Sujet Précédent Sujet Suivant

Problème multiples et persistants. (virus)

safiainwonderland Messages postés 35 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
Je commencerais par vous dire merci d'avance et pardon si je n'ai pas posté le topic au bon endroit. J'ai, depuis quelque temps, changé de navigateur. Mozilla Firefox, qui m'avait toujours suivie, est devenu horriblement lent et buggait tout le temps. Je n'ai en aucun cas compris pourquoi du jour au lendemain le browser s'est mis à faire des siennes. J'ai donc fouillé sur quelques forums. J'ai cru comprendre qu'un malware s’était certainement attaché à Mozilla. Pourtant, mon ordinateur n'en a détecté aucun. J'ai abandonné et télécharger Opéra. Tout va bien, mais ce navigateur ne me convien pas vraiment, niveau forum, il est très lent et je dois souvent rafraichir la page, je vais donc poster sur IE. C'était mon premier problème.

Deuxièmement, à chaque fois que je démarre le PC, 2 messages d'erreur s'affichent. « Error loading C:\WINDOWS\Bcakitivu.dll. The specified module could not be found. » et « Error loading C:\WINDOWS\system32\hamohive.dll. The specified module could not be found. » Je ne sais pas ce que ça signifie. Par contre, depuis que ces messages apparaissent, mon ordinateur gèle à tous les démarrages. Parfois à un point tel que je dois le redémarrer automatiquement et que la souris fige sur l'écran, tout ça accompagné d'un bip d'erreur.

Le troisième et le plus important des problèmes. Depuis environ une ou deux semaines, deux à trois fois par jour, un message d'erreur apparait m'expliquant brièvement que NT system à demandé le redémarrage du système, et que je dois en quelques 60 secondes enregistrées mes documents. J'ai encore une fois fait quelques recherches, j'en ai conclu que j'ai un Blaster Worm. Pourtant, l'application qui est censée le trouver et l'éradiquer n'en trouve aucun. Je ne peux pas prévenir ce popup, ni l'empêcher et nous sommes trois à nous partager le PC.

À noter que l'ordinateur allait parfaitement bien. Je sais que c'est beaucoup de problèmes, mais j'ai vraiment besoin d'aide. Merci beaucoup.

(j'ai fait un printscreen des erreurs.)
http://img98.imageshack.us/img98/7396/erreurxs5.jpg
A voir également:

67 réponses

Précédent
Réponse 21 / 67
safiainwonderland Messages postés 35 Statut Membre
 
Logfile of random's system information tool 1.05 (written by random/random)
Run by Admin at 2009-01-27 03:27:57
Microsoft Windows XP Professional Service Pack 2
System drive C: has 704 MB (9%) free of 8 GB
Total RAM: 991 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:27:58, on 2009-01-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\6J2F4TOJ\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] E:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKUS\S-1-5-19\..\Run: [fegajakoko] Rundll32.exe "C:\WINDOWS\system32\lahesumo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [fegajakoko] Rundll32.exe "C:\WINDOWS\system32\lahesumo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 22 / 67
Utilisateur anonyme
 
Re,

Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

--->Je te conseil d'installer la console de récupération.(Voir le tutoriel).

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 23 / 67
safiainwonderland Messages postés 35 Statut Membre
 
ComboFix 09-01-21.04 - Admin 2009-01-27 3:44:32.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.629 [GMT -8:00]
Running from: c:\documents and settings\Admin\Desktop\C-Fix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Admin\LOCALS~1\Temp\tmp1.tmp
c:\windows\esevateb.dll
c:\windows\system32\998.exe
c:\windows\system32\abovituw.ini
c:\windows\system32\adoteneg.ini
c:\windows\system32\aglsef.dll
c:\windows\system32\ampgca.dll
c:\windows\system32\apajogek.ini
c:\windows\system32\aretipum.ini
c:\windows\system32\atajopam.ini
c:\windows\system32\aucemy.dll
c:\windows\system32\awivfj.dll
c:\windows\system32\baliteta.dll.tmp
c:\windows\system32\buhosazu.dll
c:\windows\system32\buvujano.dll
c:\windows\system32\cfxnqi.dll
c:\windows\system32\cpjwbr.dll
c:\windows\system32\dedezaye.dll
c:\windows\system32\dewezuwa.dll
c:\windows\system32\eeehNUvw.ini
c:\windows\system32\eeehNUvw.ini2
c:\windows\system32\egudegan.ini
c:\windows\system32\ehulejuw.ini
c:\windows\system32\eiwwfi.dll
c:\windows\system32\epymok.dll
c:\windows\system32\ervugl.dll
c:\windows\system32\evihomah.ini
c:\windows\system32\feyimupa.dll.tmp
c:\windows\system32\fivemewe.dll.tmp
c:\windows\system32\ganizoni.dll.tmp
c:\windows\system32\harizepu.dll.tmp
c:\windows\system32\hilemebu.dll
c:\windows\system32\hofofazo.dll.tmp
c:\windows\system32\hogumana.dll
c:\windows\system32\hohokaza.dll.tmp
c:\windows\system32\hujepaka.dll
c:\windows\system32\idwrgk.dll
c:\windows\system32\ifenalob.ini
c:\windows\system32\ijazatub.ini
c:\windows\system32\imitopam.ini
c:\windows\system32\jawegafa.dll
c:\windows\system32\jaweruwu.dll.tmp
c:\windows\system32\jevaziji.dll
c:\windows\system32\jisagoyi.dll.tmp
c:\windows\system32\jlilfw.dll
c:\windows\system32\jofopobu.dll
c:\windows\system32\kivepizu.dll
c:\windows\system32\korozupa.dll.tmp
c:\windows\system32\kosuyapu.dll
c:\windows\system32\kumiberu.dll
c:\windows\system32\lafegana.dll.tmp
c:\windows\system32\lipewedi.dll
c:\windows\system32\ljjkpc.dll
c:\windows\system32\lunegogu.dll.tmp
c:\windows\system32\mayosare.dll
c:\windows\system32\mctvdz.dll
c:\windows\system32\mikasova.dll
c:\windows\system32\muyasera.dll.tmp
c:\windows\system32\ohupoped.ini
c:\windows\system32\olafuruz.ini
c:\windows\system32\opitogaf.ini
c:\windows\system32\opususir.ini
c:\windows\system32\owukobud.ini
c:\windows\system32\oyopesof.ini
c:\windows\system32\pabipihe.dll
c:\windows\system32\pedabara.dll
c:\windows\system32\popeyuwi.dll
c:\windows\system32\qffvot.dll
c:\windows\system32\qlmjwp.dll
c:\windows\system32\rahuguzi.dll.tmp
c:\windows\system32\rijavuza.dll
c:\windows\system32\robenala.dll
c:\windows\system32\romarete.dll
c:\windows\system32\ruyopaku.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekamtnbsmbp.dat
c:\windows\system32\tahilato.dll
c:\windows\system32\tayufazu.dll
c:\windows\system32\tijawani.dll
c:\windows\system32\tipiyipo.dll
c:\windows\system32\titewiko.dll
c:\windows\system32\tjbdbk.dll
c:\windows\system32\tywxcsxa.ini
c:\windows\system32\ubogesiv.ini
c:\windows\system32\ufolahen.ini
c:\windows\system32\ugijarot.ini
c:\windows\system32\ujekikaw.ini
c:\windows\system32\ulifahom.ini
c:\windows\system32\urelizud.ini
c:\windows\system32\uritejoz.ini
c:\windows\system32\utigadur.ini
c:\windows\system32\uvabiwaz.ini
c:\windows\system32\uzifaguf.ini
c:\windows\system32\veuaga.dll
c:\windows\system32\vifapira.dll
c:\windows\system32\vihegawu.dll
c:\windows\system32\weyokupi.dll
c:\windows\system32\wifufulu.dll
c:\windows\system32\xzibnf.dll
c:\windows\system32\yagepodo.dll.tmp
c:\windows\system32\yelizepu.dll
c:\windows\system32\yfmqyo.dll
c:\windows\system32\ytywud.dll
c:\windows\system32\yubihimo.dll
c:\windows\system32\yusawafa.dll
c:\windows\system32\yvdpvd.dll
c:\windows\system32\zajeyema.dll
c:\windows\system32\zaworido.dll
c:\windows\system32\zefizapu.dll.tmp
c:\windows\system32\zifewiba.dll.tmp
c:\windows\system32\zimuworo.dll.tmp
c:\windows\system32\zinudemi.dll
c:\windows\Tasks\fketwvln.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka

((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.

2009-01-27 03:25 . 2009-01-27 03:26 <DIR> d----c--- C:\rsit
2009-01-27 03:23 . 2009-01-27 03:49 176,160 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-27 03:23 . 2009-01-27 03:47 5,180 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-27 02:10 . 2009-01-27 02:41 <DIR> d----c--- C:\ToolBar SD
2009-01-25 11:50 . 2009-01-25 11:50 <DIR> d-------- c:\documents and settings\Admin\DoctorWeb
2009-01-23 23:51 . 2009-01-23 23:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-01-23 23:51 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe
2009-01-23 23:51 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
2009-01-23 23:51 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
2009-01-23 23:51 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
2009-01-23 23:51 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
2009-01-23 23:51 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2009-01-23 23:51 . 2009-01-23 23:53 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-01-23 23:50 . 2009-01-23 23:51 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-01-23 23:50 . 2009-01-27 03:42 <DIR> d-------- c:\windows\Internet Logs
2009-01-23 23:50 . 2009-01-23 23:50 <DIR> d-------- c:\program files\Zone Labs
2009-01-23 23:50 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll
2009-01-23 23:50 . 2009-01-27 03:48 358,382 --a------ c:\windows\system32\vsconfig.xml
2009-01-21 06:39 . 2009-01-21 06:39 2,098 ---hs---- c:\windows\system32\sazukojo.dll
2009-01-20 23:19 . 2009-01-20 23:20 <DIR> d-------- c:\program files\PhotoFiltre
2009-01-20 02:52 . 2009-01-20 02:52 2,098 ---hs---- c:\windows\system32\ravebavi.dll
2009-01-18 03:54 . 2009-01-18 03:54 <DIR> d-------- c:\documents and settings\Admin\Application Data\DAEMON Tools Pro
2009-01-18 03:54 . 2009-01-18 03:54 <DIR> d-------- c:\documents and settings\Admin\Application Data\DAEMON Tools
2009-01-18 03:53 . 2009-01-18 03:53 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-01-18 03:53 . 2009-01-18 03:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-18 03:49 . 2009-01-18 03:55 <DIR> d-------- c:\documents and settings\Admin\Application Data\DAEMON Tools Lite
2009-01-18 03:49 . 2009-01-18 03:49 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-16 10:24 . 2009-01-16 10:24 2,098 ---hs---- c:\windows\system32\sosilore.dll
2009-01-15 03:00 . 2009-01-15 03:01 <DIR> d-------- c:\program files\Vuze
2009-01-14 16:51 . 2009-01-14 16:51 <DIR> d----c--- C:\New Folder
2009-01-12 23:59 . 2009-01-12 23:59 <DIR> d-------- c:\documents and settings\Admin\Application Data\3M
2009-01-08 18:37 . 2009-01-08 18:37 <DIR> d-------- c:\windows\Applian FLV Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 10:07 --------- d-----w c:\program files\Common Files\Adobe
2009-01-25 08:34 --------- d-----w c:\documents and settings\Admin\Application Data\OpenOffice.org2
2009-01-24 07:08 --------- d-----w c:\documents and settings\Admin\Application Data\Azureus
2009-01-23 09:29 --------- d-----w c:\documents and settings\Admin\Application Data\LimeWire
2009-01-15 09:57 --------- d-----w c:\documents and settings\Admin\Application Data\ImgBurn
2009-01-15 00:35 --------- d-----w c:\program files\SystemRequirementsLab
2009-01-15 00:15 --------- d-----w c:\documents and settings\Admin\Application Data\SystemRequirementsLab
2009-01-15 00:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 00:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-11 10:16 --------- d-----w c:\program files\Opera
2008-12-14 13:26 --------- d-----w c:\documents and settings\Admin\Application Data\Malwarebytes
2008-12-14 13:25 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-05-15 16:25 10,313,216 -c--a-w c:\program files\CJA510EN.exe
2008-11-12 23:09 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163,328 -csha-r c:\windows\system32\flvDX.dll
2004-01-01 08:03 133,337 --sha-w c:\windows\system32\hafurive.dll
2007-02-21 11:47 31,232 -csha-r c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 -csha-w c:\windows\system32\Smab0.dll
2004-01-01 08:03 101,126 --sha-w c:\windows\system32\vetajume.dll
2004-01-01 08:03 133,337 --sha-w c:\windows\system32\yoxtqs.dll
.

((((((((((((((((((((((((((((( snapshot_2009-01-21_ 3.09.18,96 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 16:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 16:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2009-01-27 11:38:44 17,326 ----a-w c:\windows\setupupd\dudrvs\4803924\hwcomp.dat
+ 2002-12-18 22:42:54 76,544 ----a-w c:\windows\setupupd\dudrvs\4803924\viaudio.sys
+ 2001-07-15 01:32:24 69,632 ----a-w c:\windows\setupupd\temp\wsdueng.dll
- 2009-01-10 19:01:25 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-27 11:11:00 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-10 19:01:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-27 11:11:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-27 11:48:51 16,384 ----atw c:\windows\system32\config\systemprofile\Local Settings\temp\Perflib_Perfdata_77c.dat
- 2009-01-10 19:01:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-27 11:11:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-29 14:10:51 2,512 -c--a-w c:\windows\system32\d3d9caps.dat
+ 2009-01-25 16:15:51 2,512 ----a-w c:\windows\system32\d3d9caps.dat
+ 2007-07-19 23:10:28 127,768 ----a-w c:\windows\system32\drivers\klif.sys
+ 2008-07-09 17:05:08 796,048 ----a-w c:\windows\system32\libeay32_0.9.6l.dll
+ 2008-07-09 17:05:10 83,432 ----a-w c:\windows\system32\vsdata.dll
+ 2008-07-09 17:05:22 394,952 ----a-w c:\windows\system32\vsdatant.sys
+ 2008-07-09 17:05:10 157,160 ----a-w c:\windows\system32\vsinit.dll
+ 2008-07-09 17:05:10 103,912 ----a-w c:\windows\system32\vsmonapi.dll
+ 2008-07-09 17:05:10 275,944 ----a-w c:\windows\system32\vspubapi.dll
+ 2008-07-09 17:05:10 71,144 ----a-w c:\windows\system32\vsregexp.dll
+ 2008-07-09 17:05:12 472,552 ----a-w c:\windows\system32\vsutil.dll
+ 2008-07-09 17:05:12 46,568 ----a-w c:\windows\system32\vswmi.dll
+ 2008-07-09 17:05:12 99,816 ----a-w c:\windows\system32\vsxml.dll
+ 2008-07-09 17:05:12 83,432 ----a-w c:\windows\system32\zlcomm.dll
+ 2008-07-09 17:05:12 71,144 ----a-w c:\windows\system32\zlcommdb.dll
+ 2008-07-09 17:05:06 370,208 ----a-w c:\windows\system32\ZoneLabs\av.dll
+ 2008-07-09 17:05:36 26,000 ----a-w c:\windows\system32\ZoneLabs\av_loc040c.dll
+ 2007-05-31 08:03:30 65,248 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 22:47:36 21,568 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-31 08:03:30 1,628 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\pdmkl.dat
+ 2007-05-31 08:03:16 77,824 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 08:03:16 110,592 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 08:03:16 331,776 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 08:03:16 38,400 ----a-w c:\windows\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-20 07:12:14 208,960 ----a-w c:\windows\system32\ZoneLabs\avsys\inv.dll
+ 2007-12-03 22:53:58 282,624 ----a-w c:\windows\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-20 02:13:52 1,093,632 ----a-w c:\windows\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-31 08:03:20 548,864 ----a-w c:\windows\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 08:03:20 626,688 ----a-w c:\windows\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 08:03:18 184,320 ----a-w c:\windows\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 08:03:22 90,112 ----a-w c:\windows\system32\ZoneLabs\avsys\prremote.dll
+ 2007-12-03 22:53:58 139,264 ----a-w c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-20 02:13:52 200,704 ----a-w c:\windows\system32\ZoneLabs\avsys\ssleay32.dll
+ 2008-07-09 17:05:06 99,816 ----a-w c:\windows\system32\ZoneLabs\camupd.dll
+ 2008-07-09 17:05:36 17,808 ----a-w c:\windows\system32\ZoneLabs\camupd_loc040c.dll
+ 2004-01-30 20:35:08 813,568 ----a-w c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2008-07-09 17:05:08 128,480 ----a-w c:\windows\system32\ZoneLabs\fbl.dll
+ 2008-07-09 17:05:08 38,376 ----a-w c:\windows\system32\ZoneLabs\featuremap.dll
+ 2008-07-09 17:05:08 321,016 ----a-w c:\windows\system32\ZoneLabs\imsecure.dll
+ 2008-07-09 17:05:42 26,000 ----a-w c:\windows\system32\ZoneLabs\imsecure_loc040c.dll
+ 2008-07-09 17:05:38 288,144 ----a-w c:\windows\system32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll
+ 2008-07-09 17:05:42 152,976 ----a-w c:\windows\system32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll
+ 2008-07-09 17:05:24 26,000 ----a-w c:\windows\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-07-09 17:05:24 1,361,296 ----a-w c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-07-09 17:05:24 71,056 ----a-w c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-07-09 17:06:26 30,184 ----a-w c:\windows\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2008-07-09 17:06:26 30,216 ----a-w c:\windows\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2008-02-27 11:10:26 714,208 ----a-w c:\windows\system32\ZoneLabs\qrbase.dll
+ 2008-02-27 11:10:28 792,032 ----a-w c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2008-07-09 17:05:08 173,544 ----a-w c:\windows\system32\ZoneLabs\scheduler.dll
+ 2008-07-09 17:05:44 17,808 ----a-w c:\windows\system32\ZoneLabs\scheduler_loc040c.dll
+ 2008-01-21 16:34:36 7,603,688 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
+ 2008-02-27 11:10:32 1,504,736 ----a-w c:\windows\system32\ZoneLabs\srescan.dll
+ 2008-02-27 11:10:44 51,176 ----a-w c:\windows\system32\ZoneLabs\srescan.sys
+ 2008-07-09 17:05:10 456,168 ----a-w c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2008-07-09 17:06:26 214,528 ----a-w c:\windows\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2008-07-09 17:06:30 3,266,040 ----a-w c:\windows\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2008-07-09 17:05:42 26,000 ----a-w c:\windows\system32\ZoneLabs\streamapi\imslsp\imslsp_loc040c.dll
+ 2006-09-05 04:59:14 503,875 ----a-w c:\windows\system32\ZoneLabs\upd_core.dll
+ 2007-10-12 00:50:32 832,984 ----a-w c:\windows\system32\ZoneLabs\updating.dll
+ 2008-07-09 17:05:18 144,936 ----a-w c:\windows\system32\ZoneLabs\updclient.exe
+ 2008-07-09 17:05:44 75,152 ----a-w c:\windows\system32\ZoneLabs\updClient_loc040c.dll
+ 2007-01-12 01:31:06 286,787 ----a-w c:\windows\system32\ZoneLabs\updtrsdk.dll
+ 2008-07-09 17:05:10 108,008 ----a-w c:\windows\system32\ZoneLabs\vsavpro.dll
+ 2008-07-09 17:05:10 83,432 ----a-w c:\windows\system32\ZoneLabs\vsdb.dll
+ 2008-07-09 17:05:44 17,808 ----a-w c:\windows\system32\ZoneLabs\vsdb_loc040c.dll
+ 2008-07-09 17:05:18 75,304 ----a-w c:\windows\system32\ZoneLabs\vsmon.exe
+ 2008-07-09 17:05:44 46,480 ----a-w c:\windows\system32\ZoneLabs\vsmon_loc040c.dll
+ 2008-07-09 17:05:10 2,029,032 ----a-w c:\windows\system32\ZoneLabs\vsmondll.dll
+ 2008-07-09 17:05:12 1,361,384 ----a-w c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2008-07-09 17:05:44 198,032 ----a-w c:\windows\system32\ZoneLabs\vsruledb_loc040c.dll
+ 2008-07-09 17:05:12 239,080 ----a-w c:\windows\system32\ZoneLabs\vsvault.dll
+ 2008-07-09 17:05:44 17,808 ----a-w c:\windows\system32\ZoneLabs\vsvault_loc040c.dll
+ 2008-01-21 16:34:36 7,603,688 ----a-w c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2008-07-09 17:05:12 177,640 ----a-w c:\windows\system32\ZoneLabs\zlparser.dll
+ 2008-07-09 17:05:12 79,344 ----a-w c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2008-07-09 17:05:44 17,808 ----a-w c:\windows\system32\ZoneLabs\zlquarantine_loc040c.dll
+ 2008-07-09 17:05:14 382,440 ----a-w c:\windows\system32\ZoneLabs\zlsre.dll
+ 2008-07-09 17:05:44 21,904 ----a-w c:\windows\system32\ZoneLabs\zlsre_loc040c.dll
+ 2008-07-09 17:05:14 120,296 ----a-w c:\windows\system32\ZoneLabs\zlupdate.dll
- 2006-12-02 05:54:32 479,232 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 10:24:32 479,232 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-02 05:54:34 548,864 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 10:24:34 548,864 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-02 05:54:32 626,688 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 10:24:32 626,688 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-02 07:08:00 40,960 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 11:38:00 40,960 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
- 2006-12-02 07:08:00 45,056 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 11:38:00 45,056 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-02 07:08:00 65,536 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 11:38:00 65,536 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-02 07:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 11:38:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-02 07:08:00 61,440 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 11:38:00 61,440 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-02 07:08:00 61,440 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 11:38:00 61,440 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-02 07:08:00 61,440 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 11:38:00 61,440 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-02 07:08:00 49,152 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 11:38:00 49,152 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-02 07:08:00 49,152 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 11:38:00 49,152 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-06-09 5724184]
"Gestionnaire Antidote.exe"="e:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-23 533944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= d:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"VIDC.ACDV"= ACDV.dll
"MSACM.MSNAUDIO"= msnaudio.acm
"msacm.sl_anet"= d:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.divx"= d:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= d:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= d:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.i420"= i420vfw.dll
"vidc.uyvy"= d:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= d:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= d:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= d:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 14:28 266497 c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2008-10-23 10:34 1336560 d:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 20:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 02:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fegajakoko]
c:\windows\system32\murewozi.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
--a------ 2007-09-23 18:55 533944 e:\program files\Druide\Antidote\Gestionnaire Antidote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-11-12 15:09 30192 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-11 00:46 133104 c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2004-10-22 14:44 393216 c:\progra~1\NETASS~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-06-09 17:21 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
-----c--- 2007-12-14 10:36 50472 c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 e:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 19:23 83240 c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-07 00:00 136600 d:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-08 02:33 53248 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Ares\\Ares.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"d:\\Program Files\\OpenOffice.org 2.4\\program\\soffice.bin"=
"d:\\Program Files\\a-squared Free\\a2service.exe"=
"e:\\Program Files\\Druide\\Antidote\\Gestionnaire Antidote.exe"=

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-12 30192]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f4b06f2-0dcc-11dd-9437-000feadb51a5}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-01-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53]

2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1035525444-682003330-1003.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-11 00:46]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
MSConfigStartUp-40aece28 - c:\windows\system32\kitariji.dll
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-CPM439dfdb4 - c:\windows\system32\tahilato.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: {{FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 03:49:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\COMRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
d:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
.
**************************************************************************
.
Completion time: 2009-01-27 3:55:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-27 11:54:22
ComboFix2.txt 2009-01-25 00:31:09
ComboFix3.txt 2009-01-24 08:38:27
ComboFix4.txt 2009-01-21 11:09:49
ComboFix5.txt 2009-01-27 11:43:45

Pre-Run: 663 633 920 bytes free
Post-Run: 962,818,048 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
481 --- E O F --- 2009-01-27 11:54:35
0
Réponse 24 / 67
Utilisateur anonyme
 
Re,

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte en gras ci-dessous par sélection puis Ctrl+C :


KillAll::

File::
c:\windows\system32\Smab0.dll

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f4b06f2-0dcc-11dd-9437-000feadb51a5}]


---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 67
safiainwonderland Messages postés 35 Statut Membre
 
Voilà!
Au fait, je viens d'installer Firefox, il me semble qu'il soit aussi fluide qu'au début, le problème serait réglé?

ComboFix 09-01-21.04 - Admin 2009-01-27 4:14:32.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.647 [GMT -8:00]
Running from: c:\documents and settings\Admin\Desktop\C-Fix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Smab0.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.

2009-01-27 03:25 . 2009-01-27 03:26 <DIR> d----c--- C:\rsit
2009-01-27 03:23 . 2009-01-27 04:19 356,384 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-27 03:23 . 2009-01-27 04:16 7,292 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-27 02:10 . 2009-01-27 02:41 <DIR> d----c--- C:\ToolBar SD
2009-01-25 11:50 . 2009-01-25 11:50 <DIR> d-------- c:\documents and settings\Admin\DoctorWeb
2009-01-23 23:51 . 2009-01-23 23:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-01-23 23:51 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe
2009-01-23 23:51 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
2009-01-23 23:51 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
2009-01-23 23:51 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
2009-01-23 23:51 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
2009-01-23 23:51 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2009-01-23 23:51 . 2009-01-23 23:53 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-01-23 23:50 . 2009-01-23 23:51 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-01-23 23:50 . 2009-01-27 03:58 <DIR> d-------- c:\windows\Internet Logs
2009-01-23 23:50 . 2009-01-23 23:50 <DIR> d-------- c:\program files\Zone Labs
2009-01-23 23:50 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll
2009-01-23 23:50 . 2009-01-27 04:18 358,382 --a------ c:\windows\system32\vsconfig.xml
2009-01-21 06:39 . 2009-01-21 06:39 2,098 ---hs---- c:\windows\system32\sazukojo.dll
2009-01-20 23:19 . 2009-01-20 23:20 <DIR> d-------- c:\program files\PhotoFiltre
2009-01-20 02:52 . 2009-01-20 02:52 2,098 ---hs---- c:\windows\system32\ravebavi.dll
2009-01-18 03:54 . 2009-01-18 03:54 <DIR> d-------- c:\documents and settings\Admin\Application Data\DAEMON Tools Pro
2009-01-18 03:54 . 2009-01-18 03:54 <DIR> d-------- c:\documents and settings\Admin\Application Data\DAEMON Tools
2009-01-18 03:53 . 2009-01-18 03:53 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-01-18 03:53 . 2009-01-18 03:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-18 03:49 . 2009-01-18 03:55 <DIR> d-------- c:\documents and settings\Admin\Application Data\DAEMON Tools Lite
2009-01-18 03:49 . 2009-01-18 03:49 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-16 10:24 . 2009-01-16 10:24 2,098 ---hs---- c:\windows\system32\sosilore.dll
2009-01-15 03:00 . 2009-01-15 03:01 <DIR> d-------- c:\program files\Vuze
2009-01-14 16:51 . 2009-01-14 16:51 <DIR> d----c--- C:\New Folder
2009-01-12 23:59 . 2009-01-12 23:59 <DIR> d-------- c:\documents and settings\Admin\Application Data\3M
2009-01-08 18:37 . 2009-01-08 18:37 <DIR> d-------- c:\windows\Applian FLV Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 10:07 --------- d-----w c:\program files\Common Files\Adobe
2009-01-25 08:34 --------- d-----w c:\documents and settings\Admin\Application Data\OpenOffice.org2
2009-01-24 07:08 --------- d-----w c:\documents and settings\Admin\Application Data\Azureus
2009-01-23 09:29 --------- d-----w c:\documents and settings\Admin\Application Data\LimeWire
2009-01-15 09:57 --------- d-----w c:\documents and settings\Admin\Application Data\ImgBurn
2009-01-15 00:35 --------- d-----w c:\program files\SystemRequirementsLab
2009-01-15 00:15 --------- d-----w c:\documents and settings\Admin\Application Data\SystemRequirementsLab
2009-01-15 00:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 00:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-11 10:16 --------- d-----w c:\program files\Opera
2008-12-14 13:26 --------- d-----w c:\documents and settings\Admin\Application Data\Malwarebytes
2008-12-14 13:25 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 10:24 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-05-15 16:25 10,313,216 -c--a-w c:\program files\CJA510EN.exe
2008-11-12 23:09 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163,328 -csha-r c:\windows\system32\flvDX.dll
2004-01-01 08:03 133,337 --sha-w c:\windows\system32\hafurive.dll
2007-02-21 11:47 31,232 -csha-r c:\windows\system32\msfDX.dll
2004-01-01 08:03 101,126 --sha-w c:\windows\system32\vetajume.dll
2004-01-01 08:03 133,337 --sha-w c:\windows\system32\yoxtqs.dll
.

((((((((((((((((((((((((((((( snapshot_2009-01-27_ 3.53.01.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-27 12:18:34 16,384 ----atw c:\windows\system32\config\systemprofile\Local Settings\temp\Perflib_Perfdata_364.dat
- 2008-08-28 10:35:33 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:24:44 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-06-09 5724184]
"Gestionnaire Antidote.exe"="e:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-23 533944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= d:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"VIDC.ACDV"= ACDV.dll
"MSACM.MSNAUDIO"= msnaudio.acm
"msacm.sl_anet"= d:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.divx"= d:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= d:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= d:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.i420"= i420vfw.dll
"vidc.uyvy"= d:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= d:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= d:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= d:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 14:28 266497 c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2008-10-23 10:34 1336560 d:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 20:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 02:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fegajakoko]
c:\windows\system32\murewozi.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
--a------ 2007-09-23 18:55 533944 e:\program files\Druide\Antidote\Gestionnaire Antidote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-11-12 15:09 30192 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-11 00:46 133104 c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2004-10-22 14:44 393216 c:\progra~1\NETASS~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-06-09 17:21 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
-----c--- 2007-12-14 10:36 50472 c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 e:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 19:23 83240 c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-07 00:00 136600 d:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-08 02:33 53248 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Ares\\Ares.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"d:\\Program Files\\OpenOffice.org 2.4\\program\\soffice.bin"=
"d:\\Program Files\\a-squared Free\\a2service.exe"=
"e:\\Program Files\\Druide\\Antidote\\Gestionnaire Antidote.exe"=

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-12 30192]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f4b06f2-0dcc-11dd-9437-000feadb51a5}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-01-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53]

2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1035525444-682003330-1003.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-11 00:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: {{FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ldz2d04k.default\
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: d:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: d:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 04:18:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\COMRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
d:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2009-01-27 4:23:52 - machine was rebooted [Admin]
ComboFix-quarantined-files.txt 2009-01-27 12:23:49
ComboFix2.txt 2009-01-27 11:55:14
ComboFix3.txt 2009-01-25 00:31:09
ComboFix4.txt 2009-01-24 08:38:27
ComboFix5.txt 2009-01-27 12:13:04

Pre-Run: 852,873,216 bytes free
Post-Run: 848,138,240 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
265 --- E O F --- 2009-01-27 11:54:35
0
Réponse 26 / 67
Utilisateur anonyme
 
Re,

Redémarre ton pc normalement et refait un scan avec malwarebyte

Cette fois si un complet.Vérifie aussi la mise à jour de malwarebyte.
0
Réponse 27 / 67
safiainwonderland Messages postés 35 Statut Membre
 
Désolé pour le retard, je suis du Québec.
Voilà!

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1698
Windows 5.1.2600 Service Pack 2

2009-01-27 10:44:34
mbam-log-2009-01-27 (10-44-34).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 143961
Temps écoulé: 1 hour(s), 42 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\seneka.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
0
Réponse 28 / 67
Utilisateur anonyme
 
Re,

▶ Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
CCLEANER

▶ Lance-le. Va dans "Options" puis "Avancé",

▶ Tu décoches la case "Effacer uniquement les fichiers etc...".

▶ Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage.

▶ Tu vas dans "Registre", tu fais "Chercher des erreurs".

Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

▶ Un tuto ( aide )

Redémarre ton pc normalement .

Ensuite refait un rapport avec RSIT.

merci
0
Réponse 29 / 67
safiainwonderland Messages postés 35 Statut Membre
 
Voilà,

Logfile of random's system information tool 1.05 (written by random/random)
Run by Admin at 2009-01-27 11:04:41
Microsoft Windows XP Professional Service Pack 2
System drive C: has 849 MB (11%) free of 8 GB
Total RAM: 991 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:45, on 2009-01-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] E:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 30 / 67
Utilisateur anonyme
 
Re,

▶ Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
CCLEANER

▶ Lance-le. Va dans "Options" puis "Avancé",

▶ Tu décoches la case "Effacer uniquement les fichiers etc...".

▶ Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage.

▶ Tu vas dans "Registre", tu fais "Chercher des erreurs".

Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

▶ Un tuto ( aide )
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:processes
explorer.exe

:files
C:\WINDOWS\system32\sazukojo.dll
C:\WINDOWS\system32\ravebavi.dll
C:\WINDOWS\system32\vetajume.dll
C:\WINDOWS\system32\hafurive.dll

:reg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f4b06f2-0dcc-11dd-9437-000feadb51a5}]

:commands
[purity]
[emptytemp]


---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 31 / 67
safiainwonderland Messages postés 35 Statut Membre
 
Re voilà (:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\sazukojo.dll not found.
File/Folder C:\WINDOWS\system32\ravebavi.dll not found.
File/Folder C:\WINDOWS\system32\vetajume.dll not found.
File/Folder C:\WINDOWS\system32\hafurive.dll not found.
========== REGISTRY ==========
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Admin\LOCALS~1\Temp\etilqs_8QX01evEIp6udfR5gc4X scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ldz2d04k.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ldz2d04k.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ldz2d04k.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ldz2d04k.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ldz2d04k.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ldz2d04k.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01272009_111958
0
Réponse 32 / 67
Utilisateur anonyme
 
Re,

OK.

Tu as fait ccleaner ?

Fait le et fait ce qui suit dans l'ordre:

Télécharge toolscleaner sur ton Bureau :

toolscleaner

* Double-clique sur ToolsCleaner2.exe et laisse le travailler

* Clique sur Recherche et laisse le scan se terminer.

* Clique sur Suppression pour finaliser.

* Tu peux, si tu le souhaites, te servir des Options facultatives.

* Clique sur Quitter, pour que le rapport puisse se créer.

* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Si dans le rapport de toolscleaner tu aurais combofix =>Erreur de suppression fait ce qui suit:

Pour Supprimer Combofix:

Cliquer sur "Démarrer"/ "Exécuter", saisir combofix /u (espace avant "/") et presser la touche "Entrée".
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Redémarre ton pc normalement et fait le scan de kaspersky:

> Fais un scan en ligne avec Kaspersky : Kaspersky

N.B. : Le scan ne marche que sous Internet Explorer.

- Commence par connecter tout ton matériel de stockage à ton PC (clés USB, DD amovible...). Allume les si necessaire.

- Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >.

- On va te demander de télécharger un contrôle active x, accepte .

- Dans le menu < Choisissez la cible de l'analyse >, sélectionne < Poste de travail >. Le scan va commencer.

- Poste le rapport qui sera généré stp. (clique sur <enregistrer le rapport> puis sauvegarde-le sur ton bureau en choisissant "fichier texte (*.txt)" pour l'extension).
S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : clic ici

Rappel : le scan est à faire sous Internet Explorer
Tuto ici si problème

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Pour le rapport Kaspersky il faut que tu choisisses "Afficher le rapport" puis que tu l'enregistres sur ton bureau sous forme de fichier texte (type de fichier "tous les fichiers").
0
Réponse 33 / 67
safiainwonderland Messages postés 35 Statut Membre
 
Alors, j'envoie le rapport de Tclean en premier, le scan n'est pas encore terminer. Il n'est qu'à 37% et est ouvert depuis près de 2h. Dès que je l'ai, je le poste!

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Admin\Desktop\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Admin\Desktop\Rsit.exe: trouvé !
C:\Documents and Settings\Admin\Desktop\ \clean\ToolBarSD.exe: trouvé !
C:\Documents and Settings\Admin\Desktop\ \Dossier 15 nov\HijackThis.lnk: trouvé !
C:\Documents and Settings\Admin\Desktop\ \Dossier 15 nov\HJTInstall.exe: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Admin\Desktop\ \clean\ToolBarSD.exe: supprimé !
C:\Documents and Settings\Admin\Desktop\ \Dossier 15 nov\HijackThis.lnk: supprimé !
C:\Documents and Settings\Admin\Desktop\ \Dossier 15 nov\HJTInstall.exe: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\Admin\Desktop\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Admin\Desktop\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 34 / 67
Utilisateur anonyme
 
Re,

OK.
0
Réponse 35 / 67
safiainwonderland Messages postés 35 Statut Membre
 
Eh m*rde.
IE vien de fermer.
Qu'est-ce que je fais, je le recommence ou est-ce qu'il a une autre solution?
0
Réponse 36 / 67
Utilisateur anonyme
 
Re,

Fait un scan avec :

Fais un scan en ligne BitDefender (uniquement sous Internet Explorer) : https://www.bitdefender.com/toolbox/

Poste le rapport complet ici quand ce sera terminé.
0
Réponse 37 / 67
safiainwonderland Messages postés 35 Statut Membre
 
Le rapport est en HTML alors, j'ai tenté d'enlevé les espaces crée par le copier/coller.

BitDefender Online Scanner
Scan report generated at: Wed, Jan 28, 2009 - 04:01:42
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;K:\;
Statistics
Time: 05:01:27
Files: 553207
Folders: 11074
Boot Sectors : 0
Archives5239
Packed Files48191

Results

Identified Viruses
2

Infected Files
59

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
59

Engines Info
Virus Definitions

2615036
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000020.dll

Infected with: Trojan.Generic.1383414

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000020.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000021.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000021.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000021.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000025.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000025.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000025.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000026.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000026.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000026.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000027.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000027.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000027.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000028.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000028.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000028.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000029.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000029.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000029.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000030.dll

Infected with: Trojan.Generic.1383414

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000030.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000031.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000031.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000031.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000032.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000032.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000032.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000036.dll

Infected with: Trojan.Generic.1383414

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000036.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000037.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000037.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000037.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000038.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000038.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000038.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000040.dll

Infected with: Trojan.Generic.1383414

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000040.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000041.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000041.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000041.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000042.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000042.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000042.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000043.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000043.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000043.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000047.dll

Infected with: Trojan.Generic.1383414

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000047.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000048.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000048.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000048.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000049.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000049.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000049.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000050.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000050.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000050.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000051.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000051.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000051.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000052.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000052.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000052.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000053.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000053.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000053.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000054.dll

Infected with: Trojan.Generic.1383414

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000054.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000055.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000055.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000055.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000056.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000056.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000056.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000057.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000057.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000057.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000064.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000064.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000064.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000065.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000065.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000065.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000066.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000066.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000066.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000067.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000067.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000067.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000068.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000068.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000068.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000069.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000069.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000069.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000070.dll

Infected with: Trojan.Generic.1383414

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000070.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000071.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000071.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000071.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000072.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000072.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000072.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000073.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000073.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000073.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000074.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000074.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000074.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000075.dll

Infected with: Trojan.Generic.1383414

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000075.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000076.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000076.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000076.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000077.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000077.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000077.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000089.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000089.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000089.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000090.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000090.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000090.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000091.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000091.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000091.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000092.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000092.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000092.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000093.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000093.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000093.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000094.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000094.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000094.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000095.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000095.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000095.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000096.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000096.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000096.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000097.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000097.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000097.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000098.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000098.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000098.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000099.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000099.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000099.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000100.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000100.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000100.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000102.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000102.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000102.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000103.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000103.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP2\A0000103.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP5\A0001050.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP5\A0001050.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP5\A0001050.dll

Deleted

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP5\A0001053.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP5\A0001053.dll

Disinfection failed

C:\System Volume Information\_restore{9919E01C-D8EB-412D-92A2-AE3C39C6BA73}\RP5\A0001053.dll

Deleted

C:\WINDOWS\system32\yoxtqs.dll

Infected with: Gen:Trojan.Heur.Vundo.1

C:\WINDOWS\system32\yoxtqs.dll

Disinfection failed

C:\WINDOWS\system32\yoxtqs.dll

Deleted
0
Réponse 38 / 67
Utilisateur anonyme
 
Re,

¤Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique.

Puis,

¤Réactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu décoches la case « désactiver la restauration » et applique.

Ensuite redémarre ton pc normalement et fait un scan avec antivir.

merci
0
Réponse 39 / 67
safiainwonderland Messages postés 35 Statut Membre
 
Le scan est sur le point de commencer, je poste le rapport après?
Quand j'ai ouvert le PC, un autre erreur est apparu : Error loading C:\WINDOWS\system32\vetajume.dll The specified module could not be found.

Merci.
0
Réponse 40 / 67
safiainwonderland Messages postés 35 Statut Membre
 
Avira AntiVir Personal
Report file date: Wednesday, January 28, 2009 12:23

Scanning for 1284972 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PAL

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/28/2008 18:56:31
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 17:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 22:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 17:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 10:06:37
ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 1/14/2009 03:59:48
ANTIVIR2.VDF : 7.1.1.172 958464 Bytes 1/23/2009 08:15:59
ANTIVIR3.VDF : 7.1.1.189 188416 Bytes 1/27/2009 08:16:14
Engineversion : 8.2.0.60
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 20:05:56
AESCRIPT.DLL : 8.1.1.32 340347 Bytes 1/27/2009 08:16:21
AESCN.DLL : 8.1.1.5 123251 Bytes 11/14/2008 10:06:49
AERDL.DLL : 8.1.1.3 438645 Bytes 11/14/2008 10:06:48
AEPACK.DLL : 8.1.3.5 393588 Bytes 1/10/2009 03:58:56
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/11/2008 21:57:14
AEHEUR.DLL : 8.1.0.86 1552759 Bytes 1/27/2009 08:16:18
AEHELP.DLL : 8.1.2.0 119159 Bytes 11/19/2008 17:44:31
AEGEN.DLL : 8.1.1.10 323957 Bytes 1/17/2009 03:59:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 20:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 11/28/2008 18:56:31
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 20:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 18:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 19:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 11/14/2008 10:06:41
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 21:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 18:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 22:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 03:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 22:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 22:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 23:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 23:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Wednesday, January 28, 2009 12:23

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'Gestionnaire Antidote.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '46' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\SAFIA'S STUFF\Azureus Downloads\adobe CS3Efr\ADOBE PHOTOSHOP CS3 EXTENDED FRENCH\payloads\AdobePDFL8All\AdobePDFL8All1.cab
[0] Archive type: CAB (Microsoft)
--> _13_695439beb0975c26696b865cec4b5df4
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\SAFIA'S STUFF\Azureus Downloads\adobe CS3Efr\ADOBE PHOTOSHOP CS3 EXTENDED FRENCH\payloads\AdobePhotoshop10fr_FR\AdobePhotoshop10fr_FR1.cab
[0] Archive type: CAB (Microsoft)
--> _34_a0de106752a48f28086fa3b9ef80e203
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'E:\' <Documents>

End of the scan: Wednesday, January 28, 2009 13:38
Used time: 1:15:02 Hour(s)

The scan has been done completely.

11034 Scanning directories
431644 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
431642 Files not concerned
3897 Archives were scanned
6 Warnings
0 Notes
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses