Virus Virtumonde.Neo besoin d'aide

Question

Bonjour,
Mon ordinateur rame pas mal en ce moment...je l'ai défragmenté, et fais une analyse NOD32
début de l'analyse : "Controle CRC du fichier NOD32.EXE : le fichier NOD32.EXE est endommagé, peut-être infecté
La mémoire est OK
Une erreur s'est produite durant l'analyse du secteur MBR de 2.disque physique.Erreur de lecture du secteur."
l'analyse se lance et très souvent, même si l'analyse se fait ils mettent "erreur à l'ouverture (le fichier est verrouillé)
virus détecté : WIN32/Ardware.Virtumonde.Neo~datafile application, mise en quarantaine et parfois suppression du fichier
j'ai aussi ma connection internet qui rame, j'ai internet explorer avec lo.st qui s'est mis en page d'acceuil et j'ai téléchargé firefox mais j'ai sans arrêt des publicités ou des pages comm "site malveillant" "page interne non trouvée"
au démarrage de mon ordinateur il me mettent un message d'erreur à propos du rundll.....? :s et les deux dernières fois que je l'ai allumé la toute première page windows pr rentrer mon mot de passe était différente...
qu'est ce qu'il faudrait que je fasse pour booster mon ordi (pc portable vaio datant de 3ans)...? 

merci par avance à ceux qui voudront bien m'aider car c'est vraiment dur à gérer.... 

CharlieMusic

sKe69 · Answer

Salut,


on va s'occuper de cela ...


fais ce qui suit pour commencer :


1- Télécharge et installe le logiciel HijackThis : 

ici http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

-->Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation . 
A la fin de l'installe , le prg se lance automatiquement : ferme le en cliquant sur la croix rouge . 
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme : 
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

( ne lance pas ce prg pour l'instant et fais la suite ... )



2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable  sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " . 

* Devant l'option "List files/folders created ..." , tu choisis : 2 months 

* clique ensuite sur " Continue " pour lancer l'analyse ...


-> laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note). 

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante ... 
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ... 
Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ...

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

CharlieMusic · Answer

et celui du log 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Charlotte at 2009-03-31 11:29:41
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 9 GB (10%) free of 95 GB
Total RAM: 1022 MB (38% free)


======Scheduled tasks folder======

C:\WINDOWS	asks\AD551DE1918A8EC9.job
C:\WINDOWS	asks\AppleSoftwareUpdate.job
C:\WINDOWS	asks\At1.job
C:\WINDOWS	asks\At10.job
C:\WINDOWS	asks\At11.job
C:\WINDOWS	asks\At12.job
C:\WINDOWS	asks\At13.job
C:\WINDOWS	asks\At14.job
C:\WINDOWS	asks\At15.job
C:\WINDOWS	asks\At16.job
C:\WINDOWS	asks\At17.job
C:\WINDOWS	asks\At18.job
C:\WINDOWS	asks\At19.job
C:\WINDOWS	asks\At2.job
C:\WINDOWS	asks\At20.job
C:\WINDOWS	asks\At21.job
C:\WINDOWS	asks\At22.job
C:\WINDOWS	asks\At23.job
C:\WINDOWS	asks\At24.job
C:\WINDOWS	asks\At25.job
C:\WINDOWS	asks\At26.job
C:\WINDOWS	asks\At27.job
C:\WINDOWS	asks\At28.job
C:\WINDOWS	asks\At29.job
C:\WINDOWS	asks\At3.job
C:\WINDOWS	asks\At30.job
C:\WINDOWS	asks\At31.job
C:\WINDOWS	asks\At32.job
C:\WINDOWS	asks\At33.job
C:\WINDOWS	asks\At34.job
C:\WINDOWS	asks\At35.job
C:\WINDOWS	asks\At36.job
C:\WINDOWS	asks\At37.job
C:\WINDOWS	asks\At38.job
C:\WINDOWS	asks\At39.job
C:\WINDOWS	asks\At4.job
C:\WINDOWS	asks\At40.job
C:\WINDOWS	asks\At41.job
C:\WINDOWS	asks\At42.job
C:\WINDOWS	asks\At43.job
C:\WINDOWS	asks\At44.job
C:\WINDOWS	asks\At45.job
C:\WINDOWS	asks\At46.job
C:\WINDOWS	asks\At47.job
C:\WINDOWS	asks\At48.job
C:\WINDOWS	asks\At5.job
C:\WINDOWS	asks\At6.job
C:\WINDOWS	asks\At7.job
C:\WINDOWS	asks\At8.job
C:\WINDOWS	asks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2BA40A2-74F3-42BD-F434-2604812C8954}]
C:\WINDOWS\system32
hser43uhjnefr.dll - C:\WINDOWS\system32
hser43uhjnefr.dll [2009-03-30 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3ce92c3-e612-4370-bfbe-d19c0ce2d438}]
C:\WINDOWS\system32\siruguhu.dll [1601-01-01 70892]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-21 251504]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 434176]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-11-30 7335936]
"Windows UDP Control Center"=fxstaller.exe []
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2009-01-30 1011200]
"lodohiweti"=C:\WINDOWS\system32\soziredo.dll [1601-01-01 70892]
"svchost.exe"=C:\WINDOWS\system32\3361\svchost.exe [2009-03-30 86016]
"f40b1659"=C:\WINDOWS\system32\dotevumo.dll [2009-03-31 99840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"svchost.exe"=C:\WINDOWS\system32\3361\svchost.exe [2009-03-30 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-09-25 114688]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []
"HardTruckTycoonSetup.exe"=C:\DOCUME~1\CHARLO~1\Bureau\HARDTR~1.EXE /r []
"Tons Corn"=C:\DOCUME~1\CHARLO~1\APPLIC~1\MATHCD~1\list proxy.exe []
"BitComet"=C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe [2007-10-08 6338872]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 34304]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-13 68856]
"EPSON Stylus DX7400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE [2007-04-12 182272]
"Diagnostic Manager"=C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\358442460.exe [2009-03-31 171009]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
Post-it® Software Notes Lite.lnk - C:\Program Files\postit\PsnLite.exe
VProperty.lnk - C:\WINDOWS\VPro610.exe

C:\Documents and Settings\Charlotte\Menu Démarrer\Programmes\Démarrage
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="jat.dll kbiihf.dll C:\WINDOWS\system32\zitakihu.dll xywxoa.dll lsgysp.dll ascjsa.dll fagsaa.dll dtxjyi.dll yznzzh.dll ooytoc.dll c:\windows\system32\fifugiku.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcYRjIA]
efcYRjIA.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
kjm6t5rinmhp8o87t7r6gh - {C2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32
hser43uhjnefr.dll [2009-03-30 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\efcYRjIA.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32
nnljkHy
"notification packages"=cli
C:\WINDOWS\system32\zitakihu.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe"="C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\WIBUKEY\Server\WkSvW32.exe"="C:\Program Files\WIBUKEY\Server\WkSvW32.exe:*:Enabled:WIBU-KEY Network Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\ArchiCAD 11\ArchiCAD 11\ArchiCAD.exe"="C:\Program Files\ArchiCAD 11\ArchiCAD 11\ArchiCAD.exe:*:Enabled:ArchiCAD 11.0.0 Component"
"C:\Program Files\ArchiCAD 12\ArchiCAD.exe"="C:\Program Files\ArchiCAD 12\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component"
"C:\Downloads\Memo\Memo.exe"="C:\Downloads\Memo\Memo.exe:*:Enabled:Desktop tool"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\WINDOWS\system32undll32.exe"="C:\WINDOWS\system32undll32.exe:*:Enabled:RUNDLL32"
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:GoogleToolbarNotifier"
"C:\Documents and Settings\Charlotte\Local Settings\Temp\Google Toolbar\gtb2F9.tmp.exe"="C:\Documents and Settings\Charlotte\Local Settings\Temp\Google Toolbar\gtb2F9.tmp.exe:*:Enabled:gtb2F9.tmp"
"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM"
"C:\Program Files\ESET
od32krn.exe"="C:\Program Files\ESET
od32krn.exe:*:Enabled:nod32krn"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\WINDOWS\system32\3361\svchost.exe"="C:\WINDOWS\system32\3361\svchost.exe:*:Enabled:SVCHOST.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13401c53-28d7-11dd-8480-0013a90e5ab9}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20544dd4-771a-11db-806c-0013a90e5ab9}]
shell\AutoRun\command - J:\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{345c434e-e92f-11dc-83d6-0013a90e5ab9}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======File associations======

.exe - open - mdm32 %1 %*
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install - 
.scr - config - 

======List of files/folders created in the last 2 months======

2009-03-31 11:29:41 ----D---- C:sit
2009-03-31 11:28:50 ----D---- C:\Program Files\Trend Micro
2009-03-31 11:27:39 ----D---- C:\Program Files\HijackThis
2009-03-31 09:24:44 ----A---- C:\WINDOWS\system32\cbXnKApn.dll
2009-03-30 22:08:46 ----A---- C:\WINDOWS\system32\khfGywuU.dll
2009-03-30 22:06:54 ----A---- C:\WINDOWS\system32\mlJAqqpN.dll
2009-03-30 22:06:47 ----D---- C:\WINDOWS\system32\3361
2009-03-30 22:06:04 ----A---- C:\WINDOWS\system32\w.exe
2009-03-30 22:05:09 ----A---- C:\WINDOWS\system32
hser43uhjnefr.dll
2009-03-30 22:05:09 ----A---- C:\ocqkmoc.exe
2009-03-30 22:05:02 ----A---- C:\dmsiacq.exe
2009-03-24 11:19:15 ----SH---- C:\WINDOWS\system32\jaguwuyi.exe
2009-03-24 00:54:43 ----D---- C:\Program Files\Autodesk Revit Building 8.1
2009-03-23 20:21:56 ----SH---- C:\WINDOWS\system32\inikegoj.ini
2009-03-23 20:19:37 ----ASH---- C:\WINDOWS\system32\ooytoc.dll
2009-03-22 12:47:08 ----SH---- C:\WINDOWS\system32\opetagul.ini
2009-03-22 12:46:41 ----ASH---- C:\WINDOWS\system32\yznzzh.dll
2009-03-21 15:07:47 ----SH---- C:\WINDOWS\system32\egupoyab.ini
2009-03-21 15:06:45 ----ASH---- C:\WINDOWS\system32\dtxjyi.dll
2009-03-20 18:05:03 ----SH---- C:\WINDOWS\system32\ehuhewap.ini
2009-03-20 18:04:41 ----ASH---- C:\WINDOWS\system32\fagsaa.dll
2009-03-19 10:48:21 ----SH---- C:\WINDOWS\system32\opanagar.ini
2009-03-19 10:47:58 ----ASH---- C:\WINDOWS\system32\ascjsa.dll
2009-03-18 10:57:41 ----SH---- C:\WINDOWS\system32\obirotig.ini
2009-03-18 10:57:19 ----ASH---- C:\WINDOWS\system32\lsgysp.dll
2009-03-17 20:12:28 ----SH---- C:\WINDOWS\system32\usimoniv.ini
2009-03-17 20:12:02 ----ASH---- C:\WINDOWS\system32\xywxoa.dll
2009-03-15 14:19:10 ----SH---- C:\WINDOWS\system32\hosezora.dll
2009-03-15 14:18:56 ----SH---- C:\WINDOWS\system32\lakovazo.dll
2009-03-12 10:52:37 ----SH---- C:\WINDOWS\system32\ozusayuh.ini
2009-03-11 11:17:45 ----SH---- C:\WINDOWS\system32\iyofotiy.ini
2009-03-10 11:08:03 ----ASH---- C:\WINDOWS\system32\dojapode.dll
2009-03-10 11:07:40 ----SH---- C:\WINDOWS\system32\iseguvov.ini
2009-03-08 11:26:01 ----SH---- C:\WINDOWS\system32\onesizeb.ini
2009-03-07 11:52:26 ----SH---- C:\WINDOWS\system32\erakunes.ini
2009-03-06 15:10:10 ----A---- C:\WINDOWS\system32
otijiku.dll
2009-03-06 15:07:00 ----SH---- C:\WINDOWS\system32\meridewa.dll
2009-03-06 15:07:00 ----SH---- C:\WINDOWS\system32\bidapako.dll
2009-03-06 00:41:01 ----SH---- C:\WINDOWS\system32\eropomad.ini
2009-03-05 12:40:26 ----SH---- C:\WINDOWS\system32\ayezidob.ini
2009-03-05 00:40:18 ----SH---- C:\WINDOWS\system32\ovipipuf.ini
2009-03-04 12:39:57 ----SH---- C:\WINDOWS\system32\awazokaw.ini
2009-03-03 10:38:46 ----SH---- C:\WINDOWS\system32\hilemebu.dll
2009-03-03 10:38:45 ----SH---- C:\WINDOWS\system32\wigimogo.dll
2009-02-27 00:21:40 ----SH---- C:\WINDOWS\system32\dejufedu.dll
2009-02-26 10:36:05 ----SH---- C:\WINDOWS\system32\kirenalo.dll
2009-02-26 10:36:05 ----SH---- C:\WINDOWS\system32\dunuhobu.dll
2009-02-25 12:01:24 ----D---- C:\Documents and Settings\Charlotte\Application Data\Search Settings
2009-02-25 12:01:14 ----D---- C:\Documents and Settings\Charlotte\Application Data\pdfforge
2009-02-25 11:57:43 ----D---- C:\Program Files\pdfforge Toolbar
2009-02-25 11:56:57 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2009-02-25 11:56:57 ----A---- C:\WINDOWS\system32\MSCC2FR.DLL
2009-02-25 11:56:56 ----D---- C:\Program Files\PDFCreator
2009-02-25 11:56:56 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2009-02-22 23:46:07 ----SH---- C:\WINDOWS\system32\zibibozi.dll
2009-02-22 23:46:07 ----SH---- C:\WINDOWS\system32\vewalimu.dll
2009-02-22 19:49:20 ----A---- C:\WINDOWS\system32\lfpng13n.dll
2009-02-22 11:46:10 ----SH---- C:\WINDOWS\system32\semajosu.dll
2009-02-22 11:46:09 ----SH---- C:\WINDOWS\system32aferafo.dll
2009-02-21 13:22:06 ----SH---- C:\WINDOWS\system32\itigumol.ini
2009-02-20 00:20:09 ----A---- C:\WINDOWS\system32
baalltk.dll
2009-02-17 19:59:49 ----SH---- C:\WINDOWS\system32\oejykkon.ini
2009-02-17 19:59:48 ----A---- C:\WINDOWS\system32
okkyjeo.dll
2009-02-15 17:44:23 ----SH---- C:\WINDOWS\system32
uelkvcf.ini
2009-02-13 20:22:06 ----SH---- C:\WINDOWS\system32\xiualflg.ini
2009-02-13 20:22:02 ----A---- C:\WINDOWS\system32\glflauix.dll
2009-02-10 20:18:18 ----SH---- C:\WINDOWS\system32ibnkgki.ini
2009-02-10 20:18:13 ----A---- C:\WINDOWS\system32\ikgknbir.dll

======List of files/folders modified in the last 2 months======

2009-03-31 11:28:50 ----RD---- C:\Program Files
2009-03-31 11:26:02 ----D---- C:\WINDOWS	emp
2009-03-31 11:25:49 ----D---- C:\Downloads
2009-03-31 11:11:45 ----D---- C:\WINDOWS\system32
2009-03-31 11:11:07 ----ASH---- C:\WINDOWS\system32uludoji.dll
2009-03-31 11:11:06 ----ASH---- C:\WINDOWS\system32\dotevumo.dll
2009-03-31 11:00:31 ----D---- C:\Program Files\Mozilla Firefox
2009-03-31 10:48:08 ----ASH---- C:\WINDOWS\system32
uvoyijo.dll
2009-03-31 10:48:07 ----ASH---- C:\WINDOWS\system32\modubelo.dll
2009-03-31 10:24:51 ----N---- C:\WINDOWS\system32\yipiveto.dll
2009-03-31 10:24:51 ----ASH---- C:\WINDOWS\system32
ifodiyu.exe
2009-03-31 10:24:49 ----ASH---- C:\WINDOWS\system32\mokuheva.dll
2009-03-31 09:22:41 ----A---- C:\WINDOWS\system32\mdm32.exe
2009-03-30 22:56:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-30 22:13:54 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-30 22:06:54 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-03-30 22:06:51 ----D---- C:\WINDOWS
2009-03-30 22:04:57 ----ASH---- C:\WINDOWS\system32\yekotafo.exe
2009-03-30 22:04:57 ----ASH---- C:\WINDOWS\system32ijilutu.dll
2009-03-30 22:04:57 ----ASH---- C:\WINDOWS\system32\kivereza.dll
2009-03-30 08:52:42 ----N---- C:\WINDOWS\system32\vuranune.dll
2009-03-30 08:52:42 ----ASH---- C:\WINDOWS\system32\kivigoru.exe
2009-03-30 08:52:42 ----ASH---- C:\WINDOWS\system32\fifugiku.dll.vir
2009-03-29 22:00:50 ----D---- C:\Documents and Settings\Charlotte\Application Data\Image Zone Express
2009-03-29 12:01:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-29 11:59:03 ----ASH---- C:\WINDOWS\system32	ipifipo.dll
2009-03-29 11:59:02 ----ASH---- C:\WINDOWS\system32\bisoloku.exe
2009-03-28 17:04:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-28 16:45:38 ----ASH---- C:\WINDOWS\system32\panasoba.exe
2009-03-28 16:45:38 ----ASH---- C:\WINDOWS\system32\jelukahu.dll
2009-03-27 17:17:36 ----D---- C:\Documents and Settings\Charlotte\Application Data\Adobe
2009-03-27 15:36:29 ----N---- C:\WINDOWS\system32\vuvimuwe.dll
2009-03-27 15:36:29 ----ASH---- C:\WINDOWS\system32\vabazaja.dll
2009-03-27 15:36:28 ----ASH---- C:\WINDOWS\system32\yeruduki.exe
2009-03-26 23:29:01 ----D---- C:\Program Files\ArchiCAD 12
2009-03-25 17:38:03 ----D---- C:\Program Files\Fichiers communs
2009-03-25 17:37:40 ----D---- C:\Program Files\BitComet
2009-03-25 14:36:30 ----D---- C:\Documents and Settings\Charlotte\Application Data\Samsung
2009-03-25 14:35:50 ----HD---- C:\WINDOWS\inf
2009-03-25 14:35:45 ----SHD---- C:\WINDOWS\Installer
2009-03-25 14:35:45 ----HD---- C:\Config.Msi
2009-03-25 14:34:34 ----D---- C:\Program Files\photoshop
2009-03-25 14:22:08 ----AC---- C:\WINDOWS\system32\BASSMOD.dll
2009-03-25 10:54:37 ----ASH---- C:\WINDOWS\system32\kimulizi.dll
2009-03-25 10:54:36 ----ASH---- C:\WINDOWS\system32\foyorere.dll
2009-03-24 00:57:41 ----D---- C:\Program Files\Fichiers communs\Autodesk Shared
2009-03-23 20:19:36 ----ASH---- C:\WINDOWS\system32\vivuyayo.dll
2009-03-23 20:19:34 ----ASH---- C:\WINDOWS\system32\guvodudi.dll
2009-03-22 12:46:41 ----ASH---- C:\WINDOWS\system32\yakivase.dll
2009-03-22 12:46:40 ----ASH---- C:\WINDOWS\system32	ebutago.dll
2009-03-21 15:06:44 ----ASH---- C:\WINDOWS\system32\juriyuyi.dll
2009-03-21 15:06:44 ----ASH---- C:\WINDOWS\system32\jazuyana.dll
2009-03-20 18:04:39 ----ASH---- C:\WINDOWS\system32	ukuhegu.dll
2009-03-20 18:04:37 ----ASH---- C:\WINDOWS\system32\meyeyihi.dll
2009-03-19 10:47:58 ----ASH---- C:\WINDOWS\system32\junefare.dll
2009-03-19 10:47:57 ----ASH---- C:\WINDOWS\system32\wafiguvu.dll
2009-03-18 18:58:18 ----D---- C:\WINDOWS\Prefetch
2009-03-18 10:57:16 ----ASH---- C:\WINDOWS\system32\vubuvuha.dll
2009-03-18 10:57:15 ----ASH---- C:\WINDOWS\system32\sidikeyu.dll
2009-03-17 20:12:00 ----ASH---- C:\WINDOWS\system32\dahovibo.dll
2009-03-17 20:11:58 ----ASH---- C:\WINDOWS\system32oliwiza.dll
2009-03-15 19:31:09 ----D---- C:\Documents and Settings\Charlotte\Application Data\Apple Computer
2009-03-11 11:17:15 ----ASH---- C:\WINDOWS\system32\muwatibi.dll
2009-03-08 11:25:43 ----N---- C:\WINDOWS\system32\beziseno.dll
2009-03-08 11:25:43 ----ASH---- C:\WINDOWS\system32	emekatu.dll
2009-03-07 11:50:37 ----ASH---- C:\WINDOWS\system32\segivubo.dll
2009-03-06 00:40:41 ----ASH---- C:\WINDOWS\system32\gitadumi.dll
2009-03-05 12:40:21 ----ASH---- C:\WINDOWS\system32\fayebuzu.dll
2009-03-05 00:40:03 ----N---- C:\WINDOWS\system32\fupipivo.dll
2009-03-05 00:40:03 ----ASH---- C:\WINDOWS\system32\polekove.dll
2009-03-04 12:39:46 ----ASH---- C:\WINDOWS\system32	igefeki.dll
2009-03-04 12:34:15 ----ASH---- C:\WINDOWS\system32\derinade.dll
2009-03-03 11:15:25 ----D---- C:\Documents and Settings\Charlotte\Application Data\dvdcss
2009-02-25 11:57:43 ----D---- C:\WINDOWS\WinSxS
2009-02-21 20:20:28 ----D---- C:\Program Files\Google
2009-02-21 13:23:21 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-02-21 13:22:03 ----ASH---- C:\WINDOWS\system32\lutovute.dll
2009-02-20 23:02:51 ----D---- C:\WINDOWS\security
2009-02-20 18:55:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-20 18:55:44 ----D---- C:\Program Files\Movie Maker
2009-02-20 18:55:39 ----D---- C:\WINDOWS\RegisteredPackages
2009-02-20 18:41:50 ----D---- C:\WINDOWS\system
2009-02-20 14:38:42 ----ASH---- C:\WINDOWS\system32\zeraseba.dll
2009-02-20 00:21:49 ----ASH---- C:\WINDOWS\system32\yHkjlnnn.ini
2009-02-20 00:21:10 ----ASH---- C:\WINDOWS\system32\yHkjlnnn.ini2
2009-02-20 00:19:52 ----A---- C:\WINDOWS\system32\ff28d227-.txt
2009-02-12 00:00:45 ----ASH---- C:\WINDOWS\system32\zezosivi.dll
2009-02-11 12:01:38 ----A---- C:\WINDOWS\system32\mcrh.tmp
2009-02-11 12:01:21 ----D---- C:\Documents and Settings\Charlotte\Application Data\U3
2009-02-10 20:17:02 ----ASH---- C:\WINDOWS\system32
avifaya.dll
2009-02-08 20:26:46 ----ASH---- C:\WINDOWS\system32\buhegavu.dll
2009-02-05 16:07:05 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-02-05 15:57:21 ----ASH---- C:\WINDOWS\system32\pisuvedi.dll
2009-02-03 17:09:28 ----ASH---- C:\WINDOWS\system32\wudifobu.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 40320]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-11 5632]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-24 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-04-06 21275]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2007-05-09 72704]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-18 202112]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS
ic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS
v4_mini.sys [2005-11-30 3600736]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-11 14604]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-06-10 21760]
R3 SNC;Périphérique de contrôle d'ordinateur portable Sony; C:\WINDOWS\system32\DRIVERS\SonyNC.sys [2001-08-17 20752]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-17 1076472]
R3 ti21sony;ti21sony; C:\WINDOWS\system32\drivers	i21sony.sys [2005-10-04 217472]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 ps_1394;ps_1394; C:\WINDOWS\System32\Drivers\ps_1394.sys [2004-10-15 97152]
S3 ps_avs;ps_avs; C:\WINDOWS\System32\Drivers\ps_avs.sys [2004-10-15 24576]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SPC610NC;SPC 610NC Laptop Camera; C:\WINDOWS\system32\DRIVERS\SPC610NC.SYS [2005-09-07 151040]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 Wibukey2;Wibukey2; C:\WINDOWS\system32\drivers\wibukey2.sys [2007-05-09 16384]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 afisicx;afisicx  Service; C:\WINDOWS\system32\afisicx.exe [2001-08-24 193536]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 131072]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2008-12-20 98304]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 249856]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSTD;Windows Download Manage; C:\WINDOWS\system32\mstd.exe [2004-08-04 45056]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset
od32krn.exe [2007-11-10 528384]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32
vsvc32.exe [2005-11-30 143437]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 237644]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 sopidkc;sopidkc  Service; C:\WINDOWS\system32\sopidkc.exe [2001-08-24 193536]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 73728]
R2 tdctxte;tdctxte  Service; C:\WINDOWS\system32	dctxte.exe [2001-08-24 194048]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 69632]
S2 defaultlib;Service AntiVir; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satelliteaysat_3dsMax2009_32server.exe []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 90112]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-11-10 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-01 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------


Un nouveau virus a été détecté par NOD 32 : WIN32/Inject.CCO Chaval de Troie

sKe69 · Answer

re,


très infecté ...


tu n'as pas installé Hijackthis  correctement ! ...du coup il me manque des données importantes ...


donc recommence la manipe et poste moi le nouveau rapport "Log.txt" obtenu stp ...

CharlieMusic · Answer

pourtant g fait exactement comme tu me l'as indiqué... c'est RSIT qui a lancé le scan HijackThis... voici la copie du rapport log : 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Charlotte at 2009-03-31 11:52:08
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 9 GB (10%) free of 95 GB
Total RAM: 1022 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47, on 31/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afisicx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mstd.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32	dctxte.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\VPro610.exe
C:\Program Files\postit\PsnLite.exe
C:\PROGRA~1\postit\PSNGive.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\3361\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET
od32kui.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32undll32.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\358442460.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Trend Micro\HijackThis\Charlotte.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.13.6:3333
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
O2 - BHO: C:\WINDOWS\system32
hser43uhjnefr.dll - {C2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32
hser43uhjnefr.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {f3ce92c3-e612-4370-bfbe-d19c0ce2d438} - C:\WINDOWS\system32\siruguhu.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\svchost.exe"
O4 - HKLM\..\Run: [f40b1659] rundll32.exe "C:\WINDOWS\system32\wiwejive.dll",b
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\svchost.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [HardTruckTycoonSetup.exe] C:\DOCUME~1\CHARLO~1\Bureau\HARDTR~1.EXE /r
O4 - HKCU\..\Run: [Tons Corn] C:\DOCUME~1\CHARLO~1\APPLIC~1\MATHCD~1\list proxy.exe
O4 - HKCU\..\Run: [BitComet] "C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SDF8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\358442460.exe
O4 - HKUS\S-1-5-19\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\j90gb547.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\j90gb547.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\postit\PsnLite.exe
O4 - Global Startup: VProperty.lnk = C:\WINDOWS\VPro610.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet	ools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D5D30A68-E230-49D9-B4D5-BF7532692945} (CDiscountObj Class) - https://order.cdiscount.com/Account/LoginLight.html?referrer=https://clients.cdiscount.com%2Ferror%2F404.aspx%3F404%3Bhttp%3A%2F%2Fclients.cdiscount.com%3A100%2Forder%2Ftechcity%2Factivex%2Fcdiscount.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL (file missing)
O20 - AppInit_DLLs: jat.dll kbiihf.dll C:\WINDOWS\system32\zitakihu.dll xywxoa.dll lsgysp.dll ascjsa.dll fagsaa.dll dtxjyi.dll yznzzh.dll ooytoc.dll c:\windows\system32\fifugiku.dll
O20 - Winlogon Notify: efcYRjIA - efcYRjIA.dll (file missing)
O22 - SharedTaskScheduler: kjm6t5rinmhp8o87t7r6gh - {C2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32
hser43uhjnefr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: afisicx  Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satelliteaysat_3dsMax2009_32server.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: sopidkc  Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: tdctxte  Service (tdctxte) - Unknown owner - C:\WINDOWS\system32	dctxte.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

sKe69 · Answer

Oki ,


c'est un beau bordel ! ... Et Nod32 n'est pas actif au démarrage , systeme pas à jour ... bref , y a du boulot ! ...^^

ne fais rien d'autre de ce que je te demande de faire ! sinon on risque le plantage à coup sur ...



on commence ... fais ce qui suit dans l'odre :


1- Désactiver le redémarrage automatique :

A) Aller dans le menu "Démarrer"/"Panneau de configuration", puis "Performances et maintenance" et enfin "Système" .
Ou bien en faisant un clic-droit sur "Poste de travail" ( sur "ordinateur" pour Vista ) et en sélectionnant "Propriétés" .
 
B) Cliquez sur l'onglet "Avancé" ( pour Vista , cliquer dans "tâche" sur "paramètre systeme avancés" )
C) Ensuite , dans le 3eme paragraphe "Démarrage et récupération" , cliquer sur "paramètre" .
D) Dans le paragraphe "Défaillance du système" : décocher "Redémarrer automatiquement" .

puis cliquer sur "Ok" , "appliquer" et encore "Ok" pour valider la modif . 

Conseil : laisse ces paramètres par la suite ...



=====================


2- Télécharge SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Installe le soft sur ton bureau ( et pas ailleurs! ) .

!! Déconnecte toi, ferme toutes tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !!


Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php
Autre tuto animé ( merci balltrapp34 ;) ) : http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm
 
Utilisation ---> option 1 / Recherche : 
Double-clique sur l'icône "Smitfraudfix.exe" et sélectionne 1 (et pas sur autre chose sans notre accord !) pour créer un rapport des fichiers responsables de l'infection.
 
Poste le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite ...

(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool". Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)

CharlieMusic · Answer

j'en suis à l'étape 2...mais comment désactiver mes défenses?

sKe69 · Answer

tu désactives la protection ( ou guarde ) de Nod32 ... Si celle-ci est bien active ( j'en doute un peut ) ...

c'est pour éviter que ce dernier tilt encore plus et gène le fonctionnement de l'outil ...

CharlieMusic · Answer

je n'arrive pas a ouvrir NOD 32 car il me met qu'il ne marche pas... et pour le logiciel smitfraud qd je dbl clik dessus il m'a installé sur le bureau un dossier smitfraud et qd jessai de le lancé il fai écran noir et non comme sur le tutoriel bleu avec 1 recherche 2.... en gros il me propose rrien :s

CharlieMusic · Answer

nod32 m'affiche encore d'autres virus trojan....

CharlieMusic · Answer

je n'arrive pas a ouvrir NOD 32 car il me met qu'il ne marche pas... et pour le logiciel smitfraud qd je dbl clik dessus il m'a installé sur le bureau un dossier smitfraud et qd jessai de le lancé il fai écran noir et non comme sur le tutoriel bleu avec 1 recherche 2.... en gros il me propose rrien :s

sKe69 · Answer

re,

désinstalle ton Nod32 ! tu le réinstalleras quand on aura terminé ensemble ...


pour , Smithraud , supprime le , retélécharge le et recommence pour voir ...

CharlieMusic · Answer

voici le rapport après recherche
SmitFraudFix v2.405

Rapport fait à 12:50:15,28, 31/03/2009
Executé à partir de C:\Documents and Settings\Charlotte\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afisicx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mstd.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32	dctxte.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32undll32.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\358442460.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
C:\WINDOWS\system32\3361\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\VPro610.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Charlotte\Bureau\SmitfraudFix\Policies.exe
C:\Documents and Settings\Charlotte\Bureau\SmitfraudFix\Policies.exe
C:\Documents and Settings\Charlotte\Bureau\SmitfraudFix\Policies.exe
C:\Program Files\ESET
od32kui.exe
C:\Documents and Settings\Charlotte\Bureau\SmitfraudFix\Policies.exe
C:\Documents and Settings\Charlotte\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\HPZipm12.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

#curity.microsoft.com

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\Tasks\At?.job PRESENT !
C:\WINDOWS\Tasks\At??.job PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charlotte


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charlotte\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHARLO~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C2BA40A2-74F3-42BD-F434-2604812C8954}"="kjm6t5rinmhp8o87t7r6gh"

[HKEY_CLASSES_ROOT\CLSID\{C2BA40A2-74F3-42BD-F434-2604812C8954}\InProcServer32]
@="C:\WINDOWS\system32
hser43uhjnefr.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C2BA40A2-74F3-42BD-F434-2604812C8954}\InProcServer32]
@="C:\WINDOWS\system32
hser43uhjnefr.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="jat.dll kbiihf.dll C:\WINDOWS\system32\zitakihu.dll xywxoa.dll lsgysp.dll ascjsa.dll fagsaa.dll dtxjyi.dll yznzzh.dll ooytoc.dll c:\windows\system32\fifugiku.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

CharlieMusic · Answer

j'en ai refait un après avoir désinstaller nod32 et redémarrer l'ordi...je sais pas si ca a changé qqch....
SmitFraudFix v2.405

Rapport fait à 13:02:45,26, 31/03/2009
Executé à partir de C:\Documents and Settings\Charlotte\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afisicx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mstd.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32	dctxte.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\358442460.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\system32\mdm32.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\3361\svchost.exe
C:\WINDOWS\system32\3361\svchost.exe
C:\WINDOWS\VPro610.exe
C:\Documents and Settings\Charlotte\Bureau\SmitfraudFix\Policies.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Charlotte\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

#curity.microsoft.com

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\Tasks\At?.job PRESENT !
C:\WINDOWS\Tasks\At??.job PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charlotte


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charlotte\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHARLO~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C2BA40A2-74F3-42BD-F434-2604812C8954}"="kjm6t5rinmhp8o87t7r6gh"

[HKEY_CLASSES_ROOT\CLSID\{C2BA40A2-74F3-42BD-F434-2604812C8954}\InProcServer32]
@="C:\WINDOWS\system32
hser43uhjnefr.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C2BA40A2-74F3-42BD-F434-2604812C8954}\InProcServer32]
@="C:\WINDOWS\system32
hser43uhjnefr.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="jat.dll kbiihf.dll C:\WINDOWS\system32\zitakihu.dll xywxoa.dll lsgysp.dll ascjsa.dll fagsaa.dll dtxjyi.dll yznzzh.dll ooytoc.dll c:\windows\system32\fifugiku.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

sKe69 · Answer

impec ...


la suite dans l'ordre :




A- Impératif : Démarrer en mode sans echec .

 /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\ 

Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage . 
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ). 
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...
 
* Double-clique sur SmitfraudFix.exe 

* Sélectionne 2 et presse "Entrée" dans le menu pour supprimer les fichiers responsables de l'infection. 

--> Si besion :

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection. 

( Le correctif déterminera si le fichier wininet.dll est infecté.)
 
* A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée 
pour remplacer le fichier corrompu. 

* Un redémarrage sera demandé pour terminer la procédure de nettoyage . 
Si le redémarrage ne se fais pas , fais le manuellement ( c'est important ! ) . 

Le rapport se trouve à la racine de disque dur C  .
( dans le fichier C:\rapport.txt ) 

Poste moi ce dernier rapport accompagné, dans la même réponse, d'un nouveau rapport 
RSIT ( fais en mode normal )  ... 

Une fois ces rapports postés , fais ce qui suit :


================================

B-  Télécharge ToolBar S&D ( de Eric_71/Team IDN ) sur ton bureau  :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !! 

* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...  
--> Tapes directement sur 2 ( option " suppression " ) puis tape sur [Entrée]. 

Le nettoyage commence .

! ne touche à rien lors de la suppression ! 

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport RSIT ( "log.txt" ) pour analyse ... 

( le rapport est en outre sauvegardé ici -> C:\TB.txt )

CharlieMusic · Answer

je suis obligée de m'absenter quelques heures....je reviens au plus vite pour continuer...merci pour tout...gspr vraiment que je vais pouvoir le nettoyer completement... :s

CharlieMusic · Answer

me revoila.... j'ai essayé plusieurs fois à faire l'étape de nettoyage de smitfraud en mode sans échec mais il me met "process.exe erreur d'application l'instruction à "Ox77c17550" ne peut être read".... ?? :s

CharlieMusic · Answer

alors....voici le rapport toolbar SD

   -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU           T2300  @ 1.66GHz )
   BIOS : Phoenix NoteBIOS 4.0 Release 6.1     
   USER : Charlotte ( Administrator )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:93 Go (Free:9 Go)
   D:\ (CD or DVD)
   E:\ (USB)
   F:\ (USB)
   H:\ (USB)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 31/03/2009|20:01 )

   -----------\ SUPPRESSION

   Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-03414D9F.pf
   Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
   Echec   ! - C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings\kb128
   Echec   ! - C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings\kb128	emp
   Echec   ! - C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings\kb128	emp\ws-14334.log
   Echec   ! - C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings

   -----------\ DEUXIEME PASSAGE
 
   Echec   ! - C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings\kb128
   Echec   ! - C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings\kb128	emp
   Echec   ! - C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings\kb128	emp\ws-14334.log
   Echec   ! - C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings
   C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings\kb128
   C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings\kb128	emp
   C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings\kb128	emp\ws-14334.log

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Start Page"="http://www.lo.st"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/"
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"


   --------------------\  Recherche d'autres infections

   C:\WINDOWS\Tasks\At1.job
   C:\WINDOWS\Tasks\At10.job
   C:\WINDOWS\Tasks\At11.job
   C:\WINDOWS\Tasks\At12.job
   C:\WINDOWS\Tasks\At13.job
   C:\WINDOWS\Tasks\At14.job
   C:\WINDOWS\Tasks\At15.job
   C:\WINDOWS\Tasks\At16.job
   C:\WINDOWS\Tasks\At17.job
   C:\WINDOWS\Tasks\At18.job
   C:\WINDOWS\Tasks\At19.job
   C:\WINDOWS\Tasks\At2.job
   C:\WINDOWS\Tasks\At20.job
   C:\WINDOWS\Tasks\At21.job
   C:\WINDOWS\Tasks\At22.job
   C:\WINDOWS\Tasks\At23.job
   C:\WINDOWS\Tasks\At24.job
   C:\WINDOWS\Tasks\At25.job
   C:\WINDOWS\Tasks\At26.job
   C:\WINDOWS\Tasks\At27.job
   C:\WINDOWS\Tasks\At28.job
   C:\WINDOWS\Tasks\At29.job
   C:\WINDOWS\Tasks\At3.job
   C:\WINDOWS\Tasks\At30.job
   C:\WINDOWS\Tasks\At31.job
   C:\WINDOWS\Tasks\At32.job
   C:\WINDOWS\Tasks\At33.job
   C:\WINDOWS\Tasks\At34.job
   C:\WINDOWS\Tasks\At35.job
   C:\WINDOWS\Tasks\At36.job
   C:\WINDOWS\Tasks\At37.job
   C:\WINDOWS\Tasks\At38.job
   C:\WINDOWS\Tasks\At39.job
   C:\WINDOWS\Tasks\At4.job
   C:\WINDOWS\Tasks\At40.job
   C:\WINDOWS\Tasks\At41.job
   C:\WINDOWS\Tasks\At42.job
   C:\WINDOWS\Tasks\At43.job
   C:\WINDOWS\Tasks\At44.job
   C:\WINDOWS\Tasks\At45.job
   C:\WINDOWS\Tasks\At46.job
   C:\WINDOWS\Tasks\At47.job
   C:\WINDOWS\Tasks\At48.job
   C:\WINDOWS\Tasks\At5.job
   C:\WINDOWS\Tasks\At6.job
   C:\WINDOWS\Tasks\At7.job
   C:\WINDOWS\Tasks\At8.job
   C:\WINDOWS\Tasks\At9.job

   C:\WINDOWS\system32\yHkjlnnn.ini
   C:\WINDOWS\system32\yHkjlnnn.ini2
   C:\WINDOWS\system32
nnljkHy.dll.vir
   [b]==> VUNDO <==/b
 
   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\CHARLO~1\Mes documents\Torrents\BitComet\Torrents\Rhinoceros 3.0+crack.rar.torrent
   C:\DOCUME~1\CHARLO~1\Recent\Google.SketchUp.Pro.6.KeyGen-acme (2).lnk



   1 - "C:\ToolBar SD\TB_1.txt" - 31/03/2009|20:27 - Option : [2]

CharlieMusic · Answer

et le dernier de RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Charlotte at 2009-03-31 20:43:52
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 9 GB (10%) free of 95 GB
Total RAM: 1022 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:46, on 31/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\afisicx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mstd.exe
C:\WINDOWS\system32\3361\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\mdm32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32	dctxte.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\WINDOWS\System32eader_s.exe
C:\Documents and Settings\Charlotteeader_s.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\3652853832.exe
C:\Documents and Settings\Charlotteeader_s.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Charlotte\Application Data
idle
idle.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
9sq5h7g.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
9sq5h7g.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\VPro610.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Charlotte.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.13.6:3333
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: C:\WINDOWS\system32
hser43uhjnefr.dll - {C2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32
hser43uhjnefr.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {f3ce92c3-e612-4370-bfbe-d19c0ce2d438} - C:\WINDOWS\system32\siruguhu.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\svchost.exe"
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32eader_s.exe
O4 - HKLM\..\Run: [CPMf73825c5] Rundll32.exe "c:\windows\system32\wifokuvi.dll",a
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\svchost.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [HardTruckTycoonSetup.exe] C:\DOCUME~1\CHARLO~1\Bureau\HARDTR~1.EXE /r
O4 - HKCU\..\Run: [Tons Corn] C:\DOCUME~1\CHARLO~1\APPLIC~1\MATHCD~1\list proxy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SDF8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\3652853832.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Charlotteeader_s.exe
O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Charlotte\Application Data
idle
idle.exe" 61A847B5BBF72813329B38557AFA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [] C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
9sq5h7g.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
9sq5h7g.exe
O4 - HKUS\S-1-5-19\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\j90gb547.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Charlotteeader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\j90gb547.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\postit\PsnLite.exe
O4 - Global Startup: VProperty.lnk = C:\WINDOWS\VPro610.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet	ools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D5D30A68-E230-49D9-B4D5-BF7532692945} (CDiscountObj Class) - https://clients.cdiscount.com/Order/TechCity/activex/CDiscount.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL (file missing)
O20 - AppInit_DLLs: jat.dll kbiihf.dll C:\WINDOWS\system32\zitakihu.dll xywxoa.dll lsgysp.dll ascjsa.dll fagsaa.dll dtxjyi.dll yznzzh.dll ooytoc.dll c:\windows\system32\fifugiku.dll c:\windows\system32\wifokuvi.dll
O20 - Winlogon Notify: efcYRjIA - efcYRjIA.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wifokuvi.dll
O22 - SharedTaskScheduler: kjm6t5rinmhp8o87t7r6gh - {C2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32
hser43uhjnefr.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wifokuvi.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: afisicx  Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satelliteaysat_3dsMax2009_32server.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: sopidkc  Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: tdctxte  Service (tdctxte) - Unknown owner - C:\WINDOWS\system32	dctxte.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

sKe69 · Answer

bon ...


cela ne sent pas bon du tout !.... -_-

de nouvelles infections arrivent à la pelle ! .... j'ai peur que Virut soit dans le coup !



fais ceci pour vérifier :


1- Avoir accès aux fichiers cachés :
 
Va dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage 
* "Afficher les fichiers et dossiers cachés" ---> coché 
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché 
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... ) 



2- Rends toi sur ce site : 

https://www.virustotal.com/gui/ 

Copies ce qui suit et colles le dans l'espace pour la recherche : 
C:\WINDOWS\System32\reader_s.exe

Clique sur Send File ( = " Envoyer le fichier " ). 

Un rapport va s'élaborer ligne à ligne. 

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé. 

Sauvegarde le rapport avec le bloc-note. 

Copie le dans ta prochaine réponse ... 

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )

CharlieMusic · Answer

je vois pas ds poste de travail l'onglet outils et options des dossiers .. :s si je click sur l'onglet outils ca me propose "connecter au réseau"...."synchroniser"....

sKe69 · Answer

passe à la suite pour voire ...

CharlieMusic · Answer

voila le rapport.... Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.03.31 Trojan-PWS.Papras!IK AhnLab-V3 5.0.0.2 2009.03.31 Win-Trojan/Agent.37376.OQ AntiVir 7.9.0.129 2009.03.31 TR/PSW.Papras.N Antiy-AVL 2.0.3.1 2009.03.31 Trojan/Win32.Agent2 Authentium 5.1.2.4 2009.03.30 - Avast 4.8.1335.0 2009.03.31 Win32:Vupa AVG 8.5.0.285 2009.03.31 SHeur2.WNC BitDefender 7.2 2009.03.31 Trojan.PWS.Papras.N CAT-QuickHeal 10.00 2009.03.31 Trojan.Agent2.fsa ClamAV 0.94.1 2009.03.31 - Comodo 1092 2009.03.31 - DrWeb 4.44.0.09170 2009.03.31 Trojan.DownLoad.29459 eSafe 7.0.17.0 2009.03.31 Suspicious File eTrust-Vet 31.6.6427 2009.03.31 - F-Prot 4.4.4.56 2009.03.30 - F-Secure 8.0.14470.0 2009.03.31 Trojan.Win32.Agent2.fsa Fortinet 3.117.0.0 2009.03.31 PossibleThreat GData 19 2009.03.31 Trojan.PWS.Papras.N Ikarus T3.1.1.49.0 2009.03.31 Trojan-PWS.Papras K7AntiVirus 7.10.687 2009.03.31 Trojan.Win32.Agent2.fsa Kaspersky 7.0.0.125 2009.03.31 Trojan.Win32.Agent2.fsa McAfee 5570 2009.03.31 Generic.dx McAfee+Artemis 5570 2009.03.31 Generic.dx McAfee-GW-Edition 6.7.6 2009.03.31 Trojan.PSW.Papras.N Microsoft 1.4502 2009.03.31 - NOD32 3978 2009.03.31 Win32/Wigon Norman 6.00.06 2009.03.31 W32/Agent.MEXE nProtect 2009.1.8.0 2009.03.31 Trojan/W32.Agent2.37376.C Panda 10.0.0.14 2009.03.31 - PCTools 4.4.2.0 2009.03.31 Trojan.Agent2!sd6 Rising 21.23.12.00 2009.03.31 Trojan.Win32.Nodef.gno Sophos 4.40.0 2009.03.31 Mal/EncPk-HJ Sunbelt 3.2.1858.2 2009.03.31 Trojan.Win32.Agent2.fsa Symantec 1.4.4.12 2009.03.31 Trojan Horse TheHacker 6.3.3.9.296 2009.03.30 Trojan/Agent2.fsa TrendMicro 8.700.0.1004 2009.03.31 TROJ_AGENT.CHB VBA32 3.12.10.1 2009.03.31 Trojan.Win32.Agent2.fsa ViRobot 2009.3.31.1669 2009.03.31 Trojan.Win32.Agent.37376.AH VirusBuster 4.6.5.0 2009.03.31 - Information additionnelle File size: 37376 bytes MD5...: b21c88a7add7afac981011013cc37bba SHA1..: 8d6fd06d1bff66c83271dfd3b639dcd751f5da66 SHA256: 31816e9aca3b477b7052b32d5d8f483eaffeb08ce468a1107e1b6df08799ee2c SHA512: 5f91217c0f191cc6449fb25d633ff967a17b99d34c7ca86ab866a77c27114daf e5fa6f5f8fcb71b3901bdf6611bf0e5273b71efa8ca88a19bbb8f8c8e20e9381 ssdeep: 768:kmv6IAFOHWsBY7Yj39EiRsUdhqW+VtsFOBENu8cNiudNXD/g:kY6IAFIYExR lhqhUUyNuLNDdNXc PEiD..: - TrID..: File type identification Win64 Executable Generic (88.0%) Win32 Dynamic Link Library (generic) (7.8%) Generic Win/DOS Executable (2.0%) DOS Executable Generic (2.0%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x75a0 timedatestamp.....: 0x47d0f256 (Fri Mar 07 07:44:22 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x8000 0x7400 7.83 e27fb063f102ee6377d932465615f945 .rdata 0x9000 0x1000 0xc00 3.94 bbeb986149b060bd8aa9e7c4f2a6a66c .data 0xa000 0x1000 0x800 5.47 34cc17082de2ff21c92622f0a41b7dda .rsrc 0xb000 0x3f0 0x400 3.43 a1141a0b74c163a7bd5eba40e80f4450 _win 0xc000 0x200 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b ( 4 imports ) > MSVCRT.dll: __p__fmode, strtol, strcpy, strcspn, _XcptFilter, memcpy, _strtime, exit, _wfullpath, _controlfp > GDI32.dll: CreateDIBSection, StartDocW, CreateRectRgn, CreateSolidBrush, DeleteDC, EndDoc, RestoreDC, GetDeviceCaps, StartPage, Polyline, RectInRegion > KERNEL32.dll: EnumSystemCodePagesA, GetVolumeInformationW, FindNextChangeNotification, ConsoleMenuControl, MoveFileWithProgressA, SetFilePointerEx, WaitNamedPipeA, FreeLibrary, SetVDMCurrentDirectories, GetWriteWatch > ulib.dll: _Initialize@TIMEINFO_ARGUMENT@@QAEEPAD@Z, _Resize@DSTRING@@UAEEK@Z, _Construct@WSTRING@@IAEXXZ, __1MESSAGE@@UAE@XZ, _QueryTimeOut@COMM_DEVICE@@QBEEXZ, _DisableBreakHandling@KEYBOARD@@SGEXZ, __0LONG_ARGUMENT@@QAE@XZ, __1PROGRAM@@UAE@XZ, _Initialize@TIMEINFO@@QAEEPAU_FILETIME@@@Z ( 0 exports ) RDS...: NSRL Reference Data Set - ThreatExpert info: https://www.symantec.com?md5=b21c88a7add7afac981011013cc37bba ATENTION ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

sKe69 · Answer

bien ....


écoute on va tenter de poursuivre le nettoyage , on verra bien ....



fais ceci :


Télécharge Lop S&D :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Déconnecte toi et ferme toutes tes applications en cours .

Double-clique sur sur l'.exe que tu viens de télécharger pour lancer l'installe .

Une fois l'installation faite, clique sur le raccourci pour lancer l'outil .  

Là,laisses toi guider: 
--->choisis l'option 1 (recherche) et valides.

(Tu ne fais pas l'option de nettoyage ( 2 ou 3) ).
 
Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Poste ce rapport dans ta prochaine réponse pour analyse .

Tuto : https://sites.google.com/site/eric71mespages/lop.sd.exe

CharlieMusic · Answer

Voila le rapport....g une chance de récupéré mon ordi sincerement ou pas tu penses...? est ce qu'il faut que j'enleve les mises à jour automatiques...?

   --------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU           T2300  @ 1.66GHz )
   BIOS : Phoenix NoteBIOS 4.0 Release 6.1     
   USER : Charlotte ( Administrator )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:93 Go (Free:9 Go)
   D:\ (CD or DVD)
   E:\ (USB)
   F:\ (USB)
   H:\ (USB)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 31/03/2009|22:39 )
 
   --------------------\  Listing des dossiers dans APPLIC~1

   [25/06/2008|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [10/11/2007|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
   [06/07/2007|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [30/04/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [31/12/2008|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
   [06/04/2006|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [05/02/2009|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [08/12/2008|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
   [09/12/2007|21:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
   [21/02/2009|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [01/05/2008|02:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
   [06/04/2006|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
   [09/11/2007|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\live 64 math does
   [09/09/2008|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [15/04/2006|23:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [25/06/2008|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Minnetonka Audio Software
   [13/04/2006|00:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
   [17/09/2008|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
   [05/01/2007|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [25/06/2008|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Syncrosoft
   [08/09/2008|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
   [08/12/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
   [25/06/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
   [31/12/2006|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

   [12/12/2008|11:09] C:\DOCUME~1\CHARLO~1\APPLIC~1\3M
   [27/03/2009|17:17] C:\DOCUME~1\CHARLO~1\APPLIC~1\Adobe
   [03/05/2006|16:07] C:\DOCUME~1\CHARLO~1\APPLIC~1\AdobeUM
   [06/04/2006|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\Ahead
   [15/03/2009|19:31] C:\DOCUME~1\CHARLO~1\APPLIC~1\Apple Computer
   [26/04/2006|11:15] C:\DOCUME~1\CHARLO~1\APPLIC~1\ArcSoft
   [31/12/2008|16:05] C:\DOCUME~1\CHARLO~1\APPLIC~1\Autodesk
   [03/03/2009|11:15] C:\DOCUME~1\CHARLO~1\APPLIC~1\dvdcss
   [21/09/2008|23:11] C:\DOCUME~1\CHARLO~1\APPLIC~1\EoRezo
   [08/12/2008|13:40] C:\DOCUME~1\CHARLO~1\APPLIC~1\EPSON
   [25/06/2008|16:35] C:\DOCUME~1\CHARLO~1\APPLIC~1\FireBox Mixer
   [19/09/2007|18:45] C:\DOCUME~1\CHARLO~1\APPLIC~1\Google
   [27/09/2007|19:06] C:\DOCUME~1\CHARLO~1\APPLIC~1\Graphisoft
   [28/09/2007|00:20] C:\DOCUME~1\CHARLO~1\APPLIC~1\Help
   [05/11/2006|18:38] C:\DOCUME~1\CHARLO~1\APPLIC~1\HP
   [06/04/2006|10:35] C:\DOCUME~1\CHARLO~1\APPLIC~1\Identities
   [29/03/2009|22:00] C:\DOCUME~1\CHARLO~1\APPLIC~1\Image Zone Express
   [08/12/2008|13:20] C:\DOCUME~1\CHARLO~1\APPLIC~1\InstallShield
   [18/09/2008|09:11] C:\DOCUME~1\CHARLO~1\APPLIC~1\ItsLabel
   [19/04/2006|16:28] C:\DOCUME~1\CHARLO~1\APPLIC~1\Macromedia
   [09/09/2008|12:28] C:\DOCUME~1\CHARLO~1\APPLIC~1\Malwarebytes
   [09/11/2007|23:12] C:\DOCUME~1\CHARLO~1\APPLIC~1\Math Cdrom Help
   [12/12/2008|16:09] C:\DOCUME~1\CHARLO~1\APPLIC~1\Microsoft
   [07/12/2008|15:03] C:\DOCUME~1\CHARLO~1\APPLIC~1\Mozilla
   [31/03/2009|20:44] C:\DOCUME~1\CHARLO~1\APPLIC~1
idle
   [25/02/2009|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\pdfforge
   [25/03/2009|14:36] C:\DOCUME~1\CHARLO~1\APPLIC~1\Samsung
   [25/02/2009|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings
   [29/02/2008|20:55] C:\DOCUME~1\CHARLO~1\APPLIC~1\Skype
   [25/06/2008|15:45] C:\DOCUME~1\CHARLO~1\APPLIC~1\Steinberg
   [27/09/2007|16:31] C:\DOCUME~1\CHARLO~1\APPLIC~1\Sun
   [11/02/2009|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\U3
   [25/06/2008|17:13] C:\DOCUME~1\CHARLO~1\APPLIC~1\Ulead Systems
   [07/04/2006|14:39] C:\DOCUME~1\CHARLO~1\APPLIC~1\vlc

   [06/04/2006|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [30/03/2009|22:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
   [30/03/2009|22:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
   [10/12/2006|23:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [06/04/2006|10:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [05/05/2008 07:48][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [31/03/2009 22:00][--ah-----] C:\WINDOWS	asks\AD551DE1918A8EC9.job
   [29/03/2009 23:00][--a------] C:\WINDOWS	asks\At48.job
   [31/03/2009 22:00][--a------] C:\WINDOWS	asks\At47.job
   [31/03/2009 20:00][--a------] C:\WINDOWS	asks\At45.job
   [31/03/2009 21:00][--a------] C:\WINDOWS	asks\At46.job
   [28/03/2009 19:00][--a------] C:\WINDOWS	asks\At43.job
   [29/03/2009 19:00][--a------] C:\WINDOWS	asks\At44.job
   [29/03/2009 17:00][--a------] C:\WINDOWS	asks\At42.job
   [29/03/2009 16:00][--a------] C:\WINDOWS	asks\At41.job
   [29/03/2009 13:00][--a------] C:\WINDOWS	asks\At38.job
   [27/03/2009 16:00][--a------] C:\WINDOWS	asks\At40.job
   [26/03/2009 15:00][--a------] C:\WINDOWS	asks\At39.job
   [31/03/2009 12:00][--a------] C:\WINDOWS	asks\At37.job
   [31/03/2009 11:00][--a------] C:\WINDOWS	asks\At36.job
   [31/03/2009 10:00][--a------] C:\WINDOWS	asks\At35.job
   [01/09/2007 13:02][--a------] C:\WINDOWS	asks\At32.job
   [23/02/2009 10:00][--a------] C:\WINDOWS	asks\At34.job
   [04/10/2008 08:00][--a------] C:\WINDOWS	asks\At33.job
   [09/05/2008 05:00][--a------] C:\WINDOWS	asks\At30.job
   [01/09/2007 13:02][--a------] C:\WINDOWS	asks\At31.job
   [09/05/2008 04:00][--a------] C:\WINDOWS	asks\At29.job
   [23/11/2008 03:00][--a------] C:\WINDOWS	asks\At27.job
   [29/11/2008 04:00][--a------] C:\WINDOWS	asks\At28.job
   [27/03/2009 01:00][--a------] C:\WINDOWS	asks\At25.job
   [24/03/2009 02:00][--a------] C:\WINDOWS	asks\At26.job
   [31/03/2009 22:00][--a------] C:\WINDOWS	asks\At23.job
   [29/03/2009 23:00][--a------] C:\WINDOWS	asks\At24.job
   [31/03/2009 21:00][--a------] C:\WINDOWS	asks\At22.job
   [29/03/2009 19:00][--a------] C:\WINDOWS	asks\At20.job
   [31/03/2009 20:00][--a------] C:\WINDOWS	asks\At21.job
   [28/03/2009 19:00][--a------] C:\WINDOWS	asks\At19.job
   [29/03/2009 17:00][--a------] C:\WINDOWS	asks\At18.job
   [27/03/2009 16:00][--a------] C:\WINDOWS	asks\At16.job
   [29/03/2009 16:00][--a------] C:\WINDOWS	asks\At17.job
   [26/03/2009 15:00][--a------] C:\WINDOWS	asks\At15.job
   [31/03/2009 12:00][--a------] C:\WINDOWS	asks\At13.job
   [29/03/2009 13:00][--a------] C:\WINDOWS	asks\At14.job
   [23/02/2009 10:00][--a------] C:\WINDOWS	asks\At10.job
   [31/03/2009 11:00][--a------] C:\WINDOWS	asks\At12.job
   [31/03/2009 10:00][--a------] C:\WINDOWS	asks\At11.job
   [04/10/2008 08:00][--a------] C:\WINDOWS	asks\At9.job
   [17/06/2007 15:32][--a------] C:\WINDOWS	asks\At7.job
   [30/06/2007 07:00][--a------] C:\WINDOWS	asks\At8.job
   [09/05/2008 05:00][--a------] C:\WINDOWS	asks\At6.job
   [09/05/2008 04:00][--a------] C:\WINDOWS	asks\At5.job
   [29/11/2008 04:00][--a------] C:\WINDOWS	asks\At4.job
   [23/11/2008 03:00][--a------] C:\WINDOWS	asks\At3.job
   [24/03/2009 02:00][--a------] C:\WINDOWS	asks\At2.job
   [27/03/2009 01:00][--a------] C:\WINDOWS	asks\At1.job
   [31/03/2009 20:55][--ah-----] C:\WINDOWS	asks\SA.DAT
   [24/08/2001 14:00][-r-h-c---] C:\WINDOWS	asks\desktop.ini

   ( AD551DE1918A8EC9.job )=( c:\docume~1\charlo~1\applic~1\mathcd~1\DentUserTrans.exe )

   --------------------\  Listing des dossiers dans C:\Program Files

   [09/12/2008|21:38] C:\Program Files\ABBYY FineReader 6.0 Sprint
   [24/06/2008|22:56] C:\Program Files\adaptateur firewire INDEO
   [25/06/2008|18:59] C:\Program Files\Adobe
   [26/04/2008|15:31] C:\Program Files\Apple Software Update
   [26/03/2009|23:29] C:\Program Files\ArchiCAD 12
   [06/04/2006|10:55] C:\Program Files\ASUSTek
   [31/12/2008|16:09] C:\Program Files\AutoCAD 2008
   [24/03/2009|00:56] C:\Program Files\Autodesk Revit Building 8.1
   [31/12/2008|16:02] C:\Program Files\Autodesk, 3DS max
   [25/03/2009|17:37] C:\Program Files\BitComet
   [20/01/2008|22:26] C:\Program Files\Bonjour
   [27/06/2008|19:08] C:\Program Files\CARTE SON
   [06/04/2006|10:55] C:\Program Files\CyberLink
   [25/06/2008|15:22] C:\Program Files\Cycling '74
   [08/12/2008|13:25] C:\Program Files\epson
   [31/03/2009|12:59] C:\Program Files\ESET
   [25/03/2009|17:38] C:\Program Files\Fichiers communs
   [12/12/2006|11:08] C:\Program Files\Free
   [21/02/2009|20:20] C:\Program Files\Google
   [16/10/2008|18:52] C:\Program Files\Google SketchUp 6
   [24/09/2008|11:20] C:\Program Files\Graphisoft
   [31/03/2009|11:27] C:\Program Files\HijackThis
   [09/11/2007|23:36] C:\Program Files\HP
   [06/04/2006|12:30] C:\Program Files\HPQ
   [11/12/2008|22:30] C:\Program Files\InstallShield Installation Information
   [06/04/2006|12:14] C:\Program Files\Intel
   [20/12/2008|10:56] C:\Program Files\Internet Explorer
   [26/04/2008|14:50] C:\Program Files\iPod
   [26/04/2008|14:50] C:\Program Files\iTunes
   [27/09/2007|16:32] C:\Program Files\Java
   [06/04/2006|10:21] C:\Program Files\microsoft frontpage
   [26/04/2006|11:36] C:\Program Files\Microsoft IntelliPoint
   [31/12/2008|16:00] C:\Program Files\Microsoft Office
   [06/04/2006|12:47] C:\Program Files\Microsoft Visual Studio
   [06/04/2006|12:47] C:\Program Files\Microsoft Works
   [06/04/2006|12:51] C:\Program Files\Microsoft.NET
   [20/02/2009|18:55] C:\Program Files\Movie Maker
   [31/03/2009|20:44] C:\Program Files\Mozilla Firefox
   [20/12/2008|11:28] C:\Program Files\MSBuild
   [06/04/2006|10:15] C:\Program Files\MSN
   [06/04/2006|10:16] C:\Program Files\MSN Gaming Zone
   [26/02/2007|23:51] C:\Program Files\MSN Messenger
   [06/04/2006|11:59] C:\Program Files\Nero
   [06/04/2006|10:18] C:\Program Files\NetMeeting
   [06/04/2006|10:18] C:\Program Files\Outlook Express
   [25/02/2009|11:58] C:\Program Files\PDFCreator
   [25/02/2009|11:57] C:\Program Files\pdfforge Toolbar
   [02/03/2008|23:29] C:\Program Files\PeerGuardian2
   [25/03/2009|14:34] C:\Program Files\photoshop
   [29/06/2008|18:30] C:\Program Files\PIXELA
   [12/12/2008|11:09] C:\Program Files\postit
   [25/06/2008|15:15] C:\Program Files\PreSonus-carte son
   [26/04/2008|14:44] C:\Program Files\QuickTime
   [20/12/2008|11:14] C:\Program Files\Reference Assemblies
   [20/12/2008|10:44] C:\Program Files\Rhinoceros 4.0
   [06/04/2006|12:34] C:\Program Files\Sigmatel
   [07/11/2007|23:16] C:\Program Files\Sony Corporation
   [25/06/2008|15:47] C:\Program Files\Steinberg
   [25/06/2008|15:45] C:\Program Files\Syncrosoft
   [31/03/2009|11:28] C:\Program Files\Trend Micro
   [06/04/2006|10:35] C:\Program Files\Uninstall Information
   [06/04/2006|10:55] C:\Program Files\VideoLAN
   [27/09/2007|16:54] C:\Program Files\WIBUKEY
   [27/09/2007|16:54] C:\Program Files\WIBU-SYSTEMS
   [25/06/2008|15:04] C:\Program Files\Windows Media Components
   [02/01/2007|20:03] C:\Program Files\Windows Media Connect 2
   [30/12/2006|19:25] C:\Program Files\Windows Media Player
   [06/04/2006|10:15] C:\Program Files\Windows NT
   [06/04/2006|10:19] C:\Program Files\WindowsUpdate
   [28/09/2007|00:20] C:\Program Files\WinRAR
   [06/04/2006|10:21] C:\Program Files\xerox

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [10/01/2008|22:10] C:\Program Files\Fichiers communs\Adobe
   [10/11/2007|00:11] C:\Program Files\Fichiers communs\Adobe Systems Shared
   [06/04/2006|11:59] C:\Program Files\Fichiers communs\Ahead
   [06/07/2007|09:41] C:\Program Files\Fichiers communs\Apple
   [26/04/2006|11:04] C:\Program Files\Fichiers communs\ArcSoft
   [24/03/2009|00:57] C:\Program Files\Fichiers communs\Autodesk Shared
   [25/06/2008|15:22] C:\Program Files\Fichiers communs\Cycling '74
   [31/12/2008|16:01] C:\Program Files\Fichiers communs\DESIGNER
   [25/06/2008|15:22] C:\Program Files\Fichiers communs\Digidesign
   [05/11/2006|18:32] C:\Program Files\Fichiers communs\Hewlett-Packard
   [05/11/2006|18:37] C:\Program Files\Fichiers communs\HP
   [25/06/2008|15:03] C:\Program Files\Fichiers communs\InstallShield
   [27/09/2007|16:32] C:\Program Files\Fichiers communs\Java
   [01/12/2007|13:56] C:\Program Files\Fichiers communs\Macrovision Shared
   [31/12/2008|16:00] C:\Program Files\Fichiers communs\Microsoft Shared
   [06/04/2006|10:18] C:\Program Files\Fichiers communs\MSSoap
   [07/11/2007|23:16] C:\Program Files\Fichiers communs\muvee Technologies
   [06/04/2006|12:10] C:\Program Files\Fichiers communs\ODBC
   [06/04/2006|10:18] C:\Program Files\Fichiers communs\Services
   [26/04/2006|11:04] C:\Program Files\Fichiers communs\SPC610NC
   [06/04/2006|12:10] C:\Program Files\Fichiers communs\SpeechEngines
   [06/04/2006|12:46] C:\Program Files\Fichiers communs\System
   [25/06/2008|15:03] C:\Program Files\Fichiers communs\Ulead Systems

   --------------------\  Process

   ( 62 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   C:\DOCUME~1\CHARLO~1\APPLIC~1\MATHCD~1
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\DOCUME~1\ALLUSE~1\APPLIC~1\live 64 math does
   C:\DOCUME~1\CHARLO~1\APPLIC~1\mathcd~1
   C:\WINDOWS\Tasks\AD551DE1918A8EC9.job
 
   --------------------\  Verification du Registre

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	wo joy test]
   "DisplayName"="CiD Help"
   "UninstallString"="C:\DOCUME~1\CHARLO~1\APPLIC~1\MATHCD~1\list proxy.exe -uninstall"

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
   "Tons Corn"="C:\DOCUME~1\CHARLO~1\APPLIC~1\MATHCD~1\list proxy.exe"
   "Tons Corn"="C:\DOCUME~1\CHARLO~1\APPLIC~1\MATHCD~1\list proxy.exe"

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-03-31 23:34:37
   Windows 5.1.2600 Service Pack 2 NTFS
   detected NTDLL code modification:
   ZwOpenFile
   scanning hidden processes ...
   ? [19708]
   ? [4636]
   ? [17028]
   ? [29184]
   scanning hidden files ...
   scan completed successfully
   hidden processes: 4
   hidden files: 534
 
   --------------------\  Recherche d'autres infections

   C:\WINDOWS\Tasks\At1.job
   C:\WINDOWS\Tasks\At10.job
   C:\WINDOWS\Tasks\At11.job
   C:\WINDOWS\Tasks\At12.job
   C:\WINDOWS\Tasks\At13.job
   C:\WINDOWS\Tasks\At14.job
   C:\WINDOWS\Tasks\At15.job
   C:\WINDOWS\Tasks\At16.job
   C:\WINDOWS\Tasks\At17.job
   C:\WINDOWS\Tasks\At18.job
   C:\WINDOWS\Tasks\At19.job
   C:\WINDOWS\Tasks\At2.job
   C:\WINDOWS\Tasks\At20.job
   C:\WINDOWS\Tasks\At21.job
   C:\WINDOWS\Tasks\At22.job
   C:\WINDOWS\Tasks\At23.job
   C:\WINDOWS\Tasks\At24.job
   C:\WINDOWS\Tasks\At25.job
   C:\WINDOWS\Tasks\At26.job
   C:\WINDOWS\Tasks\At27.job
   C:\WINDOWS\Tasks\At28.job
   C:\WINDOWS\Tasks\At29.job
   C:\WINDOWS\Tasks\At3.job
   C:\WINDOWS\Tasks\At30.job
   C:\WINDOWS\Tasks\At31.job
   C:\WINDOWS\Tasks\At32.job
   C:\WINDOWS\Tasks\At33.job
   C:\WINDOWS\Tasks\At34.job
   C:\WINDOWS\Tasks\At35.job
   C:\WINDOWS\Tasks\At36.job
   C:\WINDOWS\Tasks\At37.job
   C:\WINDOWS\Tasks\At38.job
   C:\WINDOWS\Tasks\At39.job
   C:\WINDOWS\Tasks\At4.job
   C:\WINDOWS\Tasks\At40.job
   C:\WINDOWS\Tasks\At41.job
   C:\WINDOWS\Tasks\At42.job
   C:\WINDOWS\Tasks\At43.job
   C:\WINDOWS\Tasks\At44.job
   C:\WINDOWS\Tasks\At45.job
   C:\WINDOWS\Tasks\At46.job
   C:\WINDOWS\Tasks\At47.job
   C:\WINDOWS\Tasks\At48.job
   C:\WINDOWS\Tasks\At5.job
   C:\WINDOWS\Tasks\At6.job
   C:\WINDOWS\Tasks\At7.job
   C:\WINDOWS\Tasks\At8.job
   C:\WINDOWS\Tasks\At9.job

   C:\WINDOWS\system32\yHkjlnnn.ini
   C:\WINDOWS\system32\yHkjlnnn.ini2
   C:\WINDOWS\system32
nnljkHy.dll.vir
   [b]==> VUNDO <==/b
 
   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\CHARLO~1\Mes documents\Torrents\BitComet\Torrents\Rhinoceros 3.0+crack.rar.torrent
   C:\DOCUME~1\CHARLO~1\Recent\Google.SketchUp.Pro.6.KeyGen-acme (2).lnk


   [F:6629][D:317]-> C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
   [F:2][D:0]-> C:\DOCUME~1\CHARLO~1\Cookies
   [F:56][D:5]-> C:\DOCUME~1\CHARLO~1\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 31/03/2009|23:52 - Option : [1]

   --------------------\  Fin du rapport a 23:52:05

sKe69 · Answer

Pour ton ordi , on va tout faire pour ... ^^"


la suite dans l'ordre :


1- ! Déconnecte toi et ferme toutes tes applications en cours !

Relance Lop S&D ,
 
--->choisis cette fois l'option 2 ( nettoyage ) et valide ...

->ne touche à rien pendant que l'outil travail .

 
Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Poste ce rapport dans ta prochaine réponse pour analyse ...

une fois ce rapport posté , fais la suite :

==============================

2- Télécharge SDFix sur ton bureau :
ici http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
ou ici http://download.bleepingcomputer.com/andymanchesta/SDFix.exe
ou ici http://sdfix.net/SDFix.exe
 
--> Double-clique sur SDFix.exe et choisis "Install" .

( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )

Puis une fois l'installe faite ,

Impératif : Démarrer en mode sans echec .

 /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\ 

Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage . 
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ). 
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...

 
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil . 
-->Tapes Y pour lancer le script ... 
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé . 

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier 
C:\SDFix sous le nom "Report.txt".

Poste ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport RSIT ( log.txt ) pour analyse et attends la suite ...

CharlieMusic · Answer

voici le rapport de l'étape 2 de lopSD ...je continuerai le nettoyage demain... :s merci pr tout...

   --------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU           T2300  @ 1.66GHz )
   BIOS : Phoenix NoteBIOS 4.0 Release 6.1     
   USER : Charlotte ( Administrator )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:93 Go (Free:9 Go)
   D:\ (CD or DVD)
   E:\ (USB)
   F:\ (USB)
   H:\ (USB)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [2] ( 01/04/2009| 0:09 )


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\WINDOWS\Tasks\AD551DE1918A8EC9.job 
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\live 64 math does
   Supprime! - C:\DOCUME~1\CHARLO~1\APPLIC~1\mathcd~1
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans APPLIC~1

   [25/06/2008|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [10/11/2007|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
   [06/07/2007|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [30/04/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [31/12/2008|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
   [06/04/2006|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [05/02/2009|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [08/12/2008|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
   [09/12/2007|21:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
   [21/02/2009|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [01/05/2008|02:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
   [06/04/2006|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
   [09/09/2008|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [15/04/2006|23:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [25/06/2008|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Minnetonka Audio Software
   [13/04/2006|00:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
   [17/09/2008|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
   [05/01/2007|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [25/06/2008|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Syncrosoft
   [08/09/2008|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
   [08/12/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
   [25/06/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
   [31/12/2006|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

   [12/12/2008|11:09] C:\DOCUME~1\CHARLO~1\APPLIC~1\3M
   [27/03/2009|17:17] C:\DOCUME~1\CHARLO~1\APPLIC~1\Adobe
   [03/05/2006|16:07] C:\DOCUME~1\CHARLO~1\APPLIC~1\AdobeUM
   [06/04/2006|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\Ahead
   [15/03/2009|19:31] C:\DOCUME~1\CHARLO~1\APPLIC~1\Apple Computer
   [26/04/2006|11:15] C:\DOCUME~1\CHARLO~1\APPLIC~1\ArcSoft
   [31/12/2008|16:05] C:\DOCUME~1\CHARLO~1\APPLIC~1\Autodesk
   [03/03/2009|11:15] C:\DOCUME~1\CHARLO~1\APPLIC~1\dvdcss
   [21/09/2008|23:11] C:\DOCUME~1\CHARLO~1\APPLIC~1\EoRezo
   [08/12/2008|13:40] C:\DOCUME~1\CHARLO~1\APPLIC~1\EPSON
   [25/06/2008|16:35] C:\DOCUME~1\CHARLO~1\APPLIC~1\FireBox Mixer
   [19/09/2007|18:45] C:\DOCUME~1\CHARLO~1\APPLIC~1\Google
   [27/09/2007|19:06] C:\DOCUME~1\CHARLO~1\APPLIC~1\Graphisoft
   [28/09/2007|00:20] C:\DOCUME~1\CHARLO~1\APPLIC~1\Help
   [05/11/2006|18:38] C:\DOCUME~1\CHARLO~1\APPLIC~1\HP
   [06/04/2006|10:35] C:\DOCUME~1\CHARLO~1\APPLIC~1\Identities
   [29/03/2009|22:00] C:\DOCUME~1\CHARLO~1\APPLIC~1\Image Zone Express
   [08/12/2008|13:20] C:\DOCUME~1\CHARLO~1\APPLIC~1\InstallShield
   [18/09/2008|09:11] C:\DOCUME~1\CHARLO~1\APPLIC~1\ItsLabel
   [19/04/2006|16:28] C:\DOCUME~1\CHARLO~1\APPLIC~1\Macromedia
   [09/09/2008|12:28] C:\DOCUME~1\CHARLO~1\APPLIC~1\Malwarebytes
   [12/12/2008|16:09] C:\DOCUME~1\CHARLO~1\APPLIC~1\Microsoft
   [07/12/2008|15:03] C:\DOCUME~1\CHARLO~1\APPLIC~1\Mozilla
   [31/03/2009|20:44] C:\DOCUME~1\CHARLO~1\APPLIC~1
idle
   [25/02/2009|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\pdfforge
   [25/03/2009|14:36] C:\DOCUME~1\CHARLO~1\APPLIC~1\Samsung
   [25/02/2009|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\Search Settings
   [29/02/2008|20:55] C:\DOCUME~1\CHARLO~1\APPLIC~1\Skype
   [25/06/2008|15:45] C:\DOCUME~1\CHARLO~1\APPLIC~1\Steinberg
   [27/09/2007|16:31] C:\DOCUME~1\CHARLO~1\APPLIC~1\Sun
   [11/02/2009|12:01] C:\DOCUME~1\CHARLO~1\APPLIC~1\U3
   [25/06/2008|17:13] C:\DOCUME~1\CHARLO~1\APPLIC~1\Ulead Systems
   [07/04/2006|14:39] C:\DOCUME~1\CHARLO~1\APPLIC~1\vlc

   [06/04/2006|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [30/03/2009|22:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
   [30/03/2009|22:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
   [10/12/2006|23:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [06/04/2006|10:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [05/05/2008 07:48][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [31/03/2009 23:00][--a------] C:\WINDOWS	asks\At48.job
   [31/03/2009 20:00][--a------] C:\WINDOWS	asks\At45.job
   [31/03/2009 22:00][--a------] C:\WINDOWS	asks\At47.job
   [31/03/2009 21:00][--a------] C:\WINDOWS	asks\At46.job
   [28/03/2009 19:00][--a------] C:\WINDOWS	asks\At43.job
   [29/03/2009 17:00][--a------] C:\WINDOWS	asks\At42.job
   [29/03/2009 19:00][--a------] C:\WINDOWS	asks\At44.job
   [26/03/2009 15:00][--a------] C:\WINDOWS	asks\At39.job
   [27/03/2009 16:00][--a------] C:\WINDOWS	asks\At40.job
   [29/03/2009 16:00][--a------] C:\WINDOWS	asks\At41.job
   [29/03/2009 13:00][--a------] C:\WINDOWS	asks\At38.job
   [31/03/2009 10:00][--a------] C:\WINDOWS	asks\At35.job
   [31/03/2009 12:00][--a------] C:\WINDOWS	asks\At37.job
   [31/03/2009 11:00][--a------] C:\WINDOWS	asks\At36.job
   [01/09/2007 13:02][--a------] C:\WINDOWS	asks\At32.job
   [04/10/2008 08:00][--a------] C:\WINDOWS	asks\At33.job
   [23/02/2009 10:00][--a------] C:\WINDOWS	asks\At34.job
   [01/09/2007 13:02][--a------] C:\WINDOWS	asks\At31.job
   [09/05/2008 04:00][--a------] C:\WINDOWS	asks\At29.job
   [09/05/2008 05:00][--a------] C:\WINDOWS	asks\At30.job
   [01/04/2009 00:00][--a------] C:\WINDOWS	asks\At25.job
   [23/11/2008 03:00][--a------] C:\WINDOWS	asks\At27.job
   [29/11/2008 04:00][--a------] C:\WINDOWS	asks\At28.job
   [24/03/2009 02:00][--a------] C:\WINDOWS	asks\At26.job
   [31/03/2009 22:00][--a------] C:\WINDOWS	asks\At23.job
   [31/03/2009 23:00][--a------] C:\WINDOWS	asks\At24.job
   [31/03/2009 21:00][--a------] C:\WINDOWS	asks\At22.job
   [31/03/2009 20:00][--a------] C:\WINDOWS	asks\At21.job
   [28/03/2009 19:00][--a------] C:\WINDOWS	asks\At19.job
   [29/03/2009 19:00][--a------] C:\WINDOWS	asks\At20.job
   [29/03/2009 17:00][--a------] C:\WINDOWS	asks\At18.job
   [29/03/2009 16:00][--a------] C:\WINDOWS	asks\At17.job
   [27/03/2009 16:00][--a------] C:\WINDOWS	asks\At16.job
   [26/03/2009 15:00][--a------] C:\WINDOWS	asks\At15.job
   [29/03/2009 13:00][--a------] C:\WINDOWS	asks\At14.job
   [31/03/2009 12:00][--a------] C:\WINDOWS	asks\At13.job
   [31/03/2009 10:00][--a------] C:\WINDOWS	asks\At11.job
   [23/02/2009 10:00][--a------] C:\WINDOWS	asks\At10.job
   [31/03/2009 11:00][--a------] C:\WINDOWS	asks\At12.job
   [04/10/2008 08:00][--a------] C:\WINDOWS	asks\At9.job
   [30/06/2007 07:00][--a------] C:\WINDOWS	asks\At8.job
   [17/06/2007 15:32][--a------] C:\WINDOWS	asks\At7.job
   [09/05/2008 04:00][--a------] C:\WINDOWS	asks\At5.job
   [09/05/2008 05:00][--a------] C:\WINDOWS	asks\At6.job
   [29/11/2008 04:00][--a------] C:\WINDOWS	asks\At4.job
   [23/11/2008 03:00][--a------] C:\WINDOWS	asks\At3.job
   [24/03/2009 02:00][--a------] C:\WINDOWS	asks\At2.job
   [01/04/2009 00:00][--a------] C:\WINDOWS	asks\At1.job
   [31/03/2009 23:58][--ah-----] C:\WINDOWS	asks\SA.DAT
   [24/08/2001 14:00][-r-h-c---] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [09/12/2008|21:38] C:\Program Files\ABBYY FineReader 6.0 Sprint
   [24/06/2008|22:56] C:\Program Files\adaptateur firewire INDEO
   [25/06/2008|18:59] C:\Program Files\Adobe
   [26/04/2008|15:31] C:\Program Files\Apple Software Update
   [26/03/2009|23:29] C:\Program Files\ArchiCAD 12
   [06/04/2006|10:55] C:\Program Files\ASUSTek
   [31/12/2008|16:09] C:\Program Files\AutoCAD 2008
   [24/03/2009|00:56] C:\Program Files\Autodesk Revit Building 8.1
   [31/12/2008|16:02] C:\Program Files\Autodesk, 3DS max
   [25/03/2009|17:37] C:\Program Files\BitComet
   [20/01/2008|22:26] C:\Program Files\Bonjour
   [27/06/2008|19:08] C:\Program Files\CARTE SON
   [06/04/2006|10:55] C:\Program Files\CyberLink
   [25/06/2008|15:22] C:\Program Files\Cycling '74
   [08/12/2008|13:25] C:\Program Files\epson
   [31/03/2009|12:59] C:\Program Files\ESET
   [25/03/2009|17:38] C:\Program Files\Fichiers communs
   [12/12/2006|11:08] C:\Program Files\Free
   [21/02/2009|20:20] C:\Program Files\Google
   [16/10/2008|18:52] C:\Program Files\Google SketchUp 6
   [24/09/2008|11:20] C:\Program Files\Graphisoft
   [31/03/2009|11:27] C:\Program Files\HijackThis
   [09/11/2007|23:36] C:\Program Files\HP
   [06/04/2006|12:30] C:\Program Files\HPQ
   [11/12/2008|22:30] C:\Program Files\InstallShield Installation Information
   [06/04/2006|12:14] C:\Program Files\Intel
   [20/12/2008|10:56] C:\Program Files\Internet Explorer
   [26/04/2008|14:50] C:\Program Files\iPod
   [26/04/2008|14:50] C:\Program Files\iTunes
   [27/09/2007|16:32] C:\Program Files\Java
   [06/04/2006|10:21] C:\Program Files\microsoft frontpage
   [26/04/2006|11:36] C:\Program Files\Microsoft IntelliPoint
   [31/12/2008|16:00] C:\Program Files\Microsoft Office
   [06/04/2006|12:47] C:\Program Files\Microsoft Visual Studio
   [06/04/2006|12:47] C:\Program Files\Microsoft Works
   [06/04/2006|12:51] C:\Program Files\Microsoft.NET
   [20/02/2009|18:55] C:\Program Files\Movie Maker
   [01/04/2009|00:00] C:\Program Files\Mozilla Firefox
   [20/12/2008|11:28] C:\Program Files\MSBuild
   [06/04/2006|10:15] C:\Program Files\MSN
   [06/04/2006|10:16] C:\Program Files\MSN Gaming Zone
   [26/02/2007|23:51] C:\Program Files\MSN Messenger
   [06/04/2006|11:59] C:\Program Files\Nero
   [06/04/2006|10:18] C:\Program Files\NetMeeting
   [06/04/2006|10:18] C:\Program Files\Outlook Express
   [25/02/2009|11:58] C:\Program Files\PDFCreator
   [25/02/2009|11:57] C:\Program Files\pdfforge Toolbar
   [02/03/2008|23:29] C:\Program Files\PeerGuardian2
   [25/03/2009|14:34] C:\Program Files\photoshop
   [29/06/2008|18:30] C:\Program Files\PIXELA
   [12/12/2008|11:09] C:\Program Files\postit
   [25/06/2008|15:15] C:\Program Files\PreSonus-carte son
   [26/04/2008|14:44] C:\Program Files\QuickTime
   [20/12/2008|11:14] C:\Program Files\Reference Assemblies
   [20/12/2008|10:44] C:\Program Files\Rhinoceros 4.0
   [06/04/2006|12:34] C:\Program Files\Sigmatel
   [07/11/2007|23:16] C:\Program Files\Sony Corporation
   [25/06/2008|15:47] C:\Program Files\Steinberg
   [25/06/2008|15:45] C:\Program Files\Syncrosoft
   [31/03/2009|11:28] C:\Program Files\Trend Micro
   [06/04/2006|10:35] C:\Program Files\Uninstall Information
   [06/04/2006|10:55] C:\Program Files\VideoLAN
   [27/09/2007|16:54] C:\Program Files\WIBUKEY
   [27/09/2007|16:54] C:\Program Files\WIBU-SYSTEMS
   [25/06/2008|15:04] C:\Program Files\Windows Media Components
   [02/01/2007|20:03] C:\Program Files\Windows Media Connect 2
   [30/12/2006|19:25] C:\Program Files\Windows Media Player
   [06/04/2006|10:15] C:\Program Files\Windows NT
   [06/04/2006|10:19] C:\Program Files\WindowsUpdate
   [28/09/2007|00:20] C:\Program Files\WinRAR
   [06/04/2006|10:21] C:\Program Files\xerox

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [10/01/2008|22:10] C:\Program Files\Fichiers communs\Adobe
   [10/11/2007|00:11] C:\Program Files\Fichiers communs\Adobe Systems Shared
   [06/04/2006|11:59] C:\Program Files\Fichiers communs\Ahead
   [06/07/2007|09:41] C:\Program Files\Fichiers communs\Apple
   [26/04/2006|11:04] C:\Program Files\Fichiers communs\ArcSoft
   [24/03/2009|00:57] C:\Program Files\Fichiers communs\Autodesk Shared
   [25/06/2008|15:22] C:\Program Files\Fichiers communs\Cycling '74
   [31/12/2008|16:01] C:\Program Files\Fichiers communs\DESIGNER
   [25/06/2008|15:22] C:\Program Files\Fichiers communs\Digidesign
   [05/11/2006|18:32] C:\Program Files\Fichiers communs\Hewlett-Packard
   [05/11/2006|18:37] C:\Program Files\Fichiers communs\HP
   [25/06/2008|15:03] C:\Program Files\Fichiers communs\InstallShield
   [27/09/2007|16:32] C:\Program Files\Fichiers communs\Java
   [01/12/2007|13:56] C:\Program Files\Fichiers communs\Macrovision Shared
   [31/12/2008|16:00] C:\Program Files\Fichiers communs\Microsoft Shared
   [06/04/2006|10:18] C:\Program Files\Fichiers communs\MSSoap
   [07/11/2007|23:16] C:\Program Files\Fichiers communs\muvee Technologies
   [06/04/2006|12:10] C:\Program Files\Fichiers communs\ODBC
   [06/04/2006|10:18] C:\Program Files\Fichiers communs\Services
   [26/04/2006|11:04] C:\Program Files\Fichiers communs\SPC610NC
   [06/04/2006|12:10] C:\Program Files\Fichiers communs\SpeechEngines
   [06/04/2006|12:46] C:\Program Files\Fichiers communs\System
   [25/06/2008|15:03] C:\Program Files\Fichiers communs\Ulead Systems

   --------------------\  Process

   ( 61 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-04-01 00:58:23
   Windows 5.1.2600 Service Pack 2 NTFS
   detected NTDLL code modification:
   ZwOpenFile
   scanning hidden processes ...
   ? [9188]
   ? [31360]
   scanning hidden files ...
   C:\WINDOWS\System32\Install.txt
   scan completed successfully
   hidden processes: 2
   hidden files: 535
 
   --------------------\  Recherche d'autres infections

   C:\WINDOWS\Tasks\At1.job
   C:\WINDOWS\Tasks\At10.job
   C:\WINDOWS\Tasks\At11.job
   C:\WINDOWS\Tasks\At12.job
   C:\WINDOWS\Tasks\At13.job
   C:\WINDOWS\Tasks\At14.job
   C:\WINDOWS\Tasks\At15.job
   C:\WINDOWS\Tasks\At16.job
   C:\WINDOWS\Tasks\At17.job
   C:\WINDOWS\Tasks\At18.job
   C:\WINDOWS\Tasks\At19.job
   C:\WINDOWS\Tasks\At2.job
   C:\WINDOWS\Tasks\At20.job
   C:\WINDOWS\Tasks\At21.job
   C:\WINDOWS\Tasks\At22.job
   C:\WINDOWS\Tasks\At23.job
   C:\WINDOWS\Tasks\At24.job
   C:\WINDOWS\Tasks\At25.job
   C:\WINDOWS\Tasks\At26.job
   C:\WINDOWS\Tasks\At27.job
   C:\WINDOWS\Tasks\At28.job
   C:\WINDOWS\Tasks\At29.job
   C:\WINDOWS\Tasks\At3.job
   C:\WINDOWS\Tasks\At30.job
   C:\WINDOWS\Tasks\At31.job
   C:\WINDOWS\Tasks\At32.job
   C:\WINDOWS\Tasks\At33.job
   C:\WINDOWS\Tasks\At34.job
   C:\WINDOWS\Tasks\At35.job
   C:\WINDOWS\Tasks\At36.job
   C:\WINDOWS\Tasks\At37.job
   C:\WINDOWS\Tasks\At38.job
   C:\WINDOWS\Tasks\At39.job
   C:\WINDOWS\Tasks\At4.job
   C:\WINDOWS\Tasks\At40.job
   C:\WINDOWS\Tasks\At41.job
   C:\WINDOWS\Tasks\At42.job
   C:\WINDOWS\Tasks\At43.job
   C:\WINDOWS\Tasks\At44.job
   C:\WINDOWS\Tasks\At45.job
   C:\WINDOWS\Tasks\At46.job
   C:\WINDOWS\Tasks\At47.job
   C:\WINDOWS\Tasks\At48.job
   C:\WINDOWS\Tasks\At5.job
   C:\WINDOWS\Tasks\At6.job
   C:\WINDOWS\Tasks\At7.job
   C:\WINDOWS\Tasks\At8.job
   C:\WINDOWS\Tasks\At9.job

   C:\WINDOWS\system32\yHkjlnnn.ini
   C:\WINDOWS\system32\yHkjlnnn.ini2
   C:\WINDOWS\system32
nnljkHy.dll.vir
   [b]==> VUNDO <==/b
 
   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\CHARLO~1\Mes documents\Torrents\BitComet\Torrents\Rhinoceros 3.0+crack.rar.torrent
   C:\DOCUME~1\CHARLO~1\Recent\Google.SketchUp.Pro.6.KeyGen-acme (2).lnk


   [F:6649][D:318]-> C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
   [F:2][D:0]-> C:\DOCUME~1\CHARLO~1\Cookies
   [F:56][D:5]-> C:\DOCUME~1\CHARLO~1\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 31/03/2009|23:52 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 01/04/2009| 1:13 - Option : [2]

CharlieMusic · Answer

et voici le rapport après SDFIX

[b]SDFix: Version 1.240 [/b]
Run by Charlotte on 01/04/2009 at 10:12

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

[b]Name [/b]: 
restore

[b]Path [/b]:
\??\C:\WINDOWS\system32\driversestore.sys 

restore - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\Charlotte\Local Settings\Temp\Google Toolbar\gtb2F9.tmp.exe - Deleted
C:\WINDOWS\system32\w.exe - Deleted
C:\WINDOWS\system32\2.tmp - Deleted
C:\WINDOWS\system32\3.tmp - Deleted
C:\WINDOWS\system32\5.tmp - Deleted
C:\WINDOWS\system32\7.tmp - Deleted
C:\WINDOWS\system32\2.tmp - Deleted
C:\A.tmp - Deleted
C:\WINDOWS\services.exe - Deleted
C:\WINDOWS\system32\comsa32.sys - Deleted





Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 11:15:27
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe"="C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\WIBUKEY\Server\WkSvW32.exe"="C:\Program Files\WIBUKEY\Server\WkSvW32.exe:*:Enabled:WIBU-KEY Network Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\ArchiCAD 11\ArchiCAD 11\ArchiCAD.exe"="C:\Program Files\ArchiCAD 11\ArchiCAD 11\ArchiCAD.exe:*:Enabled:ArchiCAD 11.0.0 Component"
"C:\Program Files\ArchiCAD 12\ArchiCAD.exe"="C:\Program Files\ArchiCAD 12\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component"
"C:\Downloads\Memo\Memo.exe"="C:\Downloads\Memo\Memo.exe:*:Enabled:Desktop tool"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:RUNDLL32"
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:GoogleToolbarNotifier"
"C:\Documents and Settings\Charlotte\Local Settings\Temp\Google Toolbar\gtb2F9.tmp.exe"="C:\Documents and Settings\Charlotte\Local Settings\Temp\Google Toolbar\gtb2F9.tmp.exe:*:Enabled:gtb2F9.tmp"
"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM"
"C:\Program Files\ESET\nod32krn.exe"="C:\Program Files\ESET\nod32krn.exe:*:Enabled:nod32krn"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\WINDOWS\system32\3361\svchost.exe"="C:\WINDOWS\system32\3361\svchost.exe:*:Enabled:SVCHOST.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 30 Mar 2009       125,724 ..SHR --- "C:\RECYCLER\S-1-5-21-0519043935-3322464399-006458258-7844\hd1.exe"
Thu  6 Apr 2006            56 ..SHR --- "C:\WINDOWS\system32\53A3F24E55.sys"
Thu 19 Mar 2009       141,824 A.SH. --- "C:\WINDOWS\system32\ascjsa.dll"
---                    64,743 A.SH. --- "C:\WINDOWS\system32\begimepo.dll.tmp"
Fri  6 Mar 2009         2,157 ..SH. --- "C:\WINDOWS\system32\bidapako.dll"
Sun 29 Mar 2009        61,440 A.SH. --- "C:\WINDOWS\system32\bisoloku.exe"
Sun  8 Feb 2009        72,413 A.SH. --- "C:\WINDOWS\system32\buhegavu.dll"
---                    67,072 A.SH. --- "C:\WINDOWS\system32\buyaneju.dll.tmp"
Tue 17 Mar 2009       142,848 A.SH. --- "C:\WINDOWS\system32\dahovibo.dll"
Fri 27 Feb 2009         4,096 ..SH. --- "C:\WINDOWS\system32\dejufedu.dll"
Wed  4 Mar 2009        70,892 A.SH. --- "C:\WINDOWS\system32\derinade.dll"
Tue 10 Mar 2009       106,496 A.SH. --- "C:\WINDOWS\system32\dojapode.dll"
---                   107,520 A.SH. --- "C:\WINDOWS\system32\dotipiwu.dll"
---                    94,208 A.SH. --- "C:\WINDOWS\system32\dowileyi.dll"
Sat 21 Mar 2009       141,312 A.SH. --- "C:\WINDOWS\system32\dtxjyi.dll"
Thu 26 Feb 2009        23,247 ..SH. --- "C:\WINDOWS\system32\dunuhobu.dll"
---                    94,208 A.SH. --- "C:\WINDOWS\system32\duweweba.dll"
Fri 20 Mar 2009       141,824 A.SH. --- "C:\WINDOWS\system32\fagsaa.dll"
Thu  5 Mar 2009       107,520 A.SH. --- "C:\WINDOWS\system32\fayebuzu.dll"
Tue 31 Mar 2009        84,768 A.SH. --- "C:\WINDOWS\system32\fegusire.exe"
Wed 25 Mar 2009       100,864 A.SH. --- "C:\WINDOWS\system32\foyorere.dll"
Tue 31 Mar 2009           522 ..SH. --- "C:\WINDOWS\system32\getovojo.exe"
Fri  6 Mar 2009       105,984 A.SH. --- "C:\WINDOWS\system32\gitadumi.dll"
---                   108,544 A.SH. --- "C:\WINDOWS\system32\goputomo.dll"
Mon 23 Mar 2009       107,520 A.SH. --- "C:\WINDOWS\system32\guvodudi.dll"
Tue  3 Mar 2009        23,307 ..SH. --- "C:\WINDOWS\system32\hilemebu.dll"
---                   142,336 A.SH. --- "C:\WINDOWS\system32\hivezuto.dll"
Thu 22 Jan 2009        65,321 A.SH. --- "C:\WINDOWS\system32\hodajupi.dll"
Sun 15 Mar 2009        23,450 ..SH. --- "C:\WINDOWS\system32\hosezora.dll"
---                    73,924 A.SH. --- "C:\WINDOWS\system32\hovogove.dll"
Tue 24 Mar 2009         2,157 ..SH. --- "C:\WINDOWS\system32\jaguwuyi.exe"
---                   108,544 A.SH. --- "C:\WINDOWS\system32\jazejumi.dll"
Tue 31 Mar 2009        99,840 A.SH. --- "C:\WINDOWS\system32\jazijase.dll"
Sat 21 Mar 2009       141,312 A.SH. --- "C:\WINDOWS\system32\jazuyana.dll"
Sat 28 Mar 2009       105,472 A.SH. --- "C:\WINDOWS\system32\jelukahu.dll"
Tue 31 Mar 2009       105,472 A.SH. --- "C:\WINDOWS\system32\jobagiyu.dll"
---                    64,743 A.SH. --- "C:\WINDOWS\system32\josoguyi.dll.tmp"
Thu 19 Mar 2009       106,496 A.SH. --- "C:\WINDOWS\system32\junefare.dll"
Sat 21 Mar 2009       106,496 A.SH. --- "C:\WINDOWS\system32\juriyuyi.dll"
---                   142,336 A.SH. --- "C:\WINDOWS\system32\kavumefe.dll"
Mon 10 Apr 2006         6,372 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 25 Mar 2009       107,008 A.SH. --- "C:\WINDOWS\system32\kimulizi.dll"
Thu 26 Feb 2009        23,307 ..SH. --- "C:\WINDOWS\system32\kirenalo.dll"
Mon 30 Mar 2009        99,840 A.SH. --- "C:\WINDOWS\system32\kivereza.dll"
Mon 30 Mar 2009        61,440 A.SH. --- "C:\WINDOWS\system32\kivigoru.exe"
Sat 10 Jan 2009        66,860 A.SH. --- "C:\WINDOWS\system32\kozibala.dll"
Sun 15 Mar 2009         4,096 ..SH. --- "C:\WINDOWS\system32\lakovazo.dll"
---                   143,360 A.SH. --- "C:\WINDOWS\system32\lejorude.dll"
Wed 18 Mar 2009       140,800 A.SH. --- "C:\WINDOWS\system32\lsgysp.dll"
Sat 21 Feb 2009       109,825 A.SH. --- "C:\WINDOWS\system32\lutovute.dll"
Fri 16 Jan 2009        64,743 A.SH. --- "C:\WINDOWS\system32\luyenofe.dll"
---                    11,264 A.SH. --- "C:\WINDOWS\system32\marujate.dll"
Fri  6 Mar 2009         2,157 ..SH. --- "C:\WINDOWS\system32\meridewa.dll"
Fri 20 Mar 2009       107,520 A.SH. --- "C:\WINDOWS\system32\meyeyihi.dll"
Tue 31 Mar 2009        99,840 A.SH. --- "C:\WINDOWS\system32\modubelo.dll"
Tue 31 Mar 2009       105,472 A.SH. --- "C:\WINDOWS\system32\mokuheva.dll"
---                    67,072 A.SH. --- "C:\WINDOWS\system32\munokesu.dll.tmp"
Wed 11 Mar 2009       108,032 A.SH. --- "C:\WINDOWS\system32\muwatibi.dll"
---                   142,336 A.SH. --- "C:\WINDOWS\system32
adusifa.dll"
Tue 10 Feb 2009        72,380 A.SH. --- "C:\WINDOWS\system32
avifaya.dll"
Tue 31 Mar 2009        84,768 A.SH. --- "C:\WINDOWS\system32
ifodiyu.exe"
---                   108,544 A.SH. --- "C:\WINDOWS\system32
ohisoye.dll"
---                   107,520 A.SH. --- "C:\WINDOWS\system32
oweripe.dll"
Tue 31 Mar 2009       105,472 A.SH. --- "C:\WINDOWS\system32
uvoyijo.dll"
Mon 23 Mar 2009       140,800 A.SH. --- "C:\WINDOWS\system32\ooytoc.dll"
Sat 28 Mar 2009        61,440 A.SH. --- "C:\WINDOWS\system32\panasoba.exe"
---                    73,924 A.SH. --- "C:\WINDOWS\system32\payezavu.dll"
---                    73,924 A.SH. --- "C:\WINDOWS\system32\pejokehe.dll"
Thu  5 Feb 2009        72,982 A.SH. --- "C:\WINDOWS\system32\pisuvedi.dll"
---                   108,544 A.SH. --- "C:\WINDOWS\system32\pohudodi.dll"
Thu  5 Mar 2009       107,008 A.SH. --- "C:\WINDOWS\system32\polekove.dll"
Sun 22 Feb 2009         2,157 ..SH. --- "C:\WINDOWS\system32aferafo.dll"
Fri  9 Jan 2009         2,157 ..SH. --- "C:\WINDOWS\system32ibegaja.exe"
---                    64,743 A.SH. --- "C:\WINDOWS\system32igiwoti.dll.tmp"
Mon 30 Mar 2009       105,472 A.SH. --- "C:\WINDOWS\system32ijilutu.dll"
Tue 17 Mar 2009       108,032 A.SH. --- "C:\WINDOWS\system32oliwiza.dll"
---                   107,520 A.SH. --- "C:\WINDOWS\system32ufupiba.dll"
Tue 31 Mar 2009       105,472 A.SH. --- "C:\WINDOWS\system32uludoji.dll"
---                    94,208 A.SH. --- "C:\WINDOWS\system32upetapa.dll"
Sat  7 Mar 2009       107,008 A.SH. --- "C:\WINDOWS\system32\segivubo.dll"
Sun 22 Feb 2009         2,157 ..SH. --- "C:\WINDOWS\system32\semajosu.dll"
Wed 18 Mar 2009       107,520 A.SH. --- "C:\WINDOWS\system32\sidikeyu.dll"
---                    46,080 A.SH. --- "C:\WINDOWS\system32\sifajade.dll"
---                    70,892 A.SH. --- "C:\WINDOWS\system32\siruguhu.dll"
---                    70,892 A.SH. --- "C:\WINDOWS\system32\soziredo.dll"
Wed 28 Jan 2009        63,703 A.SH. --- "C:\WINDOWS\system32	akamegu.dll"
Sun 22 Mar 2009       142,336 A.SH. --- "C:\WINDOWS\system32	ebutago.dll"
Sun  8 Mar 2009       108,032 A.SH. --- "C:\WINDOWS\system32	emekatu.dll"
Wed  4 Mar 2009       107,520 A.SH. --- "C:\WINDOWS\system32	igefeki.dll"
Sun 29 Mar 2009       105,472 A.SH. --- "C:\WINDOWS\system32	ipifipo.dll"
---                   107,520 A.SH. --- "C:\WINDOWS\system32	orajigu.dll"
Fri 20 Mar 2009       141,824 A.SH. --- "C:\WINDOWS\system32	ukuhegu.dll"
Fri 27 Mar 2009       104,960 A.SH. --- "C:\WINDOWS\system32\vabazaja.dll"
Sun 22 Feb 2009         2,157 ..SH. --- "C:\WINDOWS\system32\vewalimu.dll"
Mon 23 Mar 2009       140,800 A.SH. --- "C:\WINDOWS\system32\vivuyayo.dll"
Wed 18 Mar 2009       140,800 A.SH. --- "C:\WINDOWS\system32\vubuvuha.dll"
Thu 19 Mar 2009       141,824 A.SH. --- "C:\WINDOWS\system32\wafiguvu.dll"
---                   143,360 A.SH. --- "C:\WINDOWS\system32\wapifiwa.dll"
---                   142,336 A.SH. --- "C:\WINDOWS\system32\wezewugi.dll"
Tue 31 Mar 2009       104,448 A.SH. --- "C:\WINDOWS\system32\wifokuvi.dll"
Tue  3 Mar 2009        23,309 ..SH. --- "C:\WINDOWS\system32\wigimogo.dll"
Tue 20 Jan 2009        64,221 A.SH. --- "C:\WINDOWS\system32\wijuhalu.dll"
Tue 31 Mar 2009        99,840 A.SH. --- "C:\WINDOWS\system32\wiwejive.dll"
---                   107,520 A.SH. --- "C:\WINDOWS\system32\wiyirive.dll"
Tue  3 Feb 2009        63,690 A.SH. --- "C:\WINDOWS\system32\wudifobu.dll"
---                   107,520 A.SH. --- "C:\WINDOWS\system32\wulubuvo.dll"
Tue  2 Jan 2007             9 A..H. --- "C:\WINDOWS\system32\wxmmin.dll"
Tue 17 Mar 2009       142,848 A.SH. --- "C:\WINDOWS\system32\xywxoa.dll"
Sun 22 Mar 2009       106,496 A.SH. --- "C:\WINDOWS\system32\yakivase.dll"
---                   142,336 A.SH. --- "C:\WINDOWS\system32\yasijote.dll"
Mon 30 Mar 2009        61,440 A.SH. --- "C:\WINDOWS\system32\yekotafo.exe"
Fri 27 Mar 2009        61,440 A.SH. --- "C:\WINDOWS\system32\yeruduki.exe"
Mon 26 Jan 2009        70,818 A.SH. --- "C:\WINDOWS\system32\yezidayo.dll"
Sun 22 Mar 2009       142,336 A.SH. --- "C:\WINDOWS\system32\yznzzh.dll"
---                   142,336 A.SH. --- "C:\WINDOWS\system32\zehigipu.dll"
Fri 20 Feb 2009       108,849 A.SH. --- "C:\WINDOWS\system32\zeraseba.dll"
Thu 12 Feb 2009        73,924 A.SH. --- "C:\WINDOWS\system32\zezosivi.dll"
Sun 22 Feb 2009         2,157 ..SH. --- "C:\WINDOWS\system32\zibibozi.dll"
---                    67,072 A.SH. --- "C:\WINDOWS\system32\zitajalu.dll.tmp"
---                    70,892 A.SH. --- "C:\WINDOWS\system32\zitakihu.dll"
Sun 16 Apr 2006         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 30 Dec 2006             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 12 Feb 2007     3,117,056 A..H. --- "C:\Documents and Settings\Charlotte\Application Data\U3	emp\Launchpad Removal.exe"

[b]Finished![/b]

sKe69 · Answer

Bien ...


on continue .... dans l'orre :


1- Télécharge CCleaner :
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
ou https://www.pcastuces.com/logitheque/ccleaner.htm 
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre . 
Lors de l'installation: 
-choisis bien "français" en langue . 
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières. 

Un tuto ( aide ): 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 


---> Utilisation:
*Décocher dans le menu Options - sous-menu Avancé : 
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures .

! déconnecte toi et ferme toutes applications en cours !

* va dans "nettoyeur" : fais -analyse- puis -nettoyage- 
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs- 
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) . 

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )


=============================

2- Télécharge MalwareByte's : 
ici http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
ou ici : http://www.malwarebytes.org/mbam.php
 
* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'instale ) et mets le à jour . 

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasse le tuto pour te familiariser avec le prg : 
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours ! 

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ). 
--> à la fin tu cliques sur "résultat" . 
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date), 
accompagné d'un nouveau rapport RSIT pour analyse ...

CharlieMusic · Answer

j'ai fait les étapes comme prévu mais ca bugé à l'étape de mise en quarantaine ds le prg malware....je l'ai du cou arrêté et fais un rapport rsit, le voici : 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Charlotte at 2009-04-02 00:17:29
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 11 GB (11%) free of 95 GB
Total RAM: 1022 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:16, on 31/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afisicx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\BN1.tmp
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\3361\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\mdm32.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\System32eader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
9sq5h7g.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\3652853832.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
9sq5h7g.exe
C:\Documents and Settings\Charlotteeader_s.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Charlotteeader_s.exe
C:\Documents and Settings\Charlotte\Application Data
idle
idle.exe
C:\WINDOWS\system32	dctxte.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\VPro610.exe
C:\WINDOWS\system32\mstd.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
9sq5h7g.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
9sq5h7g.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
9sq5h7g.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
9sq5h7g.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
9sq5h7g.exe
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
9sq5h7g.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\Charlotte.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.13.6:3333
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: C:\WINDOWS\system32
hser43uhjnefr.dll - {C2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32
hser43uhjnefr.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {f3ce92c3-e612-4370-bfbe-d19c0ce2d438} - C:\WINDOWS\system32\siruguhu.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\svchost.exe"
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32eader_s.exe
O4 - HKLM\..\Run: [CPMf73825c5] Rundll32.exe "c:\windows\system32\wifokuvi.dll",a
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\svchost.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [HardTruckTycoonSetup.exe] C:\DOCUME~1\CHARLO~1\Bureau\HARDTR~1.EXE /r
O4 - HKCU\..\Run: [Tons Corn] C:\DOCUME~1\CHARLO~1\APPLIC~1\MATHCD~1\list proxy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SDF8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\3652853832.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Charlotteeader_s.exe
O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Charlotte\Application Data
idle
idle.exe" 61A847B5BBF72813329B38557AFA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [] C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
9sq5h7g.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp
9sq5h7g.exe
O4 - HKUS\S-1-5-19\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\j90gb547.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Charlotteeader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\j90gb547.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\postit\PsnLite.exe
O4 - Global Startup: VProperty.lnk = C:\WINDOWS\VPro610.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet	ools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D5D30A68-E230-49D9-B4D5-BF7532692945} (CDiscountObj Class) - https://order.cdiscount.com/Account/LoginLight.html?referrer=https://clients.cdiscount.com%2Ferror%2F404.aspx%3F404%3Bhttp%3A%2F%2Fclients.cdiscount.com%3A100%2Forder%2Ftechcity%2Factivex%2Fcdiscount.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL (file missing)
O20 - AppInit_DLLs: jat.dll kbiihf.dll C:\WINDOWS\system32\zitakihu.dll xywxoa.dll lsgysp.dll ascjsa.dll fagsaa.dll dtxjyi.dll yznzzh.dll ooytoc.dll c:\windows\system32\fifugiku.dll c:\windows\system32\wifokuvi.dll
O20 - Winlogon Notify: efcYRjIA - efcYRjIA.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wifokuvi.dll
O22 - SharedTaskScheduler: kjm6t5rinmhp8o87t7r6gh - {C2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32
hser43uhjnefr.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wifokuvi.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: afisicx  Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satelliteaysat_3dsMax2009_32server.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: sopidkc  Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: tdctxte  Service (tdctxte) - Unknown owner - C:\WINDOWS\system32	dctxte.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

CharlieMusic · Answer

j'ai réussi à fait malware jusqu'au bout...je l'ai fais 2 fois d'affilé (la premire fois il y avait envirion 160 infections et la deuxième fois 1 seule) voici le rapport malware:
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1904
Windows 5.1.2600 Service Pack 2

02/04/2009 00:44:29
mbam-log-2009-04-02 (00-44-29).txt

Type de recherche: Examen rapide
Eléments examinés: 68607
Temps écoulé: 3 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon	askman (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

CharlieMusic · Answer

et le rsit qui a suivi :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Charlotte at 2009-04-02 00:44:45
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 11 GB (11%) free of 95 GB
Total RAM: 1022 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:40:14, on 02/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mstd.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\VPro610.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\Charlotte.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\HPZipm12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.13.6:3333
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet	ools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {C2BA40A2-74F3-42BD-F434-2604812C8954} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SDF8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BitComet] "C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [lodohiweti] Rundll32.exe "C:\WINDOWS\system32\soziredo.dll",s (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\j90gb547.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\j90gb547.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\postit\PsnLite.exe
O4 - Global Startup: VProperty.lnk = C:\WINDOWS\VPro610.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Documents and Settings\Charlotte\Mes documents\Torrents\BitComet	ools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D5D30A68-E230-49D9-B4D5-BF7532692945} - https://order.cdiscount.com/Account/LoginLight.html?referrer=https://clients.cdiscount.com%2Ferror%2F404.aspx%3F404%3Bhttp%3A%2F%2Fclients.cdiscount.com%3A100%2Forder%2Ftechcity%2Factivex%2Fcdiscount.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - AppInit_DLLs: jat.dll kbiihf.dll  xywxoa.dll lsgysp.dll ascjsa.dll fagsaa.dll dtxjyi.dll yznzzh.dll ooytoc.dll c:\windows\system32\fifugiku.dll    
O20 - Winlogon Notify: efcYRjIA - efcYRjIA.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satelliteaysat_3dsMax2009_32server.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

sKe69 · Answer

Re,

la premire fois il y avait envirion 160 infections

-> il me faut le rapport correspondant à ce scan là stp ! .... ^^


Puis fais ce qui suit dans l'ordre :



1- Refait un coup de CCleaner ( registre compris )


==================================


2- Télécharge ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !): 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 


--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe : 
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après  !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
--------------------------------------------------------------------------------------------


Ensuite :
double-clique sur l'icône "combofix.exe" pour lancer l'outil . 

Appuie sur la touche Y (Yes) pour démarrer le scan . 

Notes importantes : 
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment  : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... ) 

Le rapport sera crée ici : C:\Combofix.txt 

Réactive bien tes défenses .

 
Poste le rapport Combofix pour analyse et attends la suite ...

CharlieMusic · Answer

voila le rapport des 166 erreurs...je continue le reste :)
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1904
Windows 5.1.2600 Service Pack 2

02/04/2009 00:34:48
mbam-log-2009-04-02 (00-34-48).txt

Type de recherche: Examen rapide
Eléments examinés: 70405
Temps écoulé: 5 minute(s), 40 second(s)

Processus mémoire infecté(s): 7
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 47
Valeur(s) du Registre infectée(s): 15
Elément(s) de données du Registre infecté(s): 12
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 166

Processus mémoire infecté(s):
C:\Documents and Settings\Charlotte\Application Data
idle
idle.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32eader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Charlotteeader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32	pszxyd.sys (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32	dctxte.exe (Backdoor.Bot) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\magagovi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zitakihu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\siruguhu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\soziredo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\kofidutu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kbiihf.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\wifokuvi.dll (Trojan.BHO) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3ce92c3-e612-4370-bfbe-d19c0ce2d438} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f3ce92c3-e612-4370-bfbe-d19c0ce2d438} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2ba40a2-74f3-42bd-f434-2604812c8954} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f3ce92c3-e612-4370-bfbe-d19c0ce2d438} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{92efcd14-3d4e-416d-a100-37d8804861f6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{92efcd14-3d4e-416d-a100-37d8804861f6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12f879aa-5626-47e2-beec-c155d44b719d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12f879aa-5626-47e2-beec-c155d44b719d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servicesestore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA (Adware.TargetSaver) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services	dctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services	dctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services	dctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\softyinforwow1 (Trojan.PWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OKME\softyinforwow1 (Trojan.PWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f40b1659 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lodohiweti (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmf73825c5 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c2ba40a2-74f3-42bd-f434-2604812c8954} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
idle (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\services (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runeader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runeader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runeader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon	askman (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zitakihu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\zitakihu.dll  -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zitakihu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kofidutu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kofidutu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\wifokuvi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\wifokuvi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32
nnljkhy  -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\Application Data
idle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Jcore (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\bapduhlo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olhudpab.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\beziseno.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\onesizeb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bkwossmh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hmssowkb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blqssabn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
bassqlb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbslubxk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kxbulsbd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fupipivo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovipipuf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\glflauix.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xiualflg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iiprkqcn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
cqkrpii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ikgknbir.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32ibnkgki.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jliyocpk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kpcoyilj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lwmmofbx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xbfommwl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\magagovi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ivogagam.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivogagam.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mpprxfyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oyfxrppm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
afojgcp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pcgjofan.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
okkyjeo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oejykkon.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spkysqoi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ioqsykps.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiwejive.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evijewiw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\soziredo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\kofidutu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\siruguhu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32
hser43uhjnefr.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\zitakihu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kbiihf.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\WWShow\WWShow.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wifokuvi.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32
baalltk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aiwebt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aoxwmxqe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fbfslgxe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dqgtfr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drwhfqly.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipxiwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\josoguyi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\juqnzx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kavumefe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lejorude.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otbjrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phiaij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pisuvedi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pohudodi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwbxymfi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qifbvixn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\siurvcsd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	orajigu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxeulfvl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\goputomo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\begimepo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cusncl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\derinade.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dotipiwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dowileyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\duweweba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eflsrv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hamufw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieglnh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijodtkhy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\munokesu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sqilcmfg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	suninst.exe (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ehkashiy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\itpymj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshlbs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cncgnoou.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
nnljkHy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
ohisoye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
oweripe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32ufupiba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32upetapa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sagbejsa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sbsutt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blqfjbpi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buyaneju.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bzvyxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmyafadt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frwrjfge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wapifiwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hivezuto.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hovogove.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
adusifa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
avifaya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32igiwoti.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32kpzxi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wezewugi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wgneig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiyirive.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luopmj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lutovute.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luyenofe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxbhmiuy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\payezavu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pejokehe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wyecofty.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wulubuvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eqzpmz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jaidnwjr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jazejumi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jdtwlhdg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjnkhiqc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ksejnnja.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yasijote.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zehigipu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zeraseba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zezosivi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zitajalu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uuayib.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ucpbdsyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ugtquj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\Application Data
idle
idle.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\Application Data
idle
idle.exe1vi (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\Application Data
idle
idle.exe9m8 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32eader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotteeader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\Application Data\Twain\Twain.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	pszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32uludoji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXnKApn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXQijJY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkhefG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnlKBuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnolIYR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\foyorere.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	igefeki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vuranune.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wudifobu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dejufedu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fifugiku.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCrSkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGayabA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJAqqpN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vivuyayo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dahovibo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfDuUkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfGywuU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\Local Settings\Temp\4088860496.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32	dctxte.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meyeyihi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\services.ex_ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

sKe69 · Answer

Et bien .... vu tout ce qui a été supprimé , et tout ce qui reste encore ... ^^"


j'attends donc la suite ....

CharlieMusic · Answer

avant de faire ces manip tu m'as dit de bien télécharger la console de récuparation pr ma version d'xp mais le truc c'est qu'ils disent qu'une fois installée sur le bureau faut que je la fasse glisser sur le logo combo fix mais ca marche pas...ca fait rien comme manip... :s
j'ai rien à désactiver comme défense vu que j'ai désinstaller nod32? d'ailleurs je n'ai pas l'install donc après tout ce "nettoyage" il faudra que je me débrouille à retrouver un antivirus...enfin chaque chose en son temps ^^

CharlieMusic · Answer

qd je lance combofix il me met un mess d'erruer "erreur de nom CFScript" ... ? :s

sKe69 · Answer

re,


supprime ton Combofix ... puit reprends ainsi :


Télécharge ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !): 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clique droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape CFix et valide . 

- le renommage au téléchargement est primordial pour contrer l'infection, sinon l'outil sera inutilisable - 


--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe : 
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après  !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
--------------------------------------------------------------------------------------------


Ensuite :
double-clique sur "CFix.exe" ( = combofix.exe ) pour lancer l'outil . 

Appuie sur la touche Y (Yes) pour démarrer le scan . 

Notes importantes : 
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'annonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarrer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un moment  : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... ) 

Le rapport sera crée ici: C:\Combofix.txt 

Réactive bien tes défenses

 
Poste le rapport Combofix pour analyse ...

CharlieMusic · Answer

j'ai fait exactement ce que tu m'as dit avec combofix en le renommant...la première fois il m'ont mis le même mess d'erreur que tt à l'heure et j'ai réessayé et la seconde fois ils m'ont dit qu'il était impossible de renommer combofix en CFix mais qu'il fallait le renommer en caractères alphanumériques.... :s

sKe69 · Answer

re,


renomme le en azerty pour voire ....

CharlieMusic · Answer

pareil...ils me mettent que le nom est mal écrit... pourtant g bien fait "enregistrer la cible sous....enregistrement sur le bureau...azerty ou CFix ...ca marche pas ... :(

sKe69 · Answer

Salut,


j'ai bien peur qu'on est à faire à pire que Virtumonde ....


1- refais scan rapide avec Malwrabytes , suppprimes tout et poste le nouveau rapport obtenu ...


====================

2- Fais cette manipe avec AVPTool comme indiqué dans cette astuce :
http://www.commentcamarche.net/faq/sujet 16138 comment supprimer virut#deuxieme methode avptool


Poste le rapport obtenu stp ....

CharlieMusic · Answer

re :) ce cou ci je suis là tt l'aprem dc suis opérationnelle :) voici le rapport malware :
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1904
Windows 5.1.2600 Service Pack 2

03/04/2009 14:22:00
mbam-log-2009-04-03 (14-22-00).txt

Type de recherche: Examen rapide
Eléments examinés: 68970
Temps écoulé: 3 minute(s), 55 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 14

Processus mémoire infecté(s):
C:\Documents and Settings\Charlotteeader_s.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servicesestore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\defaultlib (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runeader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runeader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runeader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon	askman (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32eader_s.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\8B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\8C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\8D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\8E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotteeader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\31.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.

sKe69 · Answer

Bien ... 

la suite maintenant ....

CharlieMusic · Answer

Je suis à la moitié du scan avtool dejà 620 occurences de virus et s'en est encore qu'à la motié!

sKe69 · Answer

620 occurences de virus 


Aïh ! ..... le nom du virus qui revient le plus souvant , Virut ?

sKe69 · Answer

re,


l'ordi est voué au formatage .... tu n'as pas répondu à ma question > le nom du virus est bien Virut ?

sKe69 · Answer

re,


99 % de chance d'arriver au formatage ! .... On va éviter de perdre du temps tous les deux ... ^^


Virut est une vrai saloperie qui infecte tout fichier en .exe , mais aussi d'autres ... ainsi que les fichiers systémes ... une vrai plaie à désinfecter : il suffit d'oublier 1 fichier et l'infection repart ! ... et comme il infecte aussi les fichiers système , le PC va de plus en plus mal jusqu'à plantage complet sans possibiliter de faire quoi que ce soit ....


* donc avant tout , faire des sauvegrdes des tes données personnelles ... 

Mais attention !!! 
> ne sauvegarde aucun fichiers en .exe , .scr , archive ( .zip , .rar , ... ) , .html et .htm ! ... car Virut les infecte aussi ...


la sauvegarde des données personnels ( photos , musics , document txt , ect ... ) , fait la sur support CD / DVD et surtout pas sur des supports externes comme des DD externes ou clé USB ! 
> car Virut a surement du infecté des fichiers si ceux-ci était branchés sur le PC ... Il va valoir aussi formater ces support amovibles ! Fait le de-suite ! 
-Formater clé USB > http://www.commentcamarche.net/faq/sujet 2932 formater une cle usb
-Formater une carte mémoire flash > http://www.commentcamarche.net/faq/sujet 2895 formater une carte memoire flash
-Formater un DD externe > https://www.linternaute.fr/hightech/guide-high-tech/1413196-comment-formater-son-disque-dur-externe/


Une fois ceci fait , voilà ce que tu vas faire > 


une fois le PC formaté , et le systéme réinstaller , cela devrai allez beaucoup mieux ... ;o)




tiens moi au courant ...


bonne chance ...

++

Virus Virtumonde.Neo besoin d'aide

47 réponses

Votre réponse

Discussions similaires

Newsletters