repairs to the registry.
Done!

Celui de VGB :

[12/29/2007, 14:02:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[12/29/2007, 14:02:16] - Detected System Information:
[12/29/2007, 14:02:16] - Windows Version: 5.1.2600, Service Pack 2
[12/29/2007, 14:02:16] - Current Username: Administrateur (Admin)
[12/29/2007, 14:02:16] - Windows is in NORMAL mode.
[12/29/2007, 14:02:16] - Searching for Browser Helper Objects:
[12/29/2007, 14:02:16] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[12/29/2007, 14:02:16] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/29/2007, 14:02:16] - BHO 3: {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} (Alcohol Toolbar Helper)
[12/29/2007, 14:02:17] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[12/29/2007, 14:02:17] - Finished Searching Browser Helper Objects
[12/29/2007, 14:02:17] - Finishing up...
[12/29/2007, 14:02:17] - Nothing found! Exiting...

Et enfin celui de HJT : *

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Soft4Ever\looknstop\_looknstop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6396 bytes

Merci et bonne journée =)

répondre

naheulbeuk le 29 décembre 2007 à 14h40

coucou,

Avast! est loin de ce que l'on a fait de mieux en matière de protection, voir ce lien pour plus d'informations : http://forum.malekal.com/ftopic3123.php

Mais clairement, Antivir est beaucoup plus performant, c'est pourquoi, je te conseille TRES VIVEMENT de désinstaller Avast! et installer Antivir à la place : http://mickael.barroux.free.fr/securite/antivir.php
- Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
- Assure toi qu'Antivir est bien à jour, vérifie la date d'update.

-- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.

Redémarre en mode normal.

Poste le rapport ici.

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

répondre

niKsy le 29 décembre 2007 à 16h25

Coucou

Voila le rapport

AntiVir PersonalEdition Classic
Report file date: samedi 29 décembre 2007 15:33

Scanning for 994689 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: ORDINATEUR

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 14:27:05
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 14:27:05
ANTIVIR3.VDF : 7.0.1.173 4608 Bytes 28/12/2007 14:27:05
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 29/12/2007 14:27:06
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 29/12/2007 14:27:06
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 29 décembre 2007 15:33

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dmadmin.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '19' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrateur\Mes documents\stq\Stefan\MIRC\MIRC.EXE
[DETECTION] Is the Trojan horse TR/Mirchack.A.18
[INFO] The file was moved to '47c85d63.qua'!
C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was moved to '47e46111.qua'!
C:\qoobox\Quarantine\catchme2007-12-28_222755.68.zip
[0] Archive type: ZIP
--> ljjjhgf.dll
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
--> pmkjg.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ea61a8.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\aflmchva.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e261ae.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\atpmhbto.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e661bd.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\avqhwtfh.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e761bf.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\awtqpon.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47ea61c0.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\awtqrqp.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47ea61c1.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\awtstut.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '46957bb2.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\awttqrq.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47ea61c3.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\awttrss.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '46957bb4.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\btowatwe.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e561c0.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\byxvtrr.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '47ee61c5.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\byxxvvt.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '46917bb6.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cbxvtrp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '47ee61ae.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cbxwuss.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.1
[INFO] The file was moved to '47ee61af.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cffpdmuj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47dc61b3.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cqhbfdwt.dll.vir
[DETECTION] Is the Trojan horse TR/Virtumonde.C
[INFO] The file was moved to '47de61bf.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dachnoeq.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d961af.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dbctvyhw.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47d961b1.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\debxplbc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d861b4.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dfqeuoqh.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e761b6.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dfqrqcda.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46987bc7.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dhjqyoxs.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e061b8.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dhvoxbdm.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ec61b8.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dkeuslwc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47db61bc.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dnesjkps.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47db61bf.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dsoiqtgw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e561c5.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\duceunoa.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d961c7.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dvmbhxyc.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e361c8.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ebmktbqs.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e361b5.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\eefddskp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was moved to '47dc61b8.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\eewqoula.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ed61b9.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\efcdbyw.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.1
[INFO] The file was moved to '47d961ba.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ejnylucn.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e461be.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\erersgjn.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47db61c7.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\exmhfwfm.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e361cd.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fccawxx.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47d961b9.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fccbcde.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '46a67bca.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fccdaxu.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47d961bb.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fjohleri.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e561c1.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fnvkrkdb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was moved to '47ec61c5.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fqnbcpci.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e461c9.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fytebvwc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ea61d1.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gcpauyqx.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e661bc.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gebbaya.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.1
[INFO] The file was moved to '47d861be.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gebxywt.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.1
[INFO] The file was moved to '46a77bcf.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ghetacdm.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47db61c2.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gnuoyprq.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47eb61c8.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hgedqvlh.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a47bb3.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hgghhfe.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.1
[INFO] The file was moved to '47dd61c2.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hyygbluq.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ef61d5.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\iifcdcd.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.1
[INFO] The file was moved to '47dc61c6.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\iifddec.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '46a37bb7.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\iifghed.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47dc61c8.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jbltrvvq.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e261c0.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jhmntcbb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was moved to '47e361c6.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jkkhggg.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.1
[INFO] The file was moved to '47e161ca.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jkkkife.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '469e7bbb.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jlmbluot.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e361cb.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jpenqaqj.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.aby
[INFO] The file was moved to '47db61d0.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jrhcxejv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47de61d2.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\khfebyw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '47dc61c9.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\kvxvupfm.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47ee61d7.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\kwkmglqb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e161d9.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\lgrjhhyf.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e861c9.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ljjigdb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '47e061cd.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ljjjhgf.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '469f2d16.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\lvkwhmfr.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '469e2d02.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\lwtnntxy.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ea61da.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mfjqdpoe.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e061ca.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mfuanibl.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47eb61ca.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mhxwcixo.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ee61cd.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mljhghe.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '47e061d1.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mljhhig.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.1
[INFO] The file was moved to '469f2d0a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mljighi.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47e061d3.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mljjhhg.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '47e061d2.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mpugtnok.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47eb61d6.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nnnmjkk.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '47e461d5.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nohumcuh.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47de61d7.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nqlsngxp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e261d9.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nuceiedc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d961dd.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nugqvhww.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47dd61de.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\octhbnhw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ea61cc.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\olcrfghf.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d961d5.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ophkixlo.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was moved to '47de61da.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\opnnlmn.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47e461da.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\oshposho.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47de61dd.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\otigxjuq.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47df61df.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\owrdytrf.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e861e2.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\oywxcobs.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ed61e5.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\pmkjg.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47e161db.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\pmnkiii.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.1
[INFO] The file was moved to '469b2d03.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\pmnmjgg.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '47e461dc.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qdhdbwil.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was moved to '46a12d0b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qkgudkqx.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47dd61da.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qomjiji.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '47e361de.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qomlmlm.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '469c2d07.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qvrabqna.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e861e6.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rblutirw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e261d2.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rdtrtgfb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ea61d4.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rnejeagl.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47db61df.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rnrnfwvd.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e861df.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rqrrstr.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.1
[INFO] The file was moved to '47e861e3.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rqrsrrs.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '46972d3c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rtpwfgfb.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e661e6.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\scucppev.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46942d0f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\souqnvpv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47eb61e2.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ssqqnmj.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '47e761e6.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\sytroanb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was moved to '47ea61ed.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\sywvafgw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ed61ed.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tuvsqnl.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47ec61ea.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ulgvurad.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was moved to '47dd61e1.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uomvbpqp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e361e5.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\urqqrqo.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47e761e8.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vluloqhe.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was moved to '47eb61e3.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vphubghm.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47de61e7.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vtuusqo.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47eb61ec.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vvbuggbu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d861ee.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vvrbyons.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e861ef.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\wsfpumgd.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47dc61ec.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\wvuspmj.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '47eb61ef.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\wvusrrp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '47eb61f0.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\wvuuvsr.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '46942d29.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\wvuvvwu.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.1
[INFO] The file was moved to '47eb61f2.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\wwkfjhhf.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was moved to '47e161f2.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xfecbfqf.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47db61e1.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xkyyatwt.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47ef61e6.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xlovqfcy.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e561e8.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xnypjtlp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ef61ea.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xxyaxuu.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47ef61f4.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xxywuut.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47ef61f5.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xxywvtr.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '46902d2e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xxyxvtu.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.1
[INFO] The file was moved to '47ef61f7.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\yayabbb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '47ef61df.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\yayayvv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DSI
[INFO] The file was moved to '46902d38.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\yayxuur.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47ef61e1.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\yesfrqrq.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e961e4.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ykhlskch.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47de61ea.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ywhfwunc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was moved to '47de61f6.qua'!
C:\VundoFix Backups\abwv.exe.bad
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47ed61e2.qua'!
C:\VundoFix Backups\beigfapt.exe.bad
[DETECTION] Is the Trojan horse TR/Dldr.Agent.frm
[INFO] The file was moved to '47df61e6.qua'!
C:\VundoFix Backups\bngyd.exe.bad
[DETECTION] Is the Trojan horse TR/Dldr.Agent.frm
[INFO] The file was moved to '47dd61ef.qua'!
C:\VundoFix Backups\hhvus.exe.bad
[DETECTION] Is the Trojan horse TR/Dldr.Agent.frm
[INFO] The file was moved to '47ec61e9.qua'!
C:\VundoFix Backups\ifhkmrep.exe.bad
[DETECTION] Is the Trojan horse TR/Dldr.Agent.frm
[INFO] The file was moved to '47de61e8.qua'!
C:\VundoFix Backups\igmessd.exe.bad
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47e361e9.qua'!
C:\VundoFix Backups\jwcam.exe.bad
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47d961f9.qua'!
C:\VundoFix Backups\lsqke.exe.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e761f6.qua'!
C:\VundoFix Backups\lxwkr.exe.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ed61fb.qua'!
C:\VundoFix Backups\mstr.exe.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ea61f6.qua'!
C:\VundoFix Backups\mvtesi.exe.bad
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47ea61fa.qua'!
C:\VundoFix Backups\nabi.exe.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d861e5.qua'!
C:\VundoFix Backups\owwm.exe.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46965744.qua'!
C:\VundoFix Backups\oyeoapo.exe.bad
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47db61fe.qua'!
C:\VundoFix Backups\rkydjj.exe.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ef61f0.qua'!
C:\VundoFix Backups\tqoou.exe.bad
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47e561f6.qua'!
C:\VundoFix Backups\uvwmguuw.exe.bad
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47ed61fc.qua'!
C:\VundoFix Backups\xdkm.exe.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e161ea.qua'!
C:\VundoFix Backups\ydmbpfcx.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e361eb.qua'!
C:\VundoFix Backups\yyqdiwj.exe.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e76200.qua'!
C:\VundoFix Backups\zbjyhlx.exe.bad
[DETECTION] Is the Trojan horse TR/Drop.Agent.cry
[INFO] The file was moved to '47e061e9.qua'!
C:\WINDOWS\system32\colwcmiq.exe
[DETECTION] Is the Trojan horse TR/Qhost.aay.1
[INFO] The file was moved to '47e2643d.qua'!
C:\WINDOWS\system32\keaocmxa.exe
[DETECTION] Is the Trojan horse TR/Qhost.aay.1
[INFO] The file was moved to '47d7644c.qua'!
C:\WINDOWS\system32\ntftr.exe
[DETECTION] Is the Trojan horse TR/Qhost.aay.1
[INFO] The file was moved to '47dc646e.qua'!
C:\WINDOWS\system32\oagiub.exe
[DETECTION] Is the Trojan horse TR/Qhost.aay.1
[INFO] The file was moved to '47dd6463.qua'!
C:\WINDOWS\system32\oqbnax.exe
[DETECTION] Is the Trojan horse TR/Qhost.aay.1
[INFO] The file was moved to '47d86475.qua'!
C:\WINDOWS\system32\scwcdkwr.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ed6472.qua'!
C:\WINDOWS\system32\szklor.exe
[DETECTION] Is the Trojan horse TR/Qhost.aay.1
[INFO] The file was moved to '47e1648f.qua'!
C:\WINDOWS\system32\windows
[DETECTION] Is the Trojan horse TR/Zapchast.DT
[INFO] The file was moved to '47e46487.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

End of the scan: samedi 29 décembre 2007 16:14
Used time: 41:33 min

The scan has been done completely.

5532 Scanning directories
144801 Files were scanned
170 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
169 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
144631 Files not concerned
1576 Archives were scanned
2 Warnings
0 Notes

Mais juste pour te dire que je n'ai plus de probleme pour le moment, les fichiers .tmp que j'avait je les ai suprimer et ils ne reviennet plus :).

Merci de ton aide

répondre

naheulbeuk le 29 décembre 2007 à 18h46

comment antivir a mis la paté à avast

post moi un nouveau rapport hijackthis stp

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

répondre

niKsy le 29 décembre 2007 à 20h22

Salut :),

voila le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Soft4Ever\looknstop\_looknstop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6011 bytes

Merci de ton aide

répondre

naheulbeuk le 29 décembre 2007 à 22h09

plus de souci ? bonne soirée :hello:

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

répondre

niKsy le 29 décembre 2007 à 22h23

Nope

Je te remercie

et je met resolu à mon 1er post

Bonne soirée à toi aussi ^^

répondre

naheulbeuk le 29 décembre 2007 à 23h16

Désinstalle et supprime la totalité des programmes que je t'ai fais installé (sauf certains si tu souhaite les garder pour les utiliser régulièrement comme AVG AS, CCleaner...).

Supprime tous les rapports qui sont apparus lors des divers scans

Edite ton premier post avec < inclued picture >

et mets [resolu] devant le titre de ton sujet.

Voici quelques liens pour des conseils en sécurité :

Mon site Web sur la sécurité informatique !
Comment protéger son PC pour éviter d'être infecté ?

Prends le temps de les lire car elles sont très enréchissantes.

Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapport ton infection :

- Voir les règles de Malware-Complaints
- Enregistre sur le forum à partir du bouton register en haut :
Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10&sid=0ea0981a2025873f(...)

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10

au plaisir et bonne soirée :hello:

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

répondre