Sujet Précédent Sujet Suivant

Virus Virtumonde.Neo besoin d'aide

Fermé
CharlieMusic Messages postés 30 Date d'inscription mardi 31 mars 2009 Statut Membre Dernière intervention 4 avril 2009 - 31 mars 2009 à 11:15
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 4 avril 2009 à 23:36
Bonjour,
Mon ordinateur rame pas mal en ce moment...je l'ai défragmenté, et fais une analyse NOD32
début de l'analyse : "Controle CRC du fichier NOD32.EXE : le fichier NOD32.EXE est endommagé, peut-être infecté
La mémoire est OK
Une erreur s'est produite durant l'analyse du secteur MBR de 2.disque physique.Erreur de lecture du secteur."
l'analyse se lance et très souvent, même si l'analyse se fait ils mettent "erreur à l'ouverture (le fichier est verrouillé)
virus détecté : WIN32/Ardware.Virtumonde.Neo~datafile application, mise en quarantaine et parfois suppression du fichier
j'ai aussi ma connection internet qui rame, j'ai internet explorer avec lo.st qui s'est mis en page d'acceuil et j'ai téléchargé firefox mais j'ai sans arrêt des publicités ou des pages comm "site malveillant" "page interne non trouvée"
au démarrage de mon ordinateur il me mettent un message d'erreur à propos du rundll.....? :s et les deux dernières fois que je l'ai allumé la toute première page windows pr rentrer mon mot de passe était différente...
qu'est ce qu'il faudrait que je fasse pour booster mon ordi (pc portable vaio datant de 3ans)...?

merci par avance à ceux qui voudront bien m'aider car c'est vraiment dur à gérer....

CharlieMusic
A voir également:

47 réponses

Précédent
Réponse 21 / 47
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
31 mars 2009 à 22:26
passe à la suite pour voire ...
0
Réponse 22 / 47
CharlieMusic Messages postés 30 Date d'inscription mardi 31 mars 2009 Statut Membre Dernière intervention 4 avril 2009
31 mars 2009 à 22:32
voila le rapport....
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.31 Trojan-PWS.Papras!IK
AhnLab-V3 5.0.0.2 2009.03.31 Win-Trojan/Agent.37376.OQ
AntiVir 7.9.0.129 2009.03.31 TR/PSW.Papras.N
Antiy-AVL 2.0.3.1 2009.03.31 Trojan/Win32.Agent2
Authentium 5.1.2.4 2009.03.30 -
Avast 4.8.1335.0 2009.03.31 Win32:Vupa
AVG 8.5.0.285 2009.03.31 SHeur2.WNC
BitDefender 7.2 2009.03.31 Trojan.PWS.Papras.N
CAT-QuickHeal 10.00 2009.03.31 Trojan.Agent2.fsa
ClamAV 0.94.1 2009.03.31 -
Comodo 1092 2009.03.31 -
DrWeb 4.44.0.09170 2009.03.31 Trojan.DownLoad.29459
eSafe 7.0.17.0 2009.03.31 Suspicious File
eTrust-Vet 31.6.6427 2009.03.31 -
F-Prot 4.4.4.56 2009.03.30 -
F-Secure 8.0.14470.0 2009.03.31 Trojan.Win32.Agent2.fsa
Fortinet 3.117.0.0 2009.03.31 PossibleThreat
GData 19 2009.03.31 Trojan.PWS.Papras.N
Ikarus T3.1.1.49.0 2009.03.31 Trojan-PWS.Papras
K7AntiVirus 7.10.687 2009.03.31 Trojan.Win32.Agent2.fsa
Kaspersky 7.0.0.125 2009.03.31 Trojan.Win32.Agent2.fsa
McAfee 5570 2009.03.31 Generic.dx
McAfee+Artemis 5570 2009.03.31 Generic.dx
McAfee-GW-Edition 6.7.6 2009.03.31 Trojan.PSW.Papras.N
Microsoft 1.4502 2009.03.31 -
NOD32 3978 2009.03.31 Win32/Wigon
Norman 6.00.06 2009.03.31 W32/Agent.MEXE
nProtect 2009.1.8.0 2009.03.31 Trojan/W32.Agent2.37376.C
Panda 10.0.0.14 2009.03.31 -
PCTools 4.4.2.0 2009.03.31 Trojan.Agent2!sd6
Rising 21.23.12.00 2009.03.31 Trojan.Win32.Nodef.gno
Sophos 4.40.0 2009.03.31 Mal/EncPk-HJ
Sunbelt 3.2.1858.2 2009.03.31 Trojan.Win32.Agent2.fsa
Symantec 1.4.4.12 2009.03.31 Trojan Horse
TheHacker 6.3.3.9.296 2009.03.30 Trojan/Agent2.fsa
TrendMicro 8.700.0.1004 2009.03.31 TROJ_AGENT.CHB
VBA32 3.12.10.1 2009.03.31 Trojan.Win32.Agent2.fsa
ViRobot 2009.3.31.1669 2009.03.31 Trojan.Win32.Agent.37376.AH
VirusBuster 4.6.5.0 2009.03.31 -
Information additionnelle
File size: 37376 bytes
MD5...: b21c88a7add7afac981011013cc37bba
SHA1..: 8d6fd06d1bff66c83271dfd3b639dcd751f5da66
SHA256: 31816e9aca3b477b7052b32d5d8f483eaffeb08ce468a1107e1b6df08799ee2c
SHA512: 5f91217c0f191cc6449fb25d633ff967a17b99d34c7ca86ab866a77c27114daf
e5fa6f5f8fcb71b3901bdf6611bf0e5273b71efa8ca88a19bbb8f8c8e20e9381
ssdeep: 768:kmv6IAFOHWsBY7Yj39EiRsUdhqW+VtsFOBENu8cNiudNXD/g:kY6IAFIYExR
lhqhUUyNuLNDdNXc
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (88.0%)
Win32 Dynamic Link Library (generic) (7.8%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x75a0
timedatestamp.....: 0x47d0f256 (Fri Mar 07 07:44:22 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8000 0x7400 7.83 e27fb063f102ee6377d932465615f945
.rdata 0x9000 0x1000 0xc00 3.94 bbeb986149b060bd8aa9e7c4f2a6a66c
.data 0xa000 0x1000 0x800 5.47 34cc17082de2ff21c92622f0a41b7dda
.rsrc 0xb000 0x3f0 0x400 3.43 a1141a0b74c163a7bd5eba40e80f4450
_win 0xc000 0x200 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b

( 4 imports )
> MSVCRT.dll: __p__fmode, strtol, strcpy, strcspn, _XcptFilter, memcpy, _strtime, exit, _wfullpath, _controlfp
> GDI32.dll: CreateDIBSection, StartDocW, CreateRectRgn, CreateSolidBrush, DeleteDC, EndDoc, RestoreDC, GetDeviceCaps, StartPage, Polyline, RectInRegion
> KERNEL32.dll: EnumSystemCodePagesA, GetVolumeInformationW, FindNextChangeNotification, ConsoleMenuControl, MoveFileWithProgressA, SetFilePointerEx, WaitNamedPipeA, FreeLibrary, SetVDMCurrentDirectories, GetWriteWatch
> ulib.dll: _Initialize@TIMEINFO_ARGUMENT@@QAEEPAD@Z, _Resize@DSTRING@@UAEEK@Z, _Construct@WSTRING@@IAEXXZ, __1MESSAGE@@UAE@XZ, _QueryTimeOut@COMM_DEVICE@@QBEEXZ, _DisableBreakHandling@KEYBOARD@@SGEXZ, __0LONG_ARGUMENT@@QAE@XZ, __1PROGRAM@@UAE@XZ, _Initialize@TIMEINFO@@QAEEPAU_FILETIME@@@Z

( 0 exports )
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=b21c88a7add7afac981011013cc37bba' target='_blank'>https://www.symantec.com?md5=b21c88a7add7afac981011013cc37bba</a>

ATENTION ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
0
Réponse 23 / 47
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
31 mars 2009 à 22:36
bien ....


écoute on va tenter de poursuivre le nettoyage , on verra bien ....



fais ceci :


Télécharge Lop S&D :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Déconnecte toi et ferme toutes tes applications en cours .

Double-clique sur sur l'.exe que tu viens de télécharger pour lancer l'installe .

Une fois l'installation faite, clique sur le raccourci pour lancer l'outil .

Là,laisses toi guider:
--->choisis l'option 1 (recherche) et valides.

(Tu ne fais pas l'option de nettoyage ( 2 ou 3) ).

Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Poste ce rapport dans ta prochaine réponse pour analyse .

Tuto : https://sites.google.com/site/eric71mespages/lop.sd.exe
0
Réponse 24 / 47
CharlieMusic Messages postés 30 Date d'inscription mardi 31 mars 2009 Statut Membre Dernière intervention 4 avril 2009
1 avril 2009 à 00:03
Voila le rapport....g une chance de récupéré mon ordi sincerement ou pas tu penses...? est ce qu'il faut que j'enleve les mises à jour automatiques...?

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2300 @ 1.66GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Charlotte ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:93 Go (Free:9 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
H:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 31/03/2009|22:39 )

--------------------\\ Listing des dossiers dans APPLIC~1

[25/06/2008|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/11/2007|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[06/07/2007|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[30/04/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[31/12/2008|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[06/04/2006|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[05/02/2009|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[08/12/2008|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[09/12/2007|21:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[21/02/2009|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/05/2008|02:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[06/04/2006|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[09/11/2007|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\live 64 math does
[09/09/2008|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[15/04/2006|23:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/06/2008|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Minnetonka Audio Software
[13/04/2006|00:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[17/09/2008|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[05/01/2007|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[25/06/2008|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Syncrosoft
[08/09/2008|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[08/12/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[25/06/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[31/12/2006|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[12/12/2008|11:09] C:\DOCUME~1\CHARLO~1\APPLIC~1\3M
[27/03/2009|17:17] C:\DOCUME~1\CHARLO~1\APPLIC~1\Adobe
[03/05/2006|16:07] C:\DOCUME~1\CHARLO~1\APPLIC~1\AdobeUM
[06/04/2006|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\Ahead
[15/03/2009|19:31] C:\DOCUME~1\CHARLO~1\APPLIC~1\Apple Computer
[26/04/2006|11:15] C:\DOCUME~1\CHARLO~1\APPLIC~1\ArcSoft
[31/12/2008|16:05] C:\DOCUME~1\CHARLO~1\APPLIC~1\Autodesk
[03/03/2009|11:15] C:\DOCUME~1\CHARLO~1\APPLIC~1\dvdcss
[21/09/2008|23:11] C:\DOCUME~1\CHARLO~1\APPLIC~1\EoRezo
[08/12/2008|13:40] C:\DOCUME~1\CHARLO~1\APPLIC~1\EPSON
[25/06/2008|16:35] C:\DOCUME~1\CHARLO~1\APPLIC~1\FireBox Mixer
[19/09/2007|18:45] C:\DOCUME~1\CHARLO~1\APPLIC~1\Google
[27/09/2007|19:06] C:\DOCUME~1\CHARLO~1\APPLIC~1\Graphisoft
[28/09/2007|00:20] C:\DOCUME~1\CHARLO~1\APPLIC~1\Help
[05/11/2006|18:38] C:\DOCUME~1\CHARLO~1\APPLIC~1\HP
[06/04/2006|10:35] C:\DOCUME~1\CHARLO~1\APPLIC~1\Identities
[29/03/2009|22:00] C:\DOCUME~1\CHARLO~1\APPLIC~1\Image Zone Express
[08/12/2008|13:20] C:\DOCUME~1\CHARLO~1\APPLIC~1\InstallShield
[18/09/2008|09:11] C:\DOCUME~1\CHARLO~1\APPLIC~1\ItsLabel
[19/04/2006|16:28] C:\DOCUME~1\CHARLO~1\APPLIC~1\Macromedia
[09/09/2008|12:28] C:\DOCUME~1\CHARLO~1\APPLIC~1\Malwarebytes
[09/11/2007|23:12] C:\DOCUME~1\CHARLO~1\APPLIC~1\Math Cdrom Help
[12/12/2008|16:09] C:\DOCUME~1\CHARLO~1\APPLIC~1\Microsoft
[07/12/2008|15:03] C:\DOCUME~1\CHARLO~1\APPLIC~1\Mozilla
[31/03/2009|20:44] C:\DOCUME~1\CHARLO~1\APPLIC~1\nidle
[25/02/2009|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\pdfforge
[25/03/2009|14:36] C:\DOCUME~1\CHARLO~1\APPLIC~1\Samsung
[25/02/2009|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings
[29/02/2008|20:55] C:\DOCUME~1\CHARLO~1\APPLIC~1\Skype
[25/06/2008|15:45] C:\DOCUME~1\CHARLO~1\APPLIC~1\Steinberg
[27/09/2007|16:31] C:\DOCUME~1\CHARLO~1\APPLIC~1\Sun
[11/02/2009|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\U3
[25/06/2008|17:13] C:\DOCUME~1\CHARLO~1\APPLIC~1\Ulead Systems
[07/04/2006|14:39] C:\DOCUME~1\CHARLO~1\APPLIC~1\vlc

[06/04/2006|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[30/03/2009|22:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[30/03/2009|22:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[10/12/2006|23:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[06/04/2006|10:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[05/05/2008 07:48][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[31/03/2009 22:00][--ah-----] C:\WINDOWS\tasks\AD551DE1918A8EC9.job
[29/03/2009 23:00][--a------] C:\WINDOWS\tasks\At48.job
[31/03/2009 22:00][--a------] C:\WINDOWS\tasks\At47.job
[31/03/2009 20:00][--a------] C:\WINDOWS\tasks\At45.job
[31/03/2009 21:00][--a------] C:\WINDOWS\tasks\At46.job
[28/03/2009 19:00][--a------] C:\WINDOWS\tasks\At43.job
[29/03/2009 19:00][--a------] C:\WINDOWS\tasks\At44.job
[29/03/2009 17:00][--a------] C:\WINDOWS\tasks\At42.job
[29/03/2009 16:00][--a------] C:\WINDOWS\tasks\At41.job
[29/03/2009 13:00][--a------] C:\WINDOWS\tasks\At38.job
[27/03/2009 16:00][--a------] C:\WINDOWS\tasks\At40.job
[26/03/2009 15:00][--a------] C:\WINDOWS\tasks\At39.job
[31/03/2009 12:00][--a------] C:\WINDOWS\tasks\At37.job
[31/03/2009 11:00][--a------] C:\WINDOWS\tasks\At36.job
[31/03/2009 10:00][--a------] C:\WINDOWS\tasks\At35.job
[01/09/2007 13:02][--a------] C:\WINDOWS\tasks\At32.job
[23/02/2009 10:00][--a------] C:\WINDOWS\tasks\At34.job
[04/10/2008 08:00][--a------] C:\WINDOWS\tasks\At33.job
[09/05/2008 05:00][--a------] C:\WINDOWS\tasks\At30.job
[01/09/2007 13:02][--a------] C:\WINDOWS\tasks\At31.job
[09/05/2008 04:00][--a------] C:\WINDOWS\tasks\At29.job
[23/11/2008 03:00][--a------] C:\WINDOWS\tasks\At27.job
[29/11/2008 04:00][--a------] C:\WINDOWS\tasks\At28.job
[27/03/2009 01:00][--a------] C:\WINDOWS\tasks\At25.job
[24/03/2009 02:00][--a------] C:\WINDOWS\tasks\At26.job
[31/03/2009 22:00][--a------] C:\WINDOWS\tasks\At23.job
[29/03/2009 23:00][--a------] C:\WINDOWS\tasks\At24.job
[31/03/2009 21:00][--a------] C:\WINDOWS\tasks\At22.job
[29/03/2009 19:00][--a------] C:\WINDOWS\tasks\At20.job
[31/03/2009 20:00][--a------] C:\WINDOWS\tasks\At21.job
[28/03/2009 19:00][--a------] C:\WINDOWS\tasks\At19.job
[29/03/2009 17:00][--a------] C:\WINDOWS\tasks\At18.job
[27/03/2009 16:00][--a------] C:\WINDOWS\tasks\At16.job
[29/03/2009 16:00][--a------] C:\WINDOWS\tasks\At17.job
[26/03/2009 15:00][--a------] C:\WINDOWS\tasks\At15.job
[31/03/2009 12:00][--a------] C:\WINDOWS\tasks\At13.job
[29/03/2009 13:00][--a------] C:\WINDOWS\tasks\At14.job
[23/02/2009 10:00][--a------] C:\WINDOWS\tasks\At10.job
[31/03/2009 11:00][--a------] C:\WINDOWS\tasks\At12.job
[31/03/2009 10:00][--a------] C:\WINDOWS\tasks\At11.job
[04/10/2008 08:00][--a------] C:\WINDOWS\tasks\At9.job
[17/06/2007 15:32][--a------] C:\WINDOWS\tasks\At7.job
[30/06/2007 07:00][--a------] C:\WINDOWS\tasks\At8.job
[09/05/2008 05:00][--a------] C:\WINDOWS\tasks\At6.job
[09/05/2008 04:00][--a------] C:\WINDOWS\tasks\At5.job
[29/11/2008 04:00][--a------] C:\WINDOWS\tasks\At4.job
[23/11/2008 03:00][--a------] C:\WINDOWS\tasks\At3.job
[24/03/2009 02:00][--a------] C:\WINDOWS\tasks\At2.job
[27/03/2009 01:00][--a------] C:\WINDOWS\tasks\At1.job
[31/03/2009 20:55][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/08/2001 14:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

( AD551DE1918A8EC9.job )=( c:\docume~1\charlo~1\applic~1\mathcd~1\DentUserTrans.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[09/12/2008|21:38] C:\Program Files\ABBYY FineReader 6.0 Sprint
[24/06/2008|22:56] C:\Program Files\adaptateur firewire INDEO
[25/06/2008|18:59] C:\Program Files\Adobe
[26/04/2008|15:31] C:\Program Files\Apple Software Update
[26/03/2009|23:29] C:\Program Files\ArchiCAD 12
[06/04/2006|10:55] C:\Program Files\ASUSTek
[31/12/2008|16:09] C:\Program Files\AutoCAD 2008
[24/03/2009|00:56] C:\Program Files\Autodesk Revit Building 8.1
[31/12/2008|16:02] C:\Program Files\Autodesk, 3DS max
[25/03/2009|17:37] C:\Program Files\BitComet
[20/01/2008|22:26] C:\Program Files\Bonjour
[27/06/2008|19:08] C:\Program Files\CARTE SON
[06/04/2006|10:55] C:\Program Files\CyberLink
[25/06/2008|15:22] C:\Program Files\Cycling '74
[08/12/2008|13:25] C:\Program Files\epson
[31/03/2009|12:59] C:\Program Files\ESET
[25/03/2009|17:38] C:\Program Files\Fichiers communs
[12/12/2006|11:08] C:\Program Files\Free
[21/02/2009|20:20] C:\Program Files\Google
[16/10/2008|18:52] C:\Program Files\Google SketchUp 6
[24/09/2008|11:20] C:\Program Files\Graphisoft
[31/03/2009|11:27] C:\Program Files\HijackThis
[09/11/2007|23:36] C:\Program Files\HP
[06/04/2006|12:30] C:\Program Files\HPQ
[11/12/2008|22:30] C:\Program Files\InstallShield Installation Information
[06/04/2006|12:14] C:\Program Files\Intel
[20/12/2008|10:56] C:\Program Files\Internet Explorer
[26/04/2008|14:50] C:\Program Files\iPod
[26/04/2008|14:50] C:\Program Files\iTunes
[27/09/2007|16:32] C:\Program Files\Java
[06/04/2006|10:21] C:\Program Files\microsoft frontpage
[26/04/2006|11:36] C:\Program Files\Microsoft IntelliPoint
[31/12/2008|16:00] C:\Program Files\Microsoft Office
[06/04/2006|12:47] C:\Program Files\Microsoft Visual Studio
[06/04/2006|12:47] C:\Program Files\Microsoft Works
[06/04/2006|12:51] C:\Program Files\Microsoft.NET
[20/02/2009|18:55] C:\Program Files\Movie Maker
[31/03/2009|20:44] C:\Program Files\Mozilla Firefox
[20/12/2008|11:28] C:\Program Files\MSBuild
[06/04/2006|10:15] C:\Program Files\MSN
[06/04/2006|10:16] C:\Program Files\MSN Gaming Zone
[26/02/2007|23:51] C:\Program Files\MSN Messenger
[06/04/2006|11:59] C:\Program Files\Nero
[06/04/2006|10:18] C:\Program Files\NetMeeting
[06/04/2006|10:18] C:\Program Files\Outlook Express
[25/02/2009|11:58] C:\Program Files\PDFCreator
[25/02/2009|11:57] C:\Program Files\pdfforge Toolbar
[02/03/2008|23:29] C:\Program Files\PeerGuardian2
[25/03/2009|14:34] C:\Program Files\photoshop
[29/06/2008|18:30] C:\Program Files\PIXELA
[12/12/2008|11:09] C:\Program Files\postit
[25/06/2008|15:15] C:\Program Files\PreSonus-carte son
[26/04/2008|14:44] C:\Program Files\QuickTime
[20/12/2008|11:14] C:\Program Files\Reference Assemblies
[20/12/2008|10:44] C:\Program Files\Rhinoceros 4.0
[06/04/2006|12:34] C:\Program Files\Sigmatel
[07/11/2007|23:16] C:\Program Files\Sony Corporation
[25/06/2008|15:47] C:\Program Files\Steinberg
[25/06/2008|15:45] C:\Program Files\Syncrosoft
[31/03/2009|11:28] C:\Program Files\Trend Micro
[06/04/2006|10:35] C:\Program Files\Uninstall Information
[06/04/2006|10:55] C:\Program Files\VideoLAN
[27/09/2007|16:54] C:\Program Files\WIBUKEY
[27/09/2007|16:54] C:\Program Files\WIBU-SYSTEMS
[25/06/2008|15:04] C:\Program Files\Windows Media Components
[02/01/2007|20:03] C:\Program Files\Windows Media Connect 2
[30/12/2006|19:25] C:\Program Files\Windows Media Player
[06/04/2006|10:15] C:\Program Files\Windows NT
[06/04/2006|10:19] C:\Program Files\WindowsUpdate
[28/09/2007|00:20] C:\Program Files\WinRAR
[06/04/2006|10:21] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[10/01/2008|22:10] C:\Program Files\Fichiers communs\Adobe
[10/11/2007|00:11] C:\Program Files\Fichiers communs\Adobe Systems Shared
[06/04/2006|11:59] C:\Program Files\Fichiers communs\Ahead
[06/07/2007|09:41] C:\Program Files\Fichiers communs\Apple
[26/04/2006|11:04] C:\Program Files\Fichiers communs\ArcSoft
[24/03/2009|00:57] C:\Program Files\Fichiers communs\Autodesk Shared
[25/06/2008|15:22] C:\Program Files\Fichiers communs\Cycling '74
[31/12/2008|16:01] C:\Program Files\Fichiers communs\DESIGNER
[25/06/2008|15:22] C:\Program Files\Fichiers communs\Digidesign
[05/11/2006|18:32] C:\Program Files\Fichiers communs\Hewlett-Packard
[05/11/2006|18:37] C:\Program Files\Fichiers communs\HP
[25/06/2008|15:03] C:\Program Files\Fichiers communs\InstallShield
[27/09/2007|16:32] C:\Program Files\Fichiers communs\Java
[01/12/2007|13:56] C:\Program Files\Fichiers communs\Macrovision Shared
[31/12/2008|16:00] C:\Program Files\Fichiers communs\Microsoft Shared
[06/04/2006|10:18] C:\Program Files\Fichiers communs\MSSoap
[07/11/2007|23:16] C:\Program Files\Fichiers communs\muvee Technologies
[06/04/2006|12:10] C:\Program Files\Fichiers communs\ODBC
[06/04/2006|10:18] C:\Program Files\Fichiers communs\Services
[26/04/2006|11:04] C:\Program Files\Fichiers communs\SPC610NC
[06/04/2006|12:10] C:\Program Files\Fichiers communs\SpeechEngines
[06/04/2006|12:46] C:\Program Files\Fichiers communs\System
[25/06/2008|15:03] C:\Program Files\Fichiers communs\Ulead Systems

--------------------\\ Process

( 62 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\CHARLO~1\APPLIC~1\MATHCD~1

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\live 64 math does
C:\DOCUME~1\CHARLO~1\APPLIC~1\mathcd~1
C:\WINDOWS\Tasks\AD551DE1918A8EC9.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\two joy test]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\CHARLO~1\\APPLIC~1\\MATHCD~1\\list proxy.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tons Corn"="C:\\DOCUME~1\\CHARLO~1\\APPLIC~1\\MATHCD~1\\list proxy.exe"
"Tons Corn"="C:\\DOCUME~1\\CHARLO~1\\APPLIC~1\\MATHCD~1\\list proxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 23:34:37
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
? [19708]
? [4636]
? [17028]
? [29184]
scanning hidden files ...
scan completed successfully
hidden processes: 4
hidden files: 534

--------------------\\ Recherche d'autres infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

C:\WINDOWS\system32\yHkjlnnn.ini
C:\WINDOWS\system32\yHkjlnnn.ini2
C:\WINDOWS\system32\nnnljkHy.dll.vir
[b]==> VUNDO <==/b

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\CHARLO~1\Mes documents\Torrents\BitComet\Torrents\Rhinoceros 3.0+crack.rar.torrent
C:\DOCUME~1\CHARLO~1\Recent\Google.SketchUp.Pro.6.KeyGen-acme (2).lnk


[F:6629][D:317]-> C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
[F:2][D:0]-> C:\DOCUME~1\CHARLO~1\Cookies
[F:56][D:5]-> C:\DOCUME~1\CHARLO~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 31/03/2009|23:52 - Option : [1]

--------------------\\ Fin du rapport a 23:52:05
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 47
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
1 avril 2009 à 00:06
Pour ton ordi , on va tout faire pour ... ^^"


la suite dans l'ordre :


1- ! Déconnecte toi et ferme toutes tes applications en cours !

Relance Lop S&D ,

--->choisis cette fois l'option 2 ( nettoyage ) et valide ...

->ne touche à rien pendant que l'outil travail .


Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Poste ce rapport dans ta prochaine réponse pour analyse ...

une fois ce rapport posté , fais la suite :

==============================

2- Télécharge SDFix sur ton bureau :
ici http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
ou ici http://download.bleepingcomputer.com/andymanchesta/SDFix.exe
ou ici http://sdfix.net/SDFix.exe

--> Double-clique sur SDFix.exe et choisis "Install" .

( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )

Puis une fois l'installe faite ,

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...


Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil .
-->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
C:\SDFix sous le nom "Report.txt".

Poste ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport RSIT ( log.txt ) pour analyse et attends la suite ...






0
Réponse 26 / 47
CharlieMusic Messages postés 30 Date d'inscription mardi 31 mars 2009 Statut Membre Dernière intervention 4 avril 2009
1 avril 2009 à 01:23
voici le rapport de l'étape 2 de lopSD ...je continuerai le nettoyage demain... :s merci pr tout...

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2300 @ 1.66GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Charlotte ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:93 Go (Free:9 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
H:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 01/04/2009| 0:09 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\WINDOWS\Tasks\AD551DE1918A8EC9.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\live 64 math does
Supprime! - C:\DOCUME~1\CHARLO~1\APPLIC~1\mathcd~1

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[25/06/2008|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/11/2007|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[06/07/2007|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[30/04/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[31/12/2008|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[06/04/2006|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[05/02/2009|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[08/12/2008|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[09/12/2007|21:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[21/02/2009|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/05/2008|02:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[06/04/2006|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[09/09/2008|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[15/04/2006|23:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/06/2008|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Minnetonka Audio Software
[13/04/2006|00:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[17/09/2008|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[05/01/2007|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[25/06/2008|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Syncrosoft
[08/09/2008|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[08/12/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[25/06/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[31/12/2006|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[12/12/2008|11:09] C:\DOCUME~1\CHARLO~1\APPLIC~1\3M
[27/03/2009|17:17] C:\DOCUME~1\CHARLO~1\APPLIC~1\Adobe
[03/05/2006|16:07] C:\DOCUME~1\CHARLO~1\APPLIC~1\AdobeUM
[06/04/2006|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\Ahead
[15/03/2009|19:31] C:\DOCUME~1\CHARLO~1\APPLIC~1\Apple Computer
[26/04/2006|11:15] C:\DOCUME~1\CHARLO~1\APPLIC~1\ArcSoft
[31/12/2008|16:05] C:\DOCUME~1\CHARLO~1\APPLIC~1\Autodesk
[03/03/2009|11:15] C:\DOCUME~1\CHARLO~1\APPLIC~1\dvdcss
[21/09/2008|23:11] C:\DOCUME~1\CHARLO~1\APPLIC~1\EoRezo
[08/12/2008|13:40] C:\DOCUME~1\CHARLO~1\APPLIC~1\EPSON
[25/06/2008|16:35] C:\DOCUME~1\CHARLO~1\APPLIC~1\FireBox Mixer
[19/09/2007|18:45] C:\DOCUME~1\CHARLO~1\APPLIC~1\Google
[27/09/2007|19:06] C:\DOCUME~1\CHARLO~1\APPLIC~1\Graphisoft
[28/09/2007|00:20] C:\DOCUME~1\CHARLO~1\APPLIC~1\Help
[05/11/2006|18:38] C:\DOCUME~1\CHARLO~1\APPLIC~1\HP
[06/04/2006|10:35] C:\DOCUME~1\CHARLO~1\APPLIC~1\Identities
[29/03/2009|22:00] C:\DOCUME~1\CHARLO~1\APPLIC~1\Image Zone Express
[08/12/2008|13:20] C:\DOCUME~1\CHARLO~1\APPLIC~1\InstallShield
[18/09/2008|09:11] C:\DOCUME~1\CHARLO~1\APPLIC~1\ItsLabel
[19/04/2006|16:28] C:\DOCUME~1\CHARLO~1\APPLIC~1\Macromedia
[09/09/2008|12:28] C:\DOCUME~1\CHARLO~1\APPLIC~1\Malwarebytes
[12/12/2008|16:09] C:\DOCUME~1\CHARLO~1\APPLIC~1\Microsoft
[07/12/2008|15:03] C:\DOCUME~1\CHARLO~1\APPLIC~1\Mozilla
[31/03/2009|20:44] C:\DOCUME~1\CHARLO~1\APPLIC~1\nidle
[25/02/2009|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\pdfforge
[25/03/2009|14:36] C:\DOCUME~1\CHARLO~1\APPLIC~1\Samsung
[25/02/2009|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings
[29/02/2008|20:55] C:\DOCUME~1\CHARLO~1\APPLIC~1\Skype
[25/06/2008|15:45] C:\DOCUME~1\CHARLO~1\APPLIC~1\Steinberg
[27/09/2007|16:31] C:\DOCUME~1\CHARLO~1\APPLIC~1\Sun
[11/02/2009|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\U3
[25/06/2008|17:13] C:\DOCUME~1\CHARLO~1\APPLIC~1\Ulead Systems
[07/04/2006|14:39] C:\DOCUME~1\CHARLO~1\APPLIC~1\vlc

[06/04/2006|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[30/03/2009|22:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[30/03/2009|22:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[10/12/2006|23:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[06/04/2006|10:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[05/05/2008 07:48][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[31/03/2009 23:00][--a------] C:\WINDOWS\tasks\At48.job
[31/03/2009 20:00][--a------] C:\WINDOWS\tasks\At45.job
[31/03/2009 22:00][--a------] C:\WINDOWS\tasks\At47.job
[31/03/2009 21:00][--a------] C:\WINDOWS\tasks\At46.job
[28/03/2009 19:00][--a------] C:\WINDOWS\tasks\At43.job
[29/03/2009 17:00][--a------] C:\WINDOWS\tasks\At42.job
[29/03/2009 19:00][--a------] C:\WINDOWS\tasks\At44.job
[26/03/2009 15:00][--a------] C:\WINDOWS\tasks\At39.job
[27/03/2009 16:00][--a------] C:\WINDOWS\tasks\At40.job
[29/03/2009 16:00][--a------] C:\WINDOWS\tasks\At41.job
[29/03/2009 13:00][--a------] C:\WINDOWS\tasks\At38.job
[31/03/2009 10:00][--a------] C:\WINDOWS\tasks\At35.job
[31/03/2009 12:00][--a------] C:\WINDOWS\tasks\At37.job
[31/03/2009 11:00][--a------] C:\WINDOWS\tasks\At36.job
[01/09/2007 13:02][--a------] C:\WINDOWS\tasks\At32.job
[04/10/2008 08:00][--a------] C:\WINDOWS\tasks\At33.job
[23/02/2009 10:00][--a------] C:\WINDOWS\tasks\At34.job
[01/09/2007 13:02][--a------] C:\WINDOWS\tasks\At31.job
[09/05/2008 04:00][--a------] C:\WINDOWS\tasks\At29.job
[09/05/2008 05:00][--a------] C:\WINDOWS\tasks\At30.job
[01/04/2009 00:00][--a------] C:\WINDOWS\tasks\At25.job
[23/11/2008 03:00][--a------] C:\WINDOWS\tasks\At27.job
[29/11/2008 04:00][--a------] C:\WINDOWS\tasks\At28.job
[24/03/2009 02:00][--a------] C:\WINDOWS\tasks\At26.job
[31/03/2009 22:00][--a------] C:\WINDOWS\tasks\At23.job
[31/03/2009 23:00][--a------] C:\WINDOWS\tasks\At24.job
[31/03/2009 21:00][--a------] C:\WINDOWS\tasks\At22.job
[31/03/2009 20:00][--a------] C:\WINDOWS\tasks\At21.job
[28/03/2009 19:00][--a------] C:\WINDOWS\tasks\At19.job
[29/03/2009 19:00][--a------] C:\WINDOWS\tasks\At20.job
[29/03/2009 17:00][--a------] C:\WINDOWS\tasks\At18.job
[29/03/2009 16:00][--a------] C:\WINDOWS\tasks\At17.job
[27/03/2009 16:00][--a------] C:\WINDOWS\tasks\At16.job
[26/03/2009 15:00][--a------] C:\WINDOWS\tasks\At15.job
[29/03/2009 13:00][--a------] C:\WINDOWS\tasks\At14.job
[31/03/2009 12:00][--a------] C:\WINDOWS\tasks\At13.job
[31/03/2009 10:00][--a------] C:\WINDOWS\tasks\At11.job
[23/02/2009 10:00][--a------] C:\WINDOWS\tasks\At10.job
[31/03/2009 11:00][--a------] C:\WINDOWS\tasks\At12.job
[04/10/2008 08:00][--a------] C:\WINDOWS\tasks\At9.job
[30/06/2007 07:00][--a------] C:\WINDOWS\tasks\At8.job
[17/06/2007 15:32][--a------] C:\WINDOWS\tasks\At7.job
[09/05/2008 04:00][--a------] C:\WINDOWS\tasks\At5.job
[09/05/2008 05:00][--a------] C:\WINDOWS\tasks\At6.job
[29/11/2008 04:00][--a------] C:\WINDOWS\tasks\At4.job
[23/11/2008 03:00][--a------] C:\WINDOWS\tasks\At3.job
[24/03/2009 02:00][--a------] C:\WINDOWS\tasks\At2.job
[01/04/2009 00:00][--a------] C:\WINDOWS\tasks\At1.job
[31/03/2009 23:58][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/08/2001 14:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[09/12/2008|21:38] C:\Program Files\ABBYY FineReader 6.0 Sprint
[24/06/2008|22:56] C:\Program Files\adaptateur firewire INDEO
[25/06/2008|18:59] C:\Program Files\Adobe
[26/04/2008|15:31] C:\Program Files\Apple Software Update
[26/03/2009|23:29] C:\Program Files\ArchiCAD 12
[06/04/2006|10:55] C:\Program Files\ASUSTek
[31/12/2008|16:09] C:\Program Files\AutoCAD 2008
[24/03/2009|00:56] C:\Program Files\Autodesk Revit Building 8.1
[31/12/2008|16:02] C:\Program Files\Autodesk, 3DS max
[25/03/2009|17:37] C:\Program Files\BitComet
[20/01/2008|22:26] C:\Program Files\Bonjour
[27/06/2008|19:08] C:\Program Files\CARTE SON
[06/04/2006|10:55] C:\Program Files\CyberLink
[25/06/2008|15:22] C:\Program Files\Cycling '74
[08/12/2008|13:25] C:\Program Files\epson
[31/03/2009|12:59] C:\Program Files\ESET
[25/03/2009|17:38] C:\Program Files\Fichiers communs
[12/12/2006|11:08] C:\Program Files\Free
[21/02/2009|20:20] C:\Program Files\Google
[16/10/2008|18:52] C:\Program Files\Google SketchUp 6
[24/09/2008|11:20] C:\Program Files\Graphisoft
[31/03/2009|11:27] C:\Program Files\HijackThis
[09/11/2007|23:36] C:\Program Files\HP
[06/04/2006|12:30] C:\Program Files\HPQ
[11/12/2008|22:30] C:\Program Files\InstallShield Installation Information
[06/04/2006|12:14] C:\Program Files\Intel
[20/12/2008|10:56] C:\Program Files\Internet Explorer
[26/04/2008|14:50] C:\Program Files\iPod
[26/04/2008|14:50] C:\Program Files\iTunes
[27/09/2007|16:32] C:\Program Files\Java
[06/04/2006|10:21] C:\Program Files\microsoft frontpage
[26/04/2006|11:36] C:\Program Files\Microsoft IntelliPoint
[31/12/2008|16:00] C:\Program Files\Microsoft Office
[06/04/2006|12:47] C:\Program Files\Microsoft Visual Studio
[06/04/2006|12:47] C:\Program Files\Microsoft Works
[06/04/2006|12:51] C:\Program Files\Microsoft.NET
[20/02/2009|18:55] C:\Program Files\Movie Maker
[01/04/2009|00:00] C:\Program Files\Mozilla Firefox
[20/12/2008|11:28] C:\Program Files\MSBuild
[06/04/2006|10:15] C:\Program Files\MSN
[06/04/2006|10:16] C:\Program Files\MSN Gaming Zone
[26/02/2007|23:51] C:\Program Files\MSN Messenger
[06/04/2006|11:59] C:\Program Files\Nero
[06/04/2006|10:18] C:\Program Files\NetMeeting
[06/04/2006|10:18] C:\Program Files\Outlook Express
[25/02/2009|11:58] C:\Program Files\PDFCreator
[25/02/2009|11:57] C:\Program Files\pdfforge Toolbar
[02/03/2008|23:29] C:\Program Files\PeerGuardian2
[25/03/2009|14:34] C:\Program Files\photoshop
[29/06/2008|18:30] C:\Program Files\PIXELA
[12/12/2008|11:09] C:\Program Files\postit
[25/06/2008|15:15] C:\Program Files\PreSonus-carte son
[26/04/2008|14:44] C:\Program Files\QuickTime
[20/12/2008|11:14] C:\Program Files\Reference Assemblies
[20/12/2008|10:44] C:\Program Files\Rhinoceros 4.0
[06/04/2006|12:34] C:\Program Files\Sigmatel
[07/11/2007|23:16] C:\Program Files\Sony Corporation
[25/06/2008|15:47] C:\Program Files\Steinberg
[25/06/2008|15:45] C:\Program Files\Syncrosoft
[31/03/2009|11:28] C:\Program Files\Trend Micro
[06/04/2006|10:35] C:\Program Files\Uninstall Information
[06/04/2006|10:55] C:\Program Files\VideoLAN
[27/09/2007|16:54] C:\Program Files\WIBUKEY
[27/09/2007|16:54] C:\Program Files\WIBU-SYSTEMS
[25/06/2008|15:04] C:\Program Files\Windows Media Components
[02/01/2007|20:03] C:\Program Files\Windows Media Connect 2
[30/12/2006|19:25] C:\Program Files\Windows Media Player
[06/04/2006|10:15] C:\Program Files\Windows NT
[06/04/2006|10:19] C:\Program Files\WindowsUpdate
[28/09/2007|00:20] C:\Program Files\WinRAR
[06/04/2006|10:21] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[10/01/2008|22:10] C:\Program Files\Fichiers communs\Adobe
[10/11/2007|00:11] C:\Program Files\Fichiers communs\Adobe Systems Shared
[06/04/2006|11:59] C:\Program Files\Fichiers communs\Ahead
[06/07/2007|09:41] C:\Program Files\Fichiers communs\Apple
[26/04/2006|11:04] C:\Program Files\Fichiers communs\ArcSoft
[24/03/2009|00:57] C:\Program Files\Fichiers communs\Autodesk Shared
[25/06/2008|15:22] C:\Program Files\Fichiers communs\Cycling '74
[31/12/2008|16:01] C:\Program Files\Fichiers communs\DESIGNER
[25/06/2008|15:22] C:\Program Files\Fichiers communs\Digidesign
[05/11/2006|18:32] C:\Program Files\Fichiers communs\Hewlett-Packard
[05/11/2006|18:37] C:\Program Files\Fichiers communs\HP
[25/06/2008|15:03] C:\Program Files\Fichiers communs\InstallShield
[27/09/2007|16:32] C:\Program Files\Fichiers communs\Java
[01/12/2007|13:56] C:\Program Files\Fichiers communs\Macrovision Shared
[31/12/2008|16:00] C:\Program Files\Fichiers communs\Microsoft Shared
[06/04/2006|10:18] C:\Program Files\Fichiers communs\MSSoap
[07/11/2007|23:16] C:\Program Files\Fichiers communs\muvee Technologies
[06/04/2006|12:10] C:\Program Files\Fichiers communs\ODBC
[06/04/2006|10:18] C:\Program Files\Fichiers communs\Services
[26/04/2006|11:04] C:\Program Files\Fichiers communs\SPC610NC
[06/04/2006|12:10] C:\Program Files\Fichiers communs\SpeechEngines
[06/04/2006|12:46] C:\Program Files\Fichiers communs\System
[25/06/2008|15:03] C:\Program Files\Fichiers communs\Ulead Systems

--------------------\\ Process

( 61 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 00:58:23
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
? [9188]
? [31360]
scanning hidden files ...
C:\WINDOWS\System32\Install.txt
scan completed successfully
hidden processes: 2
hidden files: 535

--------------------\\ Recherche d'autres infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

C:\WINDOWS\system32\yHkjlnnn.ini
C:\WINDOWS\system32\yHkjlnnn.ini2
C:\WINDOWS\system32\nnnljkHy.dll.vir
[b]==> VUNDO <==/b

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\CHARLO~1\Mes documents\Torrents\BitComet\Torrents\Rhinoceros 3.0+crack.rar.torrent
C:\DOCUME~1\CHARLO~1\Recent\Google.SketchUp.Pro.6.KeyGen-acme (2).lnk


[F:6649][D:318]-> C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
[F:2][D:0]-> C:\DOCUME~1\CHARLO~1\Cookies
[F:56][D:5]-> C:\DOCUME~1\CHARLO~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 31/03/2009|23:52 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 01/04/2009| 1:13 - Option : [2]
0
Réponse 27 / 47
CharlieMusic Messages postés 30 Date d'inscription mardi 31 mars 2009 Statut Membre Dernière intervention 4 avril 2009
1 avril 2009 à 11:30
et voici le rapport après SDFIX

[b]SDFix: Version 1.240 [/b]
Run by Charlotte on 01/04/2009 at 10:12

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

[b]Name [/b]:
restore

[b]Path [/b]:
\??\C:\WINDOWS\system32\drivers\restore.sys

restore - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\Charlotte\Local Settings\Temp\Google Toolbar\gtb2F9.tmp.exe - Deleted
C:\WINDOWS\system32\w.exe - Deleted
C:\WINDOWS\system32\2.tmp - Deleted
C:\WINDOWS\system32\3.tmp - Deleted
C:\WINDOWS\system32\5.tmp - Deleted
C:\WINDOWS\system32\7.tmp - Deleted
C:\WINDOWS\system32\2.tmp - Deleted
C:\A.tmp - Deleted
C:\WINDOWS\services.exe - Deleted
C:\WINDOWS\system32\comsa32.sys - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 11:15:27
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Documents and Settings\\Charlotte\\Mes documents\\Torrents\\BitComet\\BitComet.exe"="C:\\Documents and Settings\\Charlotte\\Mes documents\\Torrents\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\WIBUKEY\\Server\\WkSvW32.exe"="C:\\Program Files\\WIBUKEY\\Server\\WkSvW32.exe:*:Enabled:WIBU-KEY Network Server"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\ArchiCAD 11\\ArchiCAD 11\\ArchiCAD.exe"="C:\\Program Files\\ArchiCAD 11\\ArchiCAD 11\\ArchiCAD.exe:*:Enabled:ArchiCAD 11.0.0 Component"
"C:\\Program Files\\ArchiCAD 12\\ArchiCAD.exe"="C:\\Program Files\\ArchiCAD 12\\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component"
"C:\\Downloads\\Memo\\Memo.exe"="C:\\Downloads\\Memo\\Memo.exe:*:Enabled:Desktop tool"
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"
"C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exe:*:Enabled:lsass"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"
"C:\\WINDOWS\\system32\\services.exe"="C:\\WINDOWS\\system32\\services.exe:*:Enabled:services"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:RUNDLL32"
"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe:*:Enabled:GoogleToolbarNotifier"
"C:\\Documents and Settings\\Charlotte\\Local Settings\\Temp\\Google Toolbar\\gtb2F9.tmp.exe"="C:\\Documents and Settings\\Charlotte\\Local Settings\\Temp\\Google Toolbar\\gtb2F9.tmp.exe:*:Enabled:gtb2F9.tmp"
"C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"="C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7DEBUG\\MDM.EXE:*:Enabled:MDM"
"C:\\Program Files\\ESET\\nod32krn.exe"="C:\\Program Files\\ESET\\nod32krn.exe:*:Enabled:nod32krn"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\\WINDOWS\\system32\\3361\\svchost.exe"="C:\\WINDOWS\\system32\\3361\\svchost.exe:*:Enabled:SVCHOST.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 30 Mar 2009 125,724 ..SHR --- "C:\RECYCLER\S-1-5-21-0519043935-3322464399-006458258-7844\hd1.exe"
Thu 6 Apr 2006 56 ..SHR --- "C:\WINDOWS\system32\53A3F24E55.sys"
Thu 19 Mar 2009 141,824 A.SH. --- "C:\WINDOWS\system32\ascjsa.dll"
--- 64,743 A.SH. --- "C:\WINDOWS\system32\begimepo.dll.tmp"
Fri 6 Mar 2009 2,157 ..SH. --- "C:\WINDOWS\system32\bidapako.dll"
Sun 29 Mar 2009 61,440 A.SH. --- "C:\WINDOWS\system32\bisoloku.exe"
Sun 8 Feb 2009 72,413 A.SH. --- "C:\WINDOWS\system32\buhegavu.dll"
--- 67,072 A.SH. --- "C:\WINDOWS\system32\buyaneju.dll.tmp"
Tue 17 Mar 2009 142,848 A.SH. --- "C:\WINDOWS\system32\dahovibo.dll"
Fri 27 Feb 2009 4,096 ..SH. --- "C:\WINDOWS\system32\dejufedu.dll"
Wed 4 Mar 2009 70,892 A.SH. --- "C:\WINDOWS\system32\derinade.dll"
Tue 10 Mar 2009 106,496 A.SH. --- "C:\WINDOWS\system32\dojapode.dll"
--- 107,520 A.SH. --- "C:\WINDOWS\system32\dotipiwu.dll"
--- 94,208 A.SH. --- "C:\WINDOWS\system32\dowileyi.dll"
Sat 21 Mar 2009 141,312 A.SH. --- "C:\WINDOWS\system32\dtxjyi.dll"
Thu 26 Feb 2009 23,247 ..SH. --- "C:\WINDOWS\system32\dunuhobu.dll"
--- 94,208 A.SH. --- "C:\WINDOWS\system32\duweweba.dll"
Fri 20 Mar 2009 141,824 A.SH. --- "C:\WINDOWS\system32\fagsaa.dll"
Thu 5 Mar 2009 107,520 A.SH. --- "C:\WINDOWS\system32\fayebuzu.dll"
Tue 31 Mar 2009 84,768 A.SH. --- "C:\WINDOWS\system32\fegusire.exe"
Wed 25 Mar 2009 100,864 A.SH. --- "C:\WINDOWS\system32\foyorere.dll"
Tue 31 Mar 2009 522 ..SH. --- "C:\WINDOWS\system32\getovojo.exe"
Fri 6 Mar 2009 105,984 A.SH. --- "C:\WINDOWS\system32\gitadumi.dll"
--- 108,544 A.SH. --- "C:\WINDOWS\system32\goputomo.dll"
Mon 23 Mar 2009 107,520 A.SH. --- "C:\WINDOWS\system32\guvodudi.dll"
Tue 3 Mar 2009 23,307 ..SH. --- "C:\WINDOWS\system32\hilemebu.dll"
--- 142,336 A.SH. --- "C:\WINDOWS\system32\hivezuto.dll"
Thu 22 Jan 2009 65,321 A.SH. --- "C:\WINDOWS\system32\hodajupi.dll"
Sun 15 Mar 2009 23,450 ..SH. --- "C:\WINDOWS\system32\hosezora.dll"
--- 73,924 A.SH. --- "C:\WINDOWS\system32\hovogove.dll"
Tue 24 Mar 2009 2,157 ..SH. --- "C:\WINDOWS\system32\jaguwuyi.exe"
--- 108,544 A.SH. --- "C:\WINDOWS\system32\jazejumi.dll"
Tue 31 Mar 2009 99,840 A.SH. --- "C:\WINDOWS\system32\jazijase.dll"
Sat 21 Mar 2009 141,312 A.SH. --- "C:\WINDOWS\system32\jazuyana.dll"
Sat 28 Mar 2009 105,472 A.SH. --- "C:\WINDOWS\system32\jelukahu.dll"
Tue 31 Mar 2009 105,472 A.SH. --- "C:\WINDOWS\system32\jobagiyu.dll"
--- 64,743 A.SH. --- "C:\WINDOWS\system32\josoguyi.dll.tmp"
Thu 19 Mar 2009 106,496 A.SH. --- "C:\WINDOWS\system32\junefare.dll"
Sat 21 Mar 2009 106,496 A.SH. --- "C:\WINDOWS\system32\juriyuyi.dll"
--- 142,336 A.SH. --- "C:\WINDOWS\system32\kavumefe.dll"
Mon 10 Apr 2006 6,372 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 25 Mar 2009 107,008 A.SH. --- "C:\WINDOWS\system32\kimulizi.dll"
Thu 26 Feb 2009 23,307 ..SH. --- "C:\WINDOWS\system32\kirenalo.dll"
Mon 30 Mar 2009 99,840 A.SH. --- "C:\WINDOWS\system32\kivereza.dll"
Mon 30 Mar 2009 61,440 A.SH. --- "C:\WINDOWS\system32\kivigoru.exe"
Sat 10 Jan 2009 66,860 A.SH. --- "C:\WINDOWS\system32\kozibala.dll"
Sun 15 Mar 2009 4,096 ..SH. --- "C:\WINDOWS\system32\lakovazo.dll"
--- 143,360 A.SH. --- "C:\WINDOWS\system32\lejorude.dll"
Wed 18 Mar 2009 140,800 A.SH. --- "C:\WINDOWS\system32\lsgysp.dll"
Sat 21 Feb 2009 109,825 A.SH. --- "C:\WINDOWS\system32\lutovute.dll"
Fri 16 Jan 2009 64,743 A.SH. --- "C:\WINDOWS\system32\luyenofe.dll"
--- 11,264 A.SH. --- "C:\WINDOWS\system32\marujate.dll"
Fri 6 Mar 2009 2,157 ..SH. --- "C:\WINDOWS\system32\meridewa.dll"
Fri 20 Mar 2009 107,520 A.SH. --- "C:\WINDOWS\system32\meyeyihi.dll"
Tue 31 Mar 2009 99,840 A.SH. --- "C:\WINDOWS\system32\modubelo.dll"
Tue 31 Mar 2009 105,472 A.SH. --- "C:\WINDOWS\system32\mokuheva.dll"
--- 67,072 A.SH. --- "C:\WINDOWS\system32\munokesu.dll.tmp"
Wed 11 Mar 2009 108,032 A.SH. --- "C:\WINDOWS\system32\muwatibi.dll"
--- 142,336 A.SH. --- "C:\WINDOWS\system32\nadusifa.dll"
Tue 10 Feb 2009 72,380 A.SH. --- "C:\WINDOWS\system32\navifaya.dll"
Tue 31 Mar 2009 84,768 A.SH. --- "C:\WINDOWS\system32\nifodiyu.exe"
--- 108,544 A.SH. --- "C:\WINDOWS\system32\nohisoye.dll"
--- 107,520 A.SH. --- "C:\WINDOWS\system32\noweripe.dll"
Tue 31 Mar 2009 105,472 A.SH. --- "C:\WINDOWS\system32\nuvoyijo.dll"
Mon 23 Mar 2009 140,800 A.SH. --- "C:\WINDOWS\system32\ooytoc.dll"
Sat 28 Mar 2009 61,440 A.SH. --- "C:\WINDOWS\system32\panasoba.exe"
--- 73,924 A.SH. --- "C:\WINDOWS\system32\payezavu.dll"
--- 73,924 A.SH. --- "C:\WINDOWS\system32\pejokehe.dll"
Thu 5 Feb 2009 72,982 A.SH. --- "C:\WINDOWS\system32\pisuvedi.dll"
--- 108,544 A.SH. --- "C:\WINDOWS\system32\pohudodi.dll"
Thu 5 Mar 2009 107,008 A.SH. --- "C:\WINDOWS\system32\polekove.dll"
Sun 22 Feb 2009 2,157 ..SH. --- "C:\WINDOWS\system32\raferafo.dll"
Fri 9 Jan 2009 2,157 ..SH. --- "C:\WINDOWS\system32\ribegaja.exe"
--- 64,743 A.SH. --- "C:\WINDOWS\system32\rigiwoti.dll.tmp"
Mon 30 Mar 2009 105,472 A.SH. --- "C:\WINDOWS\system32\rijilutu.dll"
Tue 17 Mar 2009 108,032 A.SH. --- "C:\WINDOWS\system32\roliwiza.dll"
--- 107,520 A.SH. --- "C:\WINDOWS\system32\rufupiba.dll"
Tue 31 Mar 2009 105,472 A.SH. --- "C:\WINDOWS\system32\ruludoji.dll"
--- 94,208 A.SH. --- "C:\WINDOWS\system32\rupetapa.dll"
Sat 7 Mar 2009 107,008 A.SH. --- "C:\WINDOWS\system32\segivubo.dll"
Sun 22 Feb 2009 2,157 ..SH. --- "C:\WINDOWS\system32\semajosu.dll"
Wed 18 Mar 2009 107,520 A.SH. --- "C:\WINDOWS\system32\sidikeyu.dll"
--- 46,080 A.SH. --- "C:\WINDOWS\system32\sifajade.dll"
--- 70,892 A.SH. --- "C:\WINDOWS\system32\siruguhu.dll"
--- 70,892 A.SH. --- "C:\WINDOWS\system32\soziredo.dll"
Wed 28 Jan 2009 63,703 A.SH. --- "C:\WINDOWS\system32\takamegu.dll"
Sun 22 Mar 2009 142,336 A.SH. --- "C:\WINDOWS\system32\tebutago.dll"
Sun 8 Mar 2009 108,032 A.SH. --- "C:\WINDOWS\system32\temekatu.dll"
Wed 4 Mar 2009 107,520 A.SH. --- "C:\WINDOWS\system32\tigefeki.dll"
Sun 29 Mar 2009 105,472 A.SH. --- "C:\WINDOWS\system32\tipifipo.dll"
--- 107,520 A.SH. --- "C:\WINDOWS\system32\torajigu.dll"
Fri 20 Mar 2009 141,824 A.SH. --- "C:\WINDOWS\system32\tukuhegu.dll"
Fri 27 Mar 2009 104,960 A.SH. --- "C:\WINDOWS\system32\vabazaja.dll"
Sun 22 Feb 2009 2,157 ..SH. --- "C:\WINDOWS\system32\vewalimu.dll"
Mon 23 Mar 2009 140,800 A.SH. --- "C:\WINDOWS\system32\vivuyayo.dll"
Wed 18 Mar 2009 140,800 A.SH. --- "C:\WINDOWS\system32\vubuvuha.dll"
Thu 19 Mar 2009 141,824 A.SH. --- "C:\WINDOWS\system32\wafiguvu.dll"
--- 143,360 A.SH. --- "C:\WINDOWS\system32\wapifiwa.dll"
--- 142,336 A.SH. --- "C:\WINDOWS\system32\wezewugi.dll"
Tue 31 Mar 2009 104,448 A.SH. --- "C:\WINDOWS\system32\wifokuvi.dll"
Tue 3 Mar 2009 23,309 ..SH. --- "C:\WINDOWS\system32\wigimogo.dll"
Tue 20 Jan 2009 64,221 A.SH. --- "C:\WINDOWS\system32\wijuhalu.dll"
Tue 31 Mar 2009 99,840 A.SH. --- "C:\WINDOWS\system32\wiwejive.dll"
--- 107,520 A.SH. --- "C:\WINDOWS\system32\wiyirive.dll"
Tue 3 Feb 2009 63,690 A.SH. --- "C:\WINDOWS\system32\wudifobu.dll"
--- 107,520 A.SH. --- "C:\WINDOWS\system32\wulubuvo.dll"
Tue 2 Jan 2007 9 A..H. --- "C:\WINDOWS\system32\wxmmin.dll"
Tue 17 Mar 2009 142,848 A.SH. --- "C:\WINDOWS\system32\xywxoa.dll"
Sun 22 Mar 2009 106,496 A.SH. --- "C:\WINDOWS\system32\yakivase.dll"
--- 142,336 A.SH. --- "C:\WINDOWS\system32\yasijote.dll"
Mon 30 Mar 2009 61,440 A.SH. --- "C:\WINDOWS\system32\yekotafo.exe"
Fri 27 Mar 2009 61,440 A.SH. --- "C:\WINDOWS\system32\yeruduki.exe"
Mon 26 Jan 2009 70,818 A.SH. --- "C:\WINDOWS\system32\yezidayo.dll"
Sun 22 Mar 2009 142,336 A.SH. --- "C:\WINDOWS\system32\yznzzh.dll"
--- 142,336 A.SH. --- "C:\WINDOWS\system32\zehigipu.dll"
Fri 20 Feb 2009 108,849 A.SH. --- "C:\WINDOWS\system32\zeraseba.dll"
Thu 12 Feb 2009 73,924 A.SH. --- "C:\WINDOWS\system32\zezosivi.dll"
Sun 22 Feb 2009 2,157 ..SH. --- "C:\WINDOWS\system32\zibibozi.dll"
--- 67,072 A.SH. --- "C:\WINDOWS\system32\zitajalu.dll.tmp"
--- 70,892 A.SH. --- "C:\WINDOWS\system32\zitakihu.dll"
Sun 16 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 30 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 12 Feb 2007 3,117,056 A..H. --- "C:\Documents and Settings\Charlotte\Application Data\U3\temp\Launchpad Removal.exe"

[b]Finished![/b]
0
Réponse 28 / 47
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
1 avril 2009 à 13:33
Bien ...


on continue .... dans l'orre :


1- Télécharge CCleaner :
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
ou https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "français" en langue .
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm


---> Utilisation:
*Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures .

! déconnecte toi et ferme toutes applications en cours !

* va dans "nettoyeur" : fais -analyse- puis -nettoyage-
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )


=============================

2- Télécharge MalwareByte's :
ici http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
ou ici : http://www.malwarebytes.org/mbam.php

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'instale ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
accompagné d'un nouveau rapport RSIT pour analyse ...




0
Réponse 29 / 47
CharlieMusic Messages postés 30 Date d'inscription mardi 31 mars 2009 Statut Membre Dernière intervention 4 avril 2009
2 avril 2009 à 00:23
j'ai fait les étapes comme prévu mais ca bugé à l'étape de mise en quarantaine ds le prg malware....je l'ai du cou arrêté et fais un rapport rsit, le voici :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Charlotte at 2009-04-02 00:17:29
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 11 GB (11%) free of 95 GB
Total RAM: 1022 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:16, on 31/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afisicx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\BN1.tmp
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\3361\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\mdm32.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\n9sq5h7g.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\3652853832.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\n9sq5h7g.exe
C:\Documents and Settings\Charlotte\reader_s.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Charlotte\reader_s.exe
C:\Documents and Settings\Charlotte\Application Data\nidle\nidle.exe
C:\WINDOWS\system32\tdctxte.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\VPro610.exe
C:\WINDOWS\system32\mstd.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\n9sq5h7g.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\n9sq5h7g.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\n9sq5h7g.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\n9sq5h7g.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\n9sq5h7g.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\n9sq5h7g.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\Charlotte.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.13.6:3333
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: C:\WINDOWS\system32\nhser43uhjnefr.dll - {C2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32\nhser43uhjnefr.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {f3ce92c3-e612-4370-bfbe-d19c0ce2d438} - C:\WINDOWS\system32\siruguhu.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\svchost.exe"
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [CPMf73825c5] Rundll32.exe "c:\windows\system32\wifokuvi.dll",a
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\svchost.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [HardTruckTycoonSetup.exe] C:\DOCUME~1\CHARLO~1\Bureau\HARDTR~1.EXE /r
O4 - HKCU\..\Run: [Tons Corn] C:\DOCUME~1\CHARLO~1\APPLIC~1\MATHCD~1\list proxy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SDF8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\3652853832.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Charlotte\reader_s.exe
O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Charlotte\Application Data\nidle\nidle.exe" 61A847B5BBF72813329B38557AFA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [] C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\n9sq5h7g.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\n9sq5h7g.exe
O4 - HKUS\S-1-5-19\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\j90gb547.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Charlotte\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\j90gb547.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\postit\PsnLite.exe
O4 - Global Startup: VProperty.lnk = C:\WINDOWS\VPro610.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D5D30A68-E230-49D9-B4D5-BF7532692945} (CDiscountObj Class) - https://order.cdiscount.com/Account/LoginLight.html?referrer=https://clients.cdiscount.com%2Ferror%2F404.aspx%3F404%3Bhttp%3A%2F%2Fclients.cdiscount.com%3A100%2Forder%2Ftechcity%2Factivex%2Fcdiscount.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL (file missing)
O20 - AppInit_DLLs: jat.dll kbiihf.dll C:\WINDOWS\system32\zitakihu.dll xywxoa.dll lsgysp.dll ascjsa.dll fagsaa.dll dtxjyi.dll yznzzh.dll ooytoc.dll c:\windows\system32\fifugiku.dll c:\windows\system32\wifokuvi.dll
O20 - Winlogon Notify: efcYRjIA - efcYRjIA.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wifokuvi.dll
O22 - SharedTaskScheduler: kjm6t5rinmhp8o87t7r6gh - {C2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32\nhser43uhjnefr.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wifokuvi.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 30 / 47
CharlieMusic Messages postés 30 Date d'inscription mardi 31 mars 2009 Statut Membre Dernière intervention 4 avril 2009
2 avril 2009 à 00:47
j'ai réussi à fait malware jusqu'au bout...je l'ai fais 2 fois d'affilé (la premire fois il y avait envirion 160 infections et la deuxième fois 1 seule) voici le rapport malware:
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1904
Windows 5.1.2600 Service Pack 2

02/04/2009 00:44:29
mbam-log-2009-04-02 (00-44-29).txt

Type de recherche: Examen rapide
Eléments examinés: 68607
Temps écoulé: 3 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 31 / 47
CharlieMusic Messages postés 30 Date d'inscription mardi 31 mars 2009 Statut Membre Dernière intervention 4 avril 2009
2 avril 2009 à 00:47
et le rsit qui a suivi :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Charlotte at 2009-04-02 00:44:45
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 11 GB (11%) free of 95 GB
Total RAM: 1022 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:40:14, on 02/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mstd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\VPro610.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\Charlotte.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\HPZipm12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.13.6:3333
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {C2BA40A2-74F3-42BD-F434-2604812C8954} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SDF8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BitComet] "C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\j90gb547.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\j90gb547.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\postit\PsnLite.exe
O4 - Global Startup: VProperty.lnk = C:\WINDOWS\VPro610.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D5D30A68-E230-49D9-B4D5-BF7532692945} - https://order.cdiscount.com/Account/LoginLight.html?referrer=https://clients.cdiscount.com%2Ferror%2F404.aspx%3F404%3Bhttp%3A%2F%2Fclients.cdiscount.com%3A100%2Forder%2Ftechcity%2Factivex%2Fcdiscount.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - AppInit_DLLs: jat.dll kbiihf.dll xywxoa.dll lsgysp.dll ascjsa.dll fagsaa.dll dtxjyi.dll yznzzh.dll ooytoc.dll c:\windows\system32\fifugiku.dll
O20 - Winlogon Notify: efcYRjIA - efcYRjIA.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 32 / 47
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 avril 2009 à 07:57
Re,

la premire fois il y avait envirion 160 infections

-> il me faut le rapport correspondant à ce scan là stp ! .... ^^


Puis fais ce qui suit dans l'ordre :



1- Refait un coup de CCleaner ( registre compris )


==================================


2- Télécharge ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
--------------------------------------------------------------------------------------------


Ensuite :
double-clique sur l'icône "combofix.exe" pour lancer l'outil .

Appuie sur la touche Y (Yes) pour démarrer le scan .

Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée ici : C:\Combofix.txt

Réactive bien tes défenses .


Poste le rapport Combofix pour analyse et attends la suite ...


0
Réponse 33 / 47
CharlieMusic Messages postés 30 Date d'inscription mardi 31 mars 2009 Statut Membre Dernière intervention 4 avril 2009
2 avril 2009 à 09:44
voila le rapport des 166 erreurs...je continue le reste :)
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1904
Windows 5.1.2600 Service Pack 2

02/04/2009 00:34:48
mbam-log-2009-04-02 (00-34-48).txt

Type de recherche: Examen rapide
Eléments examinés: 70405
Temps écoulé: 5 minute(s), 40 second(s)

Processus mémoire infecté(s): 7
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 47
Valeur(s) du Registre infectée(s): 15
Elément(s) de données du Registre infecté(s): 12
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 166

Processus mémoire infecté(s):
C:\Documents and Settings\Charlotte\Application Data\nidle\nidle.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Charlotte\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\tdctxte.exe (Backdoor.Bot) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\magagovi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zitakihu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\siruguhu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\soziredo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\kofidutu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kbiihf.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\wifokuvi.dll (Trojan.BHO) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3ce92c3-e612-4370-bfbe-d19c0ce2d438} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f3ce92c3-e612-4370-bfbe-d19c0ce2d438} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2ba40a2-74f3-42bd-f434-2604812c8954} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f3ce92c3-e612-4370-bfbe-d19c0ce2d438} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{92efcd14-3d4e-416d-a100-37d8804861f6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{92efcd14-3d4e-416d-a100-37d8804861f6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12f879aa-5626-47e2-beec-c155d44b719d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12f879aa-5626-47e2-beec-c155d44b719d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA (Adware.TargetSaver) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\softyinforwow1 (Trojan.PWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OKME\softyinforwow1 (Trojan.PWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f40b1659 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lodohiweti (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmf73825c5 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c2ba40a2-74f3-42bd-f434-2604812c8954} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nidle (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\services (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zitakihu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\zitakihu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zitakihu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kofidutu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kofidutu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\wifokuvi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\wifokuvi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnljkhy -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\Application Data\nidle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Jcore (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\bapduhlo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olhudpab.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\beziseno.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\onesizeb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bkwossmh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hmssowkb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blqssabn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nbassqlb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbslubxk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kxbulsbd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fupipivo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovipipuf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\glflauix.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xiualflg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iiprkqcn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ncqkrpii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ikgknbir.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ribnkgki.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jliyocpk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kpcoyilj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lwmmofbx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xbfommwl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\magagovi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ivogagam.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivogagam.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mpprxfyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oyfxrppm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nafojgcp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pcgjofan.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nokkyjeo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oejykkon.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spkysqoi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ioqsykps.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiwejive.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evijewiw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\soziredo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\kofidutu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\siruguhu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nhser43uhjnefr.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\zitakihu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kbiihf.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\WWShow\WWShow.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wifokuvi.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\nbaalltk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aiwebt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aoxwmxqe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fbfslgxe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dqgtfr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drwhfqly.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipxiwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\josoguyi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\juqnzx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kavumefe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lejorude.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otbjrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phiaij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pisuvedi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pohudodi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwbxymfi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qifbvixn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\siurvcsd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\torajigu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxeulfvl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\goputomo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\begimepo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cusncl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\derinade.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dotipiwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dowileyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\duweweba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eflsrv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hamufw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieglnh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijodtkhy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\munokesu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sqilcmfg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tsuninst.exe (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ehkashiy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\itpymj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshlbs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cncgnoou.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnljkHy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nohisoye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\noweripe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rufupiba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rupetapa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sagbejsa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sbsutt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blqfjbpi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buyaneju.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bzvyxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmyafadt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frwrjfge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wapifiwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hivezuto.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hovogove.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nadusifa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\navifaya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rigiwoti.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rkpzxi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wezewugi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wgneig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiyirive.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luopmj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lutovute.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luyenofe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxbhmiuy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\payezavu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pejokehe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wyecofty.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wulubuvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eqzpmz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jaidnwjr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jazejumi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jdtwlhdg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjnkhiqc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ksejnnja.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yasijote.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zehigipu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zeraseba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zezosivi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zitajalu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uuayib.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ucpbdsyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ugtquj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\Application Data\nidle\nidle.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\Application Data\nidle\nidle.exe1vi (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\Application Data\nidle\nidle.exe9m8 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\Application Data\Twain\Twain.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruludoji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXnKApn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXQijJY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkhefG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnlKBuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnolIYR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\foyorere.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tigefeki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vuranune.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wudifobu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dejufedu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fifugiku.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCrSkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGayabA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJAqqpN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vivuyayo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dahovibo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfDuUkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfGywuU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\Local Settings\Temp\4088860496.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\tdctxte.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meyeyihi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\services.ex_ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
0
Réponse 34 / 47
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 avril 2009 à 10:01
Et bien .... vu tout ce qui a été supprimé , et tout ce qui reste encore ... ^^"


j'attends donc la suite ....

0
Réponse 35 / 47
CharlieMusic Messages postés 30 Date d'inscription mardi 31 mars 2009 Statut Membre Dernière intervention 4 avril 2009
2 avril 2009 à 10:03
avant de faire ces manip tu m'as dit de bien télécharger la console de récuparation pr ma version d'xp mais le truc c'est qu'ils disent qu'une fois installée sur le bureau faut que je la fasse glisser sur le logo combo fix mais ca marche pas...ca fait rien comme manip... :s
j'ai rien à désactiver comme défense vu que j'ai désinstaller nod32? d'ailleurs je n'ai pas l'install donc après tout ce "nettoyage" il faudra que je me débrouille à retrouver un antivirus...enfin chaque chose en son temps ^^
0
Réponse 36 / 47
CharlieMusic Messages postés 30 Date d'inscription mardi 31 mars 2009 Statut Membre Dernière intervention 4 avril 2009
2 avril 2009 à 10:34
qd je lance combofix il me met un mess d'erruer "erreur de nom CFScript" ... ? :s
0
Réponse 37 / 47
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 avril 2009 à 12:38
re,


supprime ton Combofix ... puit reprends ainsi :


Télécharge ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clique droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape CFix et valide .

- le renommage au téléchargement est primordial pour contrer l'infection, sinon l'outil sera inutilisable -


--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
--------------------------------------------------------------------------------------------


Ensuite :
double-clique sur "CFix.exe" ( = combofix.exe ) pour lancer l'outil .

Appuie sur la touche Y (Yes) pour démarrer le scan .

Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'annonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarrer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée ici: C:\Combofix.txt

Réactive bien tes défenses


Poste le rapport Combofix pour analyse ...



0
Réponse 38 / 47
CharlieMusic Messages postés 30 Date d'inscription mardi 31 mars 2009 Statut Membre Dernière intervention 4 avril 2009
2 avril 2009 à 21:22
j'ai fait exactement ce que tu m'as dit avec combofix en le renommant...la première fois il m'ont mis le même mess d'erreur que tt à l'heure et j'ai réessayé et la seconde fois ils m'ont dit qu'il était impossible de renommer combofix en CFix mais qu'il fallait le renommer en caractères alphanumériques.... :s
0
Réponse 39 / 47
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 avril 2009 à 21:30
re,


renomme le en azerty pour voire ....

0
Réponse 40 / 47
CharlieMusic Messages postés 30 Date d'inscription mardi 31 mars 2009 Statut Membre Dernière intervention 4 avril 2009
2 avril 2009 à 21:38
pareil...ils me mettent que le nom est mal écrit... pourtant g bien fait "enregistrer la cible sous....enregistrement sur le bureau...azerty ou CFix ...ca marche pas ... :(
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses