|
|
Auteur
|
Message
|
1
|
|
|
|
bonjour a tous 
voilà depuis hier matin mon ordi me signale la presence d'un spyware.
mon fond d'ecran a totallement disparu et est remplacé par un fond d'ecran bleu avec le message :
"Warning : spyware threat has been detected on your PC.
Your computer has several fatal errors due to spyware activity.
It is strongly recommended to install an antispyware software to close all security vulnerabilities.
Antispyware software helps protect your PC against spyware and other security threats. "
j'ai dejà fais un nettoyage avec ccleaner ainsi que la purge de restauration du systeme.
que dois-je faire maintenant ?
merci d'avance pour votre aide qui me sera tres tres utile 
-->Message édité par pam70 le 03/07/2008 18:46:44<--
|
|
|
|
|
bonjour,
Télécharge SmitFraudFix
Guide d'utilisation : http://www.site-naheulbeuk.com/smitfraudfix.php
Double clic sur SmitfraudFix.exe pour le lancer
Choisis l'option 1 (Recherche)
Post moi le rapport !
|
|
|
|
|
bonjour naheulbeuk,
j'ai suivi les etapes et voici donc le rapport :
SmitFraudFix v2.328
Rapport fait à 11:43:16,22, 28/06/2008
Executé à partir de C:\Documents and Settings\pamela\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\mrofinu1000106.exe
C:\windows\system32\jjwnw64n.exe
C:\WINDOWS\system32\tcntaxdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WeatherCast\Weather.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\mjc\mjc.exe
C:\Program Files\Sakora\Sakora.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\accesss.exe PRESENT !
C:\WINDOWS\astctl32.ocx PRESENT !
C:\WINDOWS\avpcc.dll PRESENT !
C:\WINDOWS\clrssn.exe PRESENT !
C:\WINDOWS\cpan.dll PRESENT !
C:\WINDOWS\default.htm PRESENT !
C:\WINDOWS\iexplorer.exe PRESENT !
C:\WINDOWS\loader.exe PRESENT !
C:\WINDOWS\mtwirl32.dll PRESENT !
C:\WINDOWS\notepad32.exe PRESENT !
C:\WINDOWS\olehelp.exe PRESENT !
C:\WINDOWS\systeem.exe PRESENT !
C:\WINDOWS\systemcritical.exe PRESENT !
C:\WINDOWS\time.exe PRESENT !
C:\WINDOWS\users32.exe PRESENT !
C:\WINDOWS\waol.exe PRESENT !
C:\WINDOWS\win32e.exe PRESENT !
C:\WINDOWS\win64.exe PRESENT !
C:\WINDOWS\winajbm.dll PRESENT !
C:\WINDOWS\window.exe PRESENT !
C:\WINDOWS\winmgnt.exe PRESENT !
C:\WINDOWS\x.exe PRESENT !
C:\WINDOWS\xplugin.dll PRESENT !
C:\WINDOWS\xxxvideo.hta PRESENT !
C:\WINDOWS\y.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pamela
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pamela\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\pamela\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuyszv.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A5359874-6033-49ED-B128-D5A252B229FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A5359874-6033-49ED-B128-D5A252B229FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A5359874-6033-49ED-B128-D5A252B229FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
|
|
|
|
|
Redémarre en mode sans échec (F8 lors du boot)
Aide : http://www.site-naheulbeuk.com/smitfraudfix.php#nettoyage
Relance SmitfraudFix et choisis cette fois l’option 2 et réponds oui à chaque question
Redémarre en mode normal
Post moi le 2ème rapport !
|
|
|
|
|
voici donc le nouveau rapport obtenu :
SmitFraudFix v2.328
Rapport fait à 12:49:03,38, 28/06/2008
Executé à partir de C:\Documents and Settings\pamela\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\accesss.exe supprimé
C:\WINDOWS\astctl32.ocx supprimé
C:\WINDOWS\avpcc.dll supprimé
C:\WINDOWS\clrssn.exe supprimé
C:\WINDOWS\cpan.dll supprimé
C:\WINDOWS\default.htm supprimé
C:\WINDOWS\iexplorer.exe supprimé
C:\WINDOWS\loader.exe supprimé
C:\WINDOWS\mtwirl32.dll supprimé
C:\WINDOWS\notepad32.exe supprimé
C:\WINDOWS\olehelp.exe supprimé
C:\WINDOWS\systeem.exe supprimé
C:\WINDOWS\systemcritical.exe supprimé
C:\WINDOWS\time.exe supprimé
C:\WINDOWS\users32.exe supprimé
C:\WINDOWS\waol.exe supprimé
C:\WINDOWS\win32e.exe supprimé
C:\WINDOWS\win64.exe supprimé
C:\WINDOWS\winajbm.dll supprimé
C:\WINDOWS\window.exe supprimé
C:\WINDOWS\winmgnt.exe supprimé
C:\WINDOWS\x.exe supprimé
C:\WINDOWS\xplugin.dll supprimé
C:\WINDOWS\xxxvideo.hta supprimé
C:\WINDOWS\y.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A5359874-6033-49ED-B128-D5A252B229FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A5359874-6033-49ED-B128-D5A252B229FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A5359874-6033-49ED-B128-D5A252B229FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\default.htm supprimé
C:\WINDOWS\iexplorer.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Fin
|
|
|
|
|
Télécharge ComboFix (créé par sUBs) sur ton Bureau
Démarre en mode sans échec : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
ComboFix redémarrera ton PC
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
|
|
|
|
|
impossible de telecharger combofix :
voici le message que je reçois :
"ERREUR
you cannot rename Combofix as Combofix (1)
please use another name, preferbaly made up of alphanumeric characters "
|
|
|
|
|
|
quand tu l'enregistre, renomme-le "combofix"
|
|
|
|
|
merci pour la precision pour combofix
sinon voici le rapport une fois passé par combofix :
ComboFix 08-06-20.4 - pamela 2008-06-28 14:34:56.2 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\pamela\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\kmlhrvio.ini
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\OUtDKRqr.ini
C:\WINDOWS\system32\OUtDKRqr.ini2
C:\WINDOWS\system32\rqRKDtUO.dll
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\tcntaxdm.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
.
---- Previous Run -------
.
C:\Program Files\inetget2
C:\Program Files\Spcron
C:\Program Files\Spcron\Spc.dll
C:\Program Files\SpyMaxx
C:\Program Files\SpyMaxx\ignoreregbase.bin
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_13.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_18.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_20.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_21.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_22.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_24.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_25.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_26.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_27.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_28.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_51.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_54.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_57.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_58.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_21_59.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_00.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_01.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_02.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_46.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_48.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_49.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_51.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_52.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_53.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_54.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_55.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_56.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_57.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_58.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_22_59.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_00.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_01.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_02.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_04.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_06.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_07.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_08.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_09.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_10.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_11.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_12.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_13.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_14.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_16.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_17.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_18.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_19.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_20.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_21.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_22.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_24.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_25.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_27.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_28.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_29.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_30.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_31.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_32.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_34.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_23_49.log
C:\Program Files\SpyMaxx\logs\06.27.08_10_25_29.log
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST
C:\Program Files\SpyMaxx\stat.bin
C:\Program Files\SpyMaxx\uninstall.exe
C:\Program Files\SpyMaxx\uninstall.log
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\BM1f0136ac.xml
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\g15.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\kkmnnnpo.ini
C:\WINDOWS\system32\kkmnnnpo.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\ncntkkdm.exe
C:\WINDOWS\system32\opnnnmkk.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qvqspsmc.ini
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\tcntaxdm.exe
C:\WINDOWS\system32\vwpxuukc.ini
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-28 ))))))))))))))))))))))))))))))))))))
.
2008-06-28 14:23 . 2008-06-28 14:23 86,528 --a------ C:\WINDOWS\system32\oivrhlmk.dll
2008-06-28 14:21 . 2008-06-28 14:21 104,960 --a------ C:\WINDOWS\system32\owlicpvt.dll
2008-06-28 14:21 . 2008-06-28 14:21 104,960 --a------ C:\WINDOWS\system32\khyhvx.dll
2008-06-28 14:20 . 2008-06-28 14:20 94,208 --a------ C:\WINDOWS\system32\tqcbvivv.dll
2008-06-28 14:20 . 2008-06-28 14:20 25,520 --a------ C:\WINDOWS\system32\byXRhFYs.dll
2008-06-28 14:15 . 2008-06-28 14:15 294 ---hs---- C:\WINDOWS\system32\qvqspsmc.ini
2008-06-28 14:15 . 2008-06-28 14:15 0 --a------ C:\WINDOWS\BM1f0136ac.xml
2008-06-28 11:43 . 2008-06-28 12:49 3,270 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-28 11:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-28 11:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-28 11:42 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-28 11:42 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-28 11:42 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-28 11:42 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-28 11:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-28 11:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-28 11:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-28 10:19 . 2008-06-28 10:19 <REP> d-------- C:\Program Files\Sakora
2008-06-28 10:09 . 2008-06-28 10:09 <REP> d-------- C:\Program Files\mjc
2008-06-28 10:06 . 2008-06-28 10:06 49,187 --a------ C:\WINDOWS\system32\jjwnw64n.exe
2008-06-27 23:00 . 2008-06-27 23:00 63,918 --a------ C:\WINDOWS\system32\{7c09b235-e098-34e8-a9c4-886218880a2c}.dll-uninst.exe
2008-06-27 21:06 . 2008-06-27 21:06 104,960 --a------ C:\WINDOWS\system32\zagngk.dll
2008-06-27 21:06 . 2008-06-27 21:06 104,960 --a------ C:\WINDOWS\system32\hpfvsvnk.dll
2008-06-27 21:06 . 2008-06-27 21:06 94,208 --a------ C:\WINDOWS\system32\cusrtjni.dll
2008-06-27 17:12 . 2008-06-27 17:12 <REP> d-------- C:\Program Files\CCleaner
2008-06-27 16:54 . 2008-06-27 17:00 <REP> d-------- C:\fixwareout
2008-06-27 14:33 . 2008-06-28 10:05 <REP> d-------- C:\Program Files\Registry Defender Platinum
2008-06-27 10:37 . 2008-06-27 10:40 349,716 --a------ C:\Program Files\uninstall.exe
2008-06-27 08:59 . 2008-06-27 08:59 41,984 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-06-27 08:58 . 2008-06-27 08:59 <REP> d-------- C:\WINDOWS\system32\yrt
2008-06-27 08:58 . 2008-06-27 08:58 <REP> d-------- C:\WINDOWS\system32\rov
2008-06-27 08:58 . 2008-06-27 08:58 <REP> d-------- C:\WINDOWS\system32\pRI
2008-06-27 08:58 . 2008-06-27 08:58 <REP> d-------- C:\WINDOWS\system32\modtrux05
2008-06-27 08:58 . 2008-06-27 08:58 <REP> d-------- C:\Temp\syschk3
2008-06-27 08:58 . 2008-06-28 14:08 <REP> d-------- C:\Temp
2008-06-27 08:58 . 2008-06-27 08:58 173,065 --a------ C:\Temp\swterm4.exe
2008-06-27 08:58 . 2008-06-27 08:58 41,984 --a------ C:\WINDOWS\mrofinu1188.exe
2008-06-27 08:58 . 2008-06-27 08:58 34,304 --a------ C:\WINDOWS\system32\ddcDtQIY.dll
2008-06-25 17:47 . 2008-06-25 14:47 41,984 --a------ C:\WINDOWS\b156.exe
2008-06-20 05:40 . 2008-06-20 05:40 90,073 --a------ C:\WINDOWS\system32\iftuyszv.exe
2008-06-13 16:05 . 2008-06-13 13:05 95,232 --a------ C:\WINDOWS\b152.exe
2008-06-11 15:01 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:01 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 20:02 . 2008-06-10 20:03 <REP> d-------- C:\Program Files\VVSN
2008-06-02 10:18 . 2008-06-02 10:18 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-06-02 10:18 . 2008-06-02 10:18 <REP> d-------- C:\Program Files\InstallShield Installation Information
2008-06-02 10:18 . 2008-06-02 10:18 <REP> d-------- C:\Program Files\Bonjour
2008-06-02 10:17 . 2008-06-02 10:18 <REP> d-------- C:\Program Files\QuickTime
2008-06-02 10:17 . 2008-06-02 10:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-02 10:16 . 2008-06-02 10:16 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2008-06-02 10:15 . 2008-06-02 10:15 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
2008-06-02 10:07 . 2004-08-19 16:09 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-02 10:07 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-02 10:07 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-02 10:07 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 11:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-27 08:40 67 ----a-w C:\Program Files\uninstall.log
2008-06-21 17:08 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-02 08:16 --------- d-----w C:\Program Files\Kodak
2008-05-12 10:43 68,096 ----a-w C:\WINDOWS\b155.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 13:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-07 12:42 --------- d-----w C:\Program Files\speed-bit
2008-05-07 06:29 --------- d-----w C:\Program Files\Save
2008-05-06 13:20 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-06 13:08 --------- d-----w C:\Program Files\NeroInstall.bak
2008-05-06 13:06 --------- d-----w C:\Documents and Settings\pamela\Application Data\Nero
2008-05-06 13:03 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-05-06 13:00 --------- d-----w C:\Program Files\Nero
2008-05-06 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-06 12:41 --------- d-----w C:\Program Files\Alwil Software
2008-05-06 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64B74A5E-6EFF-43BE-BB8C-9CBC72B60CB8}]
2008-06-27 08:58 34304 --a------ C:\WINDOWS\system32\ddcDtQIY.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9f1bbdca-ff93-43a8-b372-fcfd3fb45c3b}]
2008-06-28 14:21 104960 --a------ C:\WINDOWS\system32\khyhvx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4d5c52f-fb29-2e5a-301f-dc3877c2aee7}]
2008-05-27 15:44 370176 --a------ C:\WINDOWS\system32\{7c09b235-e098-34e8-a9c4-886218880a2c}.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-11 18:21 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"WeatherCast"="C:\Program Files\WeatherCast\Weather.exe" [2004-02-19 11:17 132096]
"WhenUSave"="C:\Program Files\Save\Save.exe" [ ]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 12:58 206184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"mjc"="C:\Program Files\mjc\mjc.exe" [2008-06-28 10:09 145408]
"Sakora"="C:\Program Files\Sakora\Sakora.exe" [2008-06-28 10:19 26624]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl,CMICtrlWnd" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-02 10:18 155648]
"{20-05-59-9F-DW}"="c:\windows\system32\rwwnw64d.exe" [ ]
"{d3947f7e-caff-95c5-6c25-f26e904e8730}"="C:\WINDOWS\system32\{7c09b235-e098-34e8-a9c4-886218880a2c}.dll" [2008-05-27 15:44 370176]
"BM1f0136ac"="C:\WINDOWS\system32\tqcbvivv.dll" [2008-06-28 14:20 94208]
"1c320530"="C:\WINDOWS\system32\oivrhlmk.dll" [2008-06-28 14:23 86528]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-19 16:10 160768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{64B74A5E-6EFF-43BE-BB8C-9CBC72B60CB8}"= C:\WINDOWS\system32\ddcDtQIY.dll [2008-06-27 08:58 34304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDtQIY]
ddcDtQIY.dll 2008-06-27 08:58 34304 C:\WINDOWS\system32\ddcDtQIY.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f56523-01a9-11dd-ba22-000f2f000a55}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 14:39:59
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ddcDtQIY.dll
.
Temps d'accomplissement: 2008-06-28 14:43:06 - machine was rebooted [pamela]
ComboFix-quarantined-files.txt 2008-06-28 12:43:00
Pre-Run: 243,184,984,064 octets libres
Post-Run: 243,181,502,464 octets libres
365 --- E O F --- 2008-06-28 12:18:41
l'ordi a été tres tres long
et impossible d'acceder à hijackthis 
|
|
|
|
|
re, t'as une belle infection vundo 
Passe un coup de MalwareBytes (scan complet) et nettoie tout ce qu'il trouve
Aide : http://www.site-naheulbeuk.com/malwarebytes.php
Post moi le rapport généré à la fin dans ta prochaine réponse
|
|
|
|
|
ah ouai? a ce point là?:lol:
ça ne m'etonne pas , j'ai pas de chance en ce moment 
je te fais ça de suite
|
|
|
|
|
voici le rapport de malwareBytes :
Malwarebytes' Anti-Malware 1.18
Version de la base de données: 897
15:27:50 28/06/2008
mbam-log-6-28-2008 (15-27-50).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 57406
Temps écoulé: 14 minute(s), 27 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 37
Processus mémoire infecté(s):
C:\Program Files\mjc\mjc.exe (Adware.MJC) -> Unloaded process successfully.
C:\Program Files\Sakora\Sakora.exe (Trojan.Agent) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\oivrhlmk.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\{7c09b235-e098-34e8-a9c4-886218880a2c}.dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\system32\ddcDtQIY.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f4d5c52f-fb29-2e5a-301f-dc3877c2aee7} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4d5c52f-fb29-2e5a-301f-dc3877c2aee7} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{64b74a5e-6eff-43be-bb8c-9cbc72b60cb8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64b74a5e-6eff-43be-bb8c-9cbc72b60cb8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcdtqiy (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1c320530 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mjc (Adware.MJC) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sakora (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{d3947f7e-caff-95c5-6c25-f26e904e8730} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM1f0136ac (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{64b74a5e-6eff-43be-bb8c-9cbc72b60cb8} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux05 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Sakora (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\mjc (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\oivrhlmk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kmlhrvio.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\mjc\mjc.exe (Adware.MJC) -> Quarantined and deleted successfully.
C:\Program Files\Sakora\Sakora.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Save\ACM.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Spcron\Spc.dll.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ncntkkdm.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tcntaxdm.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0BE982B9-1ECB-4A68-A19D-2A5F69965B33}\RP141\A0105526.dll (Adware.Vapsup) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0BE982B9-1ECB-4A68-A19D-2A5F69965B33}\RP142\A0107647.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0BE982B9-1ECB-4A68-A19D-2A5F69965B33}\RP142\A0107656.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0BE982B9-1ECB-4A68-A19D-2A5F69965B33}\RP142\A0107707.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0BE982B9-1ECB-4A68-A19D-2A5F69965B33}\RP142\A0107708.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0BE982B9-1ECB-4A68-A19D-2A5F69965B33}\RP144\A0107787.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0BE982B9-1ECB-4A68-A19D-2A5F69965B33}\RP144\A0107832.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\b152.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\b155.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\b156.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1000106.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1188.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjwnw64n.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux05\modtrux051080.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pRI\kscomdll3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rov\dragGLL1.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\SaveUninst.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\saveupdate.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{7c09b235-e098-34e8-a9c4-886218880a2c}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{7c09b235-e098-34e8-a9c4-886218880a2c}.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tqcbvivv.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ddcDtQIY.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\byXRhFYs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
|
|
|
|
|
Télécharge HijackThis
Guide d'utilisation : http://www.site-naheulbeuk.com/hijackthis.php
Clique alors sur "Do a system scan and save a logfile"
Le scan se fait très rapidement, puis un bloc-note apparaît
(le "logfile")
Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
le texte est alors séléctionné, retourne dans "Edition" toujours
en laissant le texte séléctionné, et clique sur copier.
Colle le contenu ici dans ta prochaine réponse !
|
|
|
|
|
ça y es c'est fait
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:33, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WeatherCast\Weather.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\pamela\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - (no file)
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {b3c54bf3-dfcf-273b-8a34-39ffacdbb1f9} - {9f1bbdca-ff93-43a8-b372-fcfd3fb45c3b} - C:\WINDOWS\system32\khyhvx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{20-05-59-9F-DW}] c:\windows\system32\rwwnw64d.exe DWram1
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather.exe" /q
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntaxdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 7759 bytes
|
|
|
|
|
Avast! est loin de ce que l'on a fait de mieux en matière de protection, voir ce lien pour plus d'informations : http://forum.malekal.com/ftopic3123.php
Mais clairement, Antivir est beaucoup plus performant, c'est pourquoi, je te conseille TRES VIVEMENT de désinstaller Avast! et installer Antivir à la place : http://www.site-naheulbeuk.com/antivir.php
- Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
- Assure toi qu'Antivir est bien à jour, vérifie la date d'update.
-- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.
Redémarre en mode normal.
Poste le rapport ici.
bonne soirée
|
|
|
|
|
donc j'ai enlevé avast et installer antivir sans pb
voici donc le rapport :
Avira AntiVir Personal
Report file date: samedi 28 juin 2008 21:15
Scanning for 1365960 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: pamela
Computer name: DEHEDIN-357B932
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 19:05:27
ANTIVIR2.VDF : 7.0.5.2 2048 Bytes 24/06/2008 19:05:28
ANTIVIR3.VDF : 7.0.5.18 109568 Bytes 28/06/2008 19:05:33
Engineversion : 8.1.0.59
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.44 278907 Bytes 28/06/2008 19:06:30
AESCN.DLL : 8.1.0.22 119157 Bytes 28/06/2008 19:06:26
AERDL.DLL : 8.1.0.20 418165 Bytes 28/06/2008 19:06:22
AEPACK.DLL : 8.1.1.6 364918 Bytes 28/06/2008 19:06:16
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 28/06/2008 19:06:10
AEHEUR.DLL : 8.1.0.32 1274231 Bytes 28/06/2008 19:06:07
AEHELP.DLL : 8.1.0.15 115063 Bytes 28/06/2008 19:05:46
AEGEN.DLL : 8.1.0.29 307573 Bytes 28/06/2008 19:05:45
AEEMU.DLL : 8.1.0.6 430451 Bytes 28/06/2008 19:05:40
AECORE.DLL : 8.1.0.31 168310 Bytes 28/06/2008 19:05:36
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 28 juin 2008 21:15
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '30' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\Program Files\SpyMaxx\uninstall.exe.vir
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Spyaway.P.4
[NOTE] The file was moved to '48cf9328.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\g15.exe.vir
[DETECTION] Contains detection pattern of the dropper DR/Gooochi
[NOTE] The file was moved to '489b92f1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\opnnnmkk.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48d49335.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rqRKDtUO.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48b89339.qua'!
C:\WINDOWS\system32\hpfvsvnk.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48cc94e1.qua'!
C:\WINDOWS\system32\khyhvx.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48df94e3.qua'!
C:\WINDOWS\system32\owlicpvt.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48d2950d.qua'!
C:\WINDOWS\system32\zagngk.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48cd951b.qua'!
End of the scan: samedi 28 juin 2008 21:47
Used time: 32:03 min
The scan has been done completely.
3270 Scanning directories
69382 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
8 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
69374 Files not concerned
564 Archives were scanned
1 Warnings
8 Notes
bonne soirée aussi
|
|
|
|
|
|
post moi un nouveau rapport hijackthis je te prie
|
|
|
| |
