[ Virus ] Asiafriends + DriveCleaner + Amea..
Fermé
pellos34
Messages postés
8
Date d'inscription
dimanche 8 juillet 2007
Statut
Membre
Dernière intervention
8 juillet 2007
-
8 juil. 2007 à 00:29
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 - 8 juil. 2007 à 22:37
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 - 8 juil. 2007 à 22:37
A voir également:
- [ Virus ] Asiafriends + DriveCleaner + Amea..
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Faux message virus ordinateur - Accueil - Arnaque
- Faux message virus iphone - Forum iPhone
- Softonic virus ✓ - Forum Virus
12 réponses
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
8 juil. 2007 à 00:31
8 juil. 2007 à 00:31
télécharge GenProc de Jean-Chretien1 et Narco4 sur ton bureau
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre
Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
poste les rapports car parfois il faut ajouter des consignes à la manip pour que cela fonctionne parfaitement
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre
Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
poste les rapports car parfois il faut ajouter des consignes à la manip pour que cela fonctionne parfaitement
pellos34
Messages postés
8
Date d'inscription
dimanche 8 juillet 2007
Statut
Membre
Dernière intervention
8 juillet 2007
8 juil. 2007 à 00:34
8 juil. 2007 à 00:34
Hello, rapide la réponse... merci
alors voila le rapport de GenProc.bat
Bonjour tout le monde...
Alors voila, après maintes recherches sur le net pour effacés ces fenêetres pop up infassable, je suis obliger de demander de l'aide... j'ai déja pris de l'avance en scannand HIJACKTHIS. Si qqn peut m'aider car la je deviens fou... J'ai bo essayer de suivre les conseils de plein de forums, y a rien qui change, je pense c'est au cas par cas. alors voila, milles merci a qqn qui puisse m'aider.
Mon ordi est une catastophe now, lent, infesté etc malgré tout mes antiawares, antitroyan, antispywares, etc etc etc Je sais plus quoi prendre poru etre protéger au mieux pour finir...
Voila les infos...
Logfile of HijackThis v1.99.1
Scan saved at 00:13:50, on 08.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Hello\LOCALS~1\Temp\Rar$EX01.906\scanner.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - (no file)
O2 - BHO: (no name) - {2520BA45-3D97-4864-82FF-F47F951727BA} - (no file)
O2 - BHO: (no name) - {39A8FC1F-3355-4BE9-A944-A52CC797BCC1} - C:\WINDOWS\system32\ddcyv.dll
O2 - BHO: (no name) - {3E47FD02-6D63-4CEE-8BE0-1C08DBC3F0E5} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FF282E8B-6F48-4034-BC42-7CA0CEE34E99} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {201E647F-2B89-4A8E-AA8A-2E2B470F6D8A} (FotolaboClubUploader Control) - http://web1.fotolaboclub.ch/webupload/ActiveX/FotolaboClubUploader.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/acti(...)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by113fd.bay113.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\system32\ddcyv.dll
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\mkvpxlia.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
alors voila le rapport de GenProc.bat
Bonjour tout le monde...
Alors voila, après maintes recherches sur le net pour effacés ces fenêetres pop up infassable, je suis obliger de demander de l'aide... j'ai déja pris de l'avance en scannand HIJACKTHIS. Si qqn peut m'aider car la je deviens fou... J'ai bo essayer de suivre les conseils de plein de forums, y a rien qui change, je pense c'est au cas par cas. alors voila, milles merci a qqn qui puisse m'aider.
Mon ordi est une catastophe now, lent, infesté etc malgré tout mes antiawares, antitroyan, antispywares, etc etc etc Je sais plus quoi prendre poru etre protéger au mieux pour finir...
Voila les infos...
Logfile of HijackThis v1.99.1
Scan saved at 00:13:50, on 08.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Hello\LOCALS~1\Temp\Rar$EX01.906\scanner.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - (no file)
O2 - BHO: (no name) - {2520BA45-3D97-4864-82FF-F47F951727BA} - (no file)
O2 - BHO: (no name) - {39A8FC1F-3355-4BE9-A944-A52CC797BCC1} - C:\WINDOWS\system32\ddcyv.dll
O2 - BHO: (no name) - {3E47FD02-6D63-4CEE-8BE0-1C08DBC3F0E5} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FF282E8B-6F48-4034-BC42-7CA0CEE34E99} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {201E647F-2B89-4A8E-AA8A-2E2B470F6D8A} (FotolaboClubUploader Control) - http://web1.fotolaboclub.ch/webupload/ActiveX/FotolaboClubUploader.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/acti(...)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by113fd.bay113.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\system32\ddcyv.dll
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\mkvpxlia.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
pellos34
Messages postés
8
Date d'inscription
dimanche 8 juillet 2007
Statut
Membre
Dernière intervention
8 juillet 2007
8 juil. 2007 à 00:36
8 juil. 2007 à 00:36
oups me suis trompé excuse..
Rapport GenProc 0.58 [2] effectué le 08.07.2007 à 0:36:08.03 - SystemRoot = C:\WINDOWS
# Etape 1/ Télécharge :
- VundoFix.exe (par Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau
- combofix.exe (par [b]sUBs[/b]) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://docs.microsoft.com/en-us/?mfr=true (choisis ta session courante "Hello") *****
# Etape 2/
* Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo
* Double clique [b]combofix.exe[/b].
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra
# Etape 3/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 4/
Redémarre normalement et poste :
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe ;
- Le contenu du rapport situé dans C:\vundofix.txt ;
- Le contenu du rapport situé dans C:\Combofix.txt ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
Rapport GenProc 0.58 [2] effectué le 08.07.2007 à 0:36:08.03 - SystemRoot = C:\WINDOWS
# Etape 1/ Télécharge :
- VundoFix.exe (par Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau
- combofix.exe (par [b]sUBs[/b]) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://docs.microsoft.com/en-us/?mfr=true (choisis ta session courante "Hello") *****
# Etape 2/
* Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo
* Double clique [b]combofix.exe[/b].
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra
# Etape 3/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 4/
Redémarre normalement et poste :
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe ;
- Le contenu du rapport situé dans C:\vundofix.txt ;
- Le contenu du rapport situé dans C:\Combofix.txt ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
pellos34
Messages postés
8
Date d'inscription
dimanche 8 juillet 2007
Statut
Membre
Dernière intervention
8 juillet 2007
8 juil. 2007 à 00:39
8 juil. 2007 à 00:39
je dois faire ce qui est marqué dans le rapport de Genproc?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
8 juil. 2007 à 01:04
8 juil. 2007 à 01:04
oui, tu suis les indications de GEnProc et tu postes les rapports obtenus
pellos34
Messages postés
8
Date d'inscription
dimanche 8 juillet 2007
Statut
Membre
Dernière intervention
8 juillet 2007
8 juil. 2007 à 01:27
8 juil. 2007 à 01:27
Ok merci...
Alors voici les rapports :
Soit
Hijackthis
VundoFix
ComboFix
ComboFixquarantaine
Logfile of HijackThis v1.99.1
Scan saved at 01:21:15, on 08.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Hello\LOCALS~1\Temp\Rar$EX00.812\scanner.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2520BA45-3D97-4864-82FF-F47F951727BA} - (no file)
O2 - BHO: (no name) - {3E47FD02-6D63-4CEE-8BE0-1C08DBC3F0E5} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D7B01EE0-83B9-4F62-BFE0-3C119027F55A} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: (no name) - {FF282E8B-6F48-4034-BC42-7CA0CEE34E99} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {201E647F-2B89-4A8E-AA8A-2E2B470F6D8A} (FotolaboClubUploader Control) - http://web1.fotolaboclub.ch/webupload/ActiveX/FotolaboClubUploader.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by113fd.bay113.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Puis...
VundoFix V6.5.4
Checking Java version...
Scan started at 00:52:52 08.07.2007
Listing files found while scanning....
C:\windows\system32\ddcyv.dll
C:\WINDOWS\system32\qkrohbgp.dll
C:\WINDOWS\system32\qqbexdrq.dll
C:\WINDOWS\system32\qtwvjypw.dll
C:\windows\system32\qvdwxquu.dll
C:\WINDOWS\system32\tadvywtt.dll
C:\windows\system32\uuqxwdvq.ini
C:\WINDOWS\system32\vycdd.bak1
C:\windows\system32\vycdd.bak2
C:\windows\system32\vycdd.ini
VundoFix V6.5.4
Checking Java version...
Scan started at 01:01:46 08.07.2007
Listing files found while scanning....
C:\windows\system32\ddcyv.dll
C:\WINDOWS\system32\qkrohbgp.dll
C:\WINDOWS\system32\qqbexdrq.dll
C:\WINDOWS\system32\qtwvjypw.dll
C:\windows\system32\qvdwxquu.dll
C:\WINDOWS\system32\tadvywtt.dll
C:\windows\system32\uuqxwdvq.ini
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.ini
C:\windows\system32\vycdd.tmp
Beginning removal...
Attempting to delete C:\windows\system32\ddcyv.dll
C:\windows\system32\ddcyv.dll Could not be deleted.
Attempting to delete C:\windows\system32\qvdwxquu.dll
C:\windows\system32\qvdwxquu.dll Has been deleted!
Attempting to delete C:\windows\system32\uuqxwdvq.ini
C:\windows\system32\uuqxwdvq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\ddcyv.dll
C:\windows\system32\ddcyv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
Puis...
"Hello" - 2007-07-08 1:07:52 - ComboFix 07-07-07.3 - Service Pack 2
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Hello\APPLIC~1.\macromedia\Flash Player\#SharedObjects\6U7QRBYN\www.broadcaster.com
C:\DOCUME~1\Hello\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Hello\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NWSAPAGENT
-------\DomainService
-------\nm
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))
2007-07-08 01:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 00:52 <REP> d----c--- C:\VundoFix Backups
2007-07-07 23:48 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-07 23:48 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-07 23:48 2,202 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-07 23:33 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-07 23:32 <REP> d-------- C:\Program Files\Navilog1
2007-07-07 23:30 <REP> d-------- C:\Program Files\RogueRemover
2007-07-07 02:15 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-06-20 20:32 <REP> d-------- C:\WINDOWS\avxoscan
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-09 11:22:29 -------- d-----w C:\Program Files\Common Files
2007-06-03 16:25:37 -------- d-----w C:\Program Files\DAEMON Tools
2007-06-03 16:22:39 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-05-24 12:57:07 -------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-05-24 12:37:09 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-24 12:30:40 -------- d-----w C:\Program Files\Logitech
2007-05-22 16:22:10 -------- d-----w C:\DOCUME~1\Hello\APPLIC~1\OfficeUpdate12
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 20:03:01 -------- d-----w C:\Program Files\VSTax 2006
2007-05-13 15:17:53 593,656 ------w C:\WINDOWS\system32\xbeeg.bak2
2007-05-11 19:54:05 593,600 ------w C:\WINDOWS\system32\xbeeg.bak1
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 15:51:51 558,726 ------w C:\WINDOWS\system32\srqss.bak2
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 13:42:24 478,596 ------w C:\WINDOWS\system32\srqss.bak1
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-11 09:04:16 524,288 ----a-w C:\WINDOWS\opuc.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2005-09-24 06:12 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2520BA45-3D97-4864-82FF-F47F951727BA}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E47FD02-6D63-4CEE-8BE0-1C08DBC3F0E5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7B01EE0-83B9-4F62-BFE0-3C119027F55A}]
C:\WINDOWS\system32\ddcyv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF282E8B-6F48-4034-BC42-7CA0CEE34E99}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 21:05]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-06 00:11]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-09-13 18:55]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2005-10-27 19:44]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-23 08:58]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ldr64]
ldr64.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrs]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Barre d'état système d'ATI CATALYST.lnk]
backup=C:\WINDOWS\pss\Barre d'état système d'ATI CATALYST.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
rundll32.exe "C:\WINDOWS\system32\gxxfvrlf.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j8271738]
rundll32 C:\WINDOWS\system32\j8271738.dll sook
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
"C:\Program Files\RFA\rfagent.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6847e566-366e-11db-ba96-001109c068fa}]
AutoRun\command- H:\setupSNK.exe
Contents of the 'Scheduled Tasks' folder
2005-12-26 09:25:23 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1126859058.job
2007-07-06 15:50:16 C:\WINDOWS\tasks\Maintenance en 1 clic.job
2007-07-07 23:10:12 C:\WINDOWS\tasks\MP Scheduled Scan.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-08 01:12:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-08 1:14:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-08 01:14
--- E O F ---
Puis... ( je sais pas si y a besoin mais je mets quand meme )
ComboFix-quarantaine
[code]
2007-03-01 11:51 89 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Hello\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
2007-07-08 01:10 1060 --a--c--- C:\Qoobox\Quarantine\Registry_backups\LEGACY_NWSAPAGENT.reg.cf
2007-07-08 01:10 2956 --a--c--- C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.cf
2007-07-08 01:10 352 --a--c--- C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
2007-07-08 01:10 3634 --a--c--- C:\Qoobox\Quarantine\Registry_backups\services_NwSapAgent.reg.cf
2007-07-08 01:10 846 --a--c--- C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
Structure du dossier
Le num‚ro de s‚rie du volume est 0C7E-DF04
C:\QOOBOX
\---Quarantine
+---C
| \---DOCUME~1
| \---Hello
| \---APPLIC~1
| \---Macromedia
| \---Flash Player
| \---macromedia.com
| \---support
| \---flashplayer
| \---sys
| \---#www.broadcaster.com
| settings.sol.vir
|
\---Registry_backups
LEGACY_DOMAINSERVICE.reg.cf
LEGACY_NWSAPAGENT.reg.cf
services_DomainService.reg.cf
services_nm.reg.cf
services_NwSapAgent.reg.cf
[/code]
Alors voici les rapports :
Soit
Hijackthis
VundoFix
ComboFix
ComboFixquarantaine
Logfile of HijackThis v1.99.1
Scan saved at 01:21:15, on 08.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Hello\LOCALS~1\Temp\Rar$EX00.812\scanner.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2520BA45-3D97-4864-82FF-F47F951727BA} - (no file)
O2 - BHO: (no name) - {3E47FD02-6D63-4CEE-8BE0-1C08DBC3F0E5} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D7B01EE0-83B9-4F62-BFE0-3C119027F55A} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: (no name) - {FF282E8B-6F48-4034-BC42-7CA0CEE34E99} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {201E647F-2B89-4A8E-AA8A-2E2B470F6D8A} (FotolaboClubUploader Control) - http://web1.fotolaboclub.ch/webupload/ActiveX/FotolaboClubUploader.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by113fd.bay113.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Puis...
VundoFix V6.5.4
Checking Java version...
Scan started at 00:52:52 08.07.2007
Listing files found while scanning....
C:\windows\system32\ddcyv.dll
C:\WINDOWS\system32\qkrohbgp.dll
C:\WINDOWS\system32\qqbexdrq.dll
C:\WINDOWS\system32\qtwvjypw.dll
C:\windows\system32\qvdwxquu.dll
C:\WINDOWS\system32\tadvywtt.dll
C:\windows\system32\uuqxwdvq.ini
C:\WINDOWS\system32\vycdd.bak1
C:\windows\system32\vycdd.bak2
C:\windows\system32\vycdd.ini
VundoFix V6.5.4
Checking Java version...
Scan started at 01:01:46 08.07.2007
Listing files found while scanning....
C:\windows\system32\ddcyv.dll
C:\WINDOWS\system32\qkrohbgp.dll
C:\WINDOWS\system32\qqbexdrq.dll
C:\WINDOWS\system32\qtwvjypw.dll
C:\windows\system32\qvdwxquu.dll
C:\WINDOWS\system32\tadvywtt.dll
C:\windows\system32\uuqxwdvq.ini
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.ini
C:\windows\system32\vycdd.tmp
Beginning removal...
Attempting to delete C:\windows\system32\ddcyv.dll
C:\windows\system32\ddcyv.dll Could not be deleted.
Attempting to delete C:\windows\system32\qvdwxquu.dll
C:\windows\system32\qvdwxquu.dll Has been deleted!
Attempting to delete C:\windows\system32\uuqxwdvq.ini
C:\windows\system32\uuqxwdvq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\ddcyv.dll
C:\windows\system32\ddcyv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
Puis...
"Hello" - 2007-07-08 1:07:52 - ComboFix 07-07-07.3 - Service Pack 2
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Hello\APPLIC~1.\macromedia\Flash Player\#SharedObjects\6U7QRBYN\www.broadcaster.com
C:\DOCUME~1\Hello\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Hello\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NWSAPAGENT
-------\DomainService
-------\nm
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))
2007-07-08 01:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 00:52 <REP> d----c--- C:\VundoFix Backups
2007-07-07 23:48 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-07 23:48 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-07 23:48 2,202 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-07 23:33 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-07 23:32 <REP> d-------- C:\Program Files\Navilog1
2007-07-07 23:30 <REP> d-------- C:\Program Files\RogueRemover
2007-07-07 02:15 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-06-20 20:32 <REP> d-------- C:\WINDOWS\avxoscan
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-09 11:22:29 -------- d-----w C:\Program Files\Common Files
2007-06-03 16:25:37 -------- d-----w C:\Program Files\DAEMON Tools
2007-06-03 16:22:39 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-05-24 12:57:07 -------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-05-24 12:37:09 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-24 12:30:40 -------- d-----w C:\Program Files\Logitech
2007-05-22 16:22:10 -------- d-----w C:\DOCUME~1\Hello\APPLIC~1\OfficeUpdate12
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 20:03:01 -------- d-----w C:\Program Files\VSTax 2006
2007-05-13 15:17:53 593,656 ------w C:\WINDOWS\system32\xbeeg.bak2
2007-05-11 19:54:05 593,600 ------w C:\WINDOWS\system32\xbeeg.bak1
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 15:51:51 558,726 ------w C:\WINDOWS\system32\srqss.bak2
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 13:42:24 478,596 ------w C:\WINDOWS\system32\srqss.bak1
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-11 09:04:16 524,288 ----a-w C:\WINDOWS\opuc.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2005-09-24 06:12 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2520BA45-3D97-4864-82FF-F47F951727BA}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E47FD02-6D63-4CEE-8BE0-1C08DBC3F0E5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7B01EE0-83B9-4F62-BFE0-3C119027F55A}]
C:\WINDOWS\system32\ddcyv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF282E8B-6F48-4034-BC42-7CA0CEE34E99}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 21:05]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-06 00:11]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-09-13 18:55]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2005-10-27 19:44]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-23 08:58]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ldr64]
ldr64.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrs]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Barre d'état système d'ATI CATALYST.lnk]
backup=C:\WINDOWS\pss\Barre d'état système d'ATI CATALYST.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
rundll32.exe "C:\WINDOWS\system32\gxxfvrlf.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j8271738]
rundll32 C:\WINDOWS\system32\j8271738.dll sook
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
"C:\Program Files\RFA\rfagent.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6847e566-366e-11db-ba96-001109c068fa}]
AutoRun\command- H:\setupSNK.exe
Contents of the 'Scheduled Tasks' folder
2005-12-26 09:25:23 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1126859058.job
2007-07-06 15:50:16 C:\WINDOWS\tasks\Maintenance en 1 clic.job
2007-07-07 23:10:12 C:\WINDOWS\tasks\MP Scheduled Scan.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-08 01:12:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-08 1:14:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-08 01:14
--- E O F ---
Puis... ( je sais pas si y a besoin mais je mets quand meme )
ComboFix-quarantaine
[code]
2007-03-01 11:51 89 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Hello\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
2007-07-08 01:10 1060 --a--c--- C:\Qoobox\Quarantine\Registry_backups\LEGACY_NWSAPAGENT.reg.cf
2007-07-08 01:10 2956 --a--c--- C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.cf
2007-07-08 01:10 352 --a--c--- C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
2007-07-08 01:10 3634 --a--c--- C:\Qoobox\Quarantine\Registry_backups\services_NwSapAgent.reg.cf
2007-07-08 01:10 846 --a--c--- C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
Structure du dossier
Le num‚ro de s‚rie du volume est 0C7E-DF04
C:\QOOBOX
\---Quarantine
+---C
| \---DOCUME~1
| \---Hello
| \---APPLIC~1
| \---Macromedia
| \---Flash Player
| \---macromedia.com
| \---support
| \---flashplayer
| \---sys
| \---#www.broadcaster.com
| settings.sol.vir
|
\---Registry_backups
LEGACY_DOMAINSERVICE.reg.cf
LEGACY_NWSAPAGENT.reg.cf
services_DomainService.reg.cf
services_nm.reg.cf
services_NwSapAgent.reg.cf
[/code]
pellos34
Messages postés
8
Date d'inscription
dimanche 8 juillet 2007
Statut
Membre
Dernière intervention
8 juillet 2007
8 juil. 2007 à 01:46
8 juil. 2007 à 01:46
est-ce toujours présent ou plus?
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
8 juil. 2007 à 02:01
8 juil. 2007 à 02:01
lance hijack pour un scan et coche les lignes suivantes
O2 - BHO: (no name) - {2520BA45-3D97-4864-82FF-F47F951727BA} - (no file)
O2 - BHO: (no name) - {3E47FD02-6D63-4CEE-8BE0-1C08DBC3F0E5} - (no file)
O2 - BHO: (no name) - {D7B01EE0-83B9-4F62-BFE0-3C119027F55A} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: (no name) - {FF282E8B-6F48-4034-BC42-7CA0CEE34E99} - (no file)
O16 - DPF: {201E647F-2B89-4A8E-AA8A-2E2B470F6D8A} (FotolaboClubUploader Control) - http://web1.fotolaboclub.ch/webupload/ActiveX/FotolaboClubUploader.cab
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\
ferme toutes tes fenêtres y compris internet et clic sur fixer l'objet
/télécharge AVG Antispyware
https://www.avg.com/en-ww/free-antivirus-download
mode d'utilisation :
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse » onglet « paramètres »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
/ Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
("Download Latest Version", sur la droite).
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
/ lance ccleaner , nettoyeur, et supprime tout ce qu'il trouve
/ lance avg antispyware et supprime tout ce qu'il trouve et poste son rapport
faire un scan antivirus en ligne avec internet explorer et accepter l'activex
poster le rapport ici ensuite
https://www.bitdefender.fr/
En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
Dans la nouvelle fenêtre, clique sur I agree
La fenêtre change encore, clique sur Click here to scan
Les signatures se chargent, etc.
tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
O2 - BHO: (no name) - {2520BA45-3D97-4864-82FF-F47F951727BA} - (no file)
O2 - BHO: (no name) - {3E47FD02-6D63-4CEE-8BE0-1C08DBC3F0E5} - (no file)
O2 - BHO: (no name) - {D7B01EE0-83B9-4F62-BFE0-3C119027F55A} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: (no name) - {FF282E8B-6F48-4034-BC42-7CA0CEE34E99} - (no file)
O16 - DPF: {201E647F-2B89-4A8E-AA8A-2E2B470F6D8A} (FotolaboClubUploader Control) - http://web1.fotolaboclub.ch/webupload/ActiveX/FotolaboClubUploader.cab
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\
ferme toutes tes fenêtres y compris internet et clic sur fixer l'objet
/télécharge AVG Antispyware
https://www.avg.com/en-ww/free-antivirus-download
mode d'utilisation :
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse » onglet « paramètres »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
/ Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
("Download Latest Version", sur la droite).
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
/ lance ccleaner , nettoyeur, et supprime tout ce qu'il trouve
/ lance avg antispyware et supprime tout ce qu'il trouve et poste son rapport
faire un scan antivirus en ligne avec internet explorer et accepter l'activex
poster le rapport ici ensuite
https://www.bitdefender.fr/
En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
Dans la nouvelle fenêtre, clique sur I agree
La fenêtre change encore, clique sur Click here to scan
Les signatures se chargent, etc.
tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
pellos34
Messages postés
8
Date d'inscription
dimanche 8 juillet 2007
Statut
Membre
Dernière intervention
8 juillet 2007
8 juil. 2007 à 18:32
8 juil. 2007 à 18:32
voila les derniers rapports :
Grrr infinissable, c'est horrible mais tant que l'on peut trouver la faille... c'est le principal
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 03:11:37 08.07.2007
+ Résultat de l'analyse:
HKU\S-1-5-21-1454471165-1993962763-725345543-1004\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP832\A0181118.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186976.exe -> Downloader.Tiny.id : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186972.exe -> Hijacker.Small.mw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186973.dll -> Hijacker.Small.mw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Hello\Cookies\hello@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Hello\Cookies\hello@search.live[3].txt -> TrackingCookie.Live : Nettoyé.
C:\Documents and Settings\Hello\Cookies\hello@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Hello\Cookies\hello@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP854\A0186963.exe -> Trojan.Agent.anr : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186975.exe -> Trojan.Agent.anr : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186981.exe -> Trojan.Agent.anr : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
et
BitDefender Online Scanner - Real Time Virus Report
Generated at: Sun, Jul 08, 2007 - 18:22:40
--------------------------------------------------------------------------------
Scan Info
Scanned Files
335196
Infected Files
15
Virus Detected
Trojan.BHO.BP
1
Trojan.Virtumod.ALZ
1
MemScan:Trojan.BHO.BM
1
GenPack:Trojan.Vundo.DLZ
1
Trojan.Downloader.Nurech.BS
8
Trojan.Vundo.DLV
1
Trojan.Spy.BZub.AN
1
DeepScan:Generic.Virtumonde2.ge.3B1D42DE
1
Grrr infinissable, c'est horrible mais tant que l'on peut trouver la faille... c'est le principal
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 03:11:37 08.07.2007
+ Résultat de l'analyse:
HKU\S-1-5-21-1454471165-1993962763-725345543-1004\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP832\A0181118.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186976.exe -> Downloader.Tiny.id : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186972.exe -> Hijacker.Small.mw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186973.dll -> Hijacker.Small.mw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Hello\Cookies\hello@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Hello\Cookies\hello@search.live[3].txt -> TrackingCookie.Live : Nettoyé.
C:\Documents and Settings\Hello\Cookies\hello@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Hello\Cookies\hello@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP854\A0186963.exe -> Trojan.Agent.anr : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186975.exe -> Trojan.Agent.anr : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186981.exe -> Trojan.Agent.anr : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
et
BitDefender Online Scanner - Real Time Virus Report
Generated at: Sun, Jul 08, 2007 - 18:22:40
--------------------------------------------------------------------------------
Scan Info
Scanned Files
335196
Infected Files
15
Virus Detected
Trojan.BHO.BP
1
Trojan.Virtumod.ALZ
1
MemScan:Trojan.BHO.BM
1
GenPack:Trojan.Vundo.DLZ
1
Trojan.Downloader.Nurech.BS
8
Trojan.Vundo.DLV
1
Trojan.Spy.BZub.AN
1
DeepScan:Generic.Virtumonde2.ge.3B1D42DE
1
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
8 juil. 2007 à 18:36
8 juil. 2007 à 18:36
le rapport complet de bit defender se trouve ici
C:\windows\bdoscan8\scanres.txt
poste le moi SPT, je dois connaître la localisation des fichiers infectés
C:\windows\bdoscan8\scanres.txt
poste le moi SPT, je dois connaître la localisation des fichiers infectés
pellos34
Messages postés
8
Date d'inscription
dimanche 8 juillet 2007
Statut
Membre
Dernière intervention
8 juillet 2007
8 juil. 2007 à 19:07
8 juil. 2007 à 19:07
Il n'y a pas scanres.txt dans bdoscan8... mais scanres.html mais rien n'est noté, il y aun seul fichier Text, c'est celui la... bdoscan.txt
[General]
App = "BitDefender Online Scanner v8"
Date = 08:07:2007
Time = 17:55:55
Scan Path = A:\;C:\;D:\;E:\;F:\;G:\;
[Engines Info]
Virus Definitions = 637642
Engine build = "AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)"
Scan plugins = 14
Archive plugins = 38
Unpack plugins = 6
E-mail plugins = 6
System plugins = 1
[Scan Statistics]
Folders = 7861
Files = 327171
Archives = 4304
Packed files = 21364
Identified viruses = 8
Infected files = 15
Warnings = 0
Suspect files = 0
Disinfected files = 0
Deleted files = 15
Copied files = 0
Moved files = 0
Renamed files = 0
I/O Errors = 50
[Scan Settings]
SecondAction = Delete
FirstAction = Disinfect
Heuristics = 1
Enable Warnings = 1
Exclude Ext =
Extensions = *;
Scan Emails = 1
Scan Archives = 1
Scan Packed = 1
Scan Files = 1
Scan Boot = 1
Verify Memory = 0
[Scan Results]
Line00000052 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\Rechnung.zip=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000051 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\Rechnung.zip=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000050 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\Rechnung.zip=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000049 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\Rechnung.zip Update failed"
Line00000048 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{06F59833-B66A-48AA-9E2B-64706BD35506}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000047 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{06F59833-B66A-48AA-9E2B-64706BD35506}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000046 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{06F59833-B66A-48AA-9E2B-64706BD35506}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000045 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{06F59833-B66A-48AA-9E2B-64706BD35506}\RECHNUNG.ZIP Update failed"
Line00000044 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{228DF8A8-3E79-4867-A8E2-3E34A76EB2CD}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000043 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{228DF8A8-3E79-4867-A8E2-3E34A76EB2CD}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000042 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{228DF8A8-3E79-4867-A8E2-3E34A76EB2CD}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000041 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{228DF8A8-3E79-4867-A8E2-3E34A76EB2CD}\RECHNUNG.ZIP Update failed"
Line00000040 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{3F0F85B3-F5CB-47B3-9366-EA6332CB46F6}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000039 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{3F0F85B3-F5CB-47B3-9366-EA6332CB46F6}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000038 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{3F0F85B3-F5CB-47B3-9366-EA6332CB46F6}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000037 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{3F0F85B3-F5CB-47B3-9366-EA6332CB46F6}\RECHNUNG.ZIP Update failed"
Line00000036 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{CD505A97-A352-4217-80CB-770F55A0E2E2}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000035 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{CD505A97-A352-4217-80CB-770F55A0E2E2}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000034 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{CD505A97-A352-4217-80CB-770F55A0E2E2}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000033 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{CD505A97-A352-4217-80CB-770F55A0E2E2}\RECHNUNG.ZIP Update failed"
Line00000032 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{D3F068CF-4BE4-402C-93F7-D2B2C4BBE54B}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000031 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{D3F068CF-4BE4-402C-93F7-D2B2C4BBE54B}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000030 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{D3F068CF-4BE4-402C-93F7-D2B2C4BBE54B}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000029 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{D3F068CF-4BE4-402C-93F7-D2B2C4BBE54B}\RECHNUNG.ZIP Update failed"
Line00000028 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{DC9E44D8-150A-4C1D-82E6-9CC76343993C}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000027 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{DC9E44D8-150A-4C1D-82E6-9CC76343993C}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000026 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{DC9E44D8-150A-4C1D-82E6-9CC76343993C}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000025 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{DC9E44D8-150A-4C1D-82E6-9CC76343993C}\RECHNUNG.ZIP Update failed"
Line00000024 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{FB5BD6B3-566E-4749-A389-02DC31463138}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000023 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{FB5BD6B3-566E-4749-A389-02DC31463138}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000022 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{FB5BD6B3-566E-4749-A389-02DC31463138}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000021 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{FB5BD6B3-566E-4749-A389-02DC31463138}\RECHNUNG.ZIP Update failed"
Line00000020 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP854\A0186964.dll Infected with: GenPack:Trojan.Vundo.DLZ"
Line00000019 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP854\A0186964.dll Disinfection failed"
Line00000018 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP854\A0186964.dll Deleted"
Line00000017 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186971.dll Infected with: Trojan.Spy.BZub.AN"
Line00000016 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186971.dll Disinfection failed"
Line00000015 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186971.dll Deleted"
Line00000014 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186974.dll Infected with: Trojan.Vundo.DLV"
Line00000013 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186974.dll Disinfection failed"
Line00000012 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186974.dll Deleted"
Line00000011 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186977.dll Infected with: Trojan.BHO.BP"
Line00000010 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186977.dll Disinfection failed"
Line00000009 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186977.dll Deleted"
Line00000008 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186978.dll Infected with: MemScan:Trojan.BHO.BM"
Line00000007 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186978.dll Disinfection failed"
Line00000006 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186978.dll Deleted"
Line00000005 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186979.dll Infected with: DeepScan:Generic.Virtumonde2.ge.3B1D42DE"
Line00000004 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186979.dll Disinfection failed"
Line00000003 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186979.dll Deleted"
Line00000002 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186980.dll Infected with: Trojan.Virtumod.ALZ"
Line00000001 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186980.dll Disinfection failed"
Line00000000 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186980.dll Deleted"
[General]
App = "BitDefender Online Scanner v8"
Date = 08:07:2007
Time = 17:55:55
Scan Path = A:\;C:\;D:\;E:\;F:\;G:\;
[Engines Info]
Virus Definitions = 637642
Engine build = "AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)"
Scan plugins = 14
Archive plugins = 38
Unpack plugins = 6
E-mail plugins = 6
System plugins = 1
[Scan Statistics]
Folders = 7861
Files = 327171
Archives = 4304
Packed files = 21364
Identified viruses = 8
Infected files = 15
Warnings = 0
Suspect files = 0
Disinfected files = 0
Deleted files = 15
Copied files = 0
Moved files = 0
Renamed files = 0
I/O Errors = 50
[Scan Settings]
SecondAction = Delete
FirstAction = Disinfect
Heuristics = 1
Enable Warnings = 1
Exclude Ext =
Extensions = *;
Scan Emails = 1
Scan Archives = 1
Scan Packed = 1
Scan Files = 1
Scan Boot = 1
Verify Memory = 0
[Scan Results]
Line00000052 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\Rechnung.zip=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000051 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\Rechnung.zip=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000050 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\Rechnung.zip=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000049 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\Rechnung.zip Update failed"
Line00000048 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{06F59833-B66A-48AA-9E2B-64706BD35506}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000047 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{06F59833-B66A-48AA-9E2B-64706BD35506}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000046 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{06F59833-B66A-48AA-9E2B-64706BD35506}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000045 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{06F59833-B66A-48AA-9E2B-64706BD35506}\RECHNUNG.ZIP Update failed"
Line00000044 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{228DF8A8-3E79-4867-A8E2-3E34A76EB2CD}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000043 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{228DF8A8-3E79-4867-A8E2-3E34A76EB2CD}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000042 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{228DF8A8-3E79-4867-A8E2-3E34A76EB2CD}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000041 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{228DF8A8-3E79-4867-A8E2-3E34A76EB2CD}\RECHNUNG.ZIP Update failed"
Line00000040 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{3F0F85B3-F5CB-47B3-9366-EA6332CB46F6}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000039 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{3F0F85B3-F5CB-47B3-9366-EA6332CB46F6}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000038 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{3F0F85B3-F5CB-47B3-9366-EA6332CB46F6}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000037 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{3F0F85B3-F5CB-47B3-9366-EA6332CB46F6}\RECHNUNG.ZIP Update failed"
Line00000036 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{CD505A97-A352-4217-80CB-770F55A0E2E2}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000035 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{CD505A97-A352-4217-80CB-770F55A0E2E2}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000034 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{CD505A97-A352-4217-80CB-770F55A0E2E2}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000033 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{CD505A97-A352-4217-80CB-770F55A0E2E2}\RECHNUNG.ZIP Update failed"
Line00000032 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{D3F068CF-4BE4-402C-93F7-D2B2C4BBE54B}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000031 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{D3F068CF-4BE4-402C-93F7-D2B2C4BBE54B}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000030 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{D3F068CF-4BE4-402C-93F7-D2B2C4BBE54B}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000029 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{D3F068CF-4BE4-402C-93F7-D2B2C4BBE54B}\RECHNUNG.ZIP Update failed"
Line00000028 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{DC9E44D8-150A-4C1D-82E6-9CC76343993C}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000027 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{DC9E44D8-150A-4C1D-82E6-9CC76343993C}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000026 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{DC9E44D8-150A-4C1D-82E6-9CC76343993C}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000025 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{DC9E44D8-150A-4C1D-82E6-9CC76343993C}\RECHNUNG.ZIP Update failed"
Line00000024 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{FB5BD6B3-566E-4749-A389-02DC31463138}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Infected with: Trojan.Downloader.Nurech.BS"
Line00000023 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{FB5BD6B3-566E-4749-A389-02DC31463138}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Disinfection failed"
Line00000022 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{FB5BD6B3-566E-4749-A389-02DC31463138}\RECHNUNG.ZIP=>Rechnung______________1.07.2007__________BITTE UM RUCKMELDUNG_DANKE____________PDF.exe Deleted"
Line00000021 = "C:\Documents and Settings\Hello\Local Settings\Application Data\IM\Identities\{03CBD9AB-BB59-432F-9778-AEDDFEF8FD5C}\Message Store\Attachments\{FB5BD6B3-566E-4749-A389-02DC31463138}\RECHNUNG.ZIP Update failed"
Line00000020 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP854\A0186964.dll Infected with: GenPack:Trojan.Vundo.DLZ"
Line00000019 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP854\A0186964.dll Disinfection failed"
Line00000018 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP854\A0186964.dll Deleted"
Line00000017 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186971.dll Infected with: Trojan.Spy.BZub.AN"
Line00000016 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186971.dll Disinfection failed"
Line00000015 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186971.dll Deleted"
Line00000014 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186974.dll Infected with: Trojan.Vundo.DLV"
Line00000013 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186974.dll Disinfection failed"
Line00000012 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186974.dll Deleted"
Line00000011 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186977.dll Infected with: Trojan.BHO.BP"
Line00000010 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186977.dll Disinfection failed"
Line00000009 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186977.dll Deleted"
Line00000008 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186978.dll Infected with: MemScan:Trojan.BHO.BM"
Line00000007 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186978.dll Disinfection failed"
Line00000006 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186978.dll Deleted"
Line00000005 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186979.dll Infected with: DeepScan:Generic.Virtumonde2.ge.3B1D42DE"
Line00000004 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186979.dll Disinfection failed"
Line00000003 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186979.dll Deleted"
Line00000002 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186980.dll Infected with: Trojan.Virtumod.ALZ"
Line00000001 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186980.dll Disinfection failed"
Line00000000 = "C:\System Volume Information\_restore{3D244FE2-07BF-4871-9AA3-D64C00B5B123}\RP855\A0186980.dll Deleted"
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
8 juil. 2007 à 22:37
8 juil. 2007 à 22:37
si tout va bien supprime tout ce qu'on a utilisé car ce ne sera plus utile désormais
conserve néanmoins ccleaner et effectue le nettoyage tous les jours avant de couper le PC
installe ce logiciel très utile et scanne ton PC avec une fois par semaine au moins...
AVG Antispyware
https://www.avg.com/en-ww/free-antivirus-download
mode d'utilisation :
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
tu peux le coupler avec celui-ci
spybot search and destroy
https://www.safer-networking.org/?page=download
défragmente
pense à bien te protéger, j'ai découvert ce lien qui est plutôt pas mal à ce sujet
https://forum.pcastuces.com/default.asp
désactive ta restauration
clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer
redémarre ton PC
clique droit sur poste de travail/propriétés/décoche la case désactiver la restauration, appliquer
démarrer/tous les programmes/ outils système/ restauration du système/ créer un point de restauration
la sécurité c'est très important mais ne remplace pas l'internaute, un surf prudent en évitant le crack, les sites "chauds", permet déjà d'éviter bien des soucis, le P2P lui aussi est source d'infections...
et bon surf
conserve néanmoins ccleaner et effectue le nettoyage tous les jours avant de couper le PC
installe ce logiciel très utile et scanne ton PC avec une fois par semaine au moins...
AVG Antispyware
https://www.avg.com/en-ww/free-antivirus-download
mode d'utilisation :
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
tu peux le coupler avec celui-ci
spybot search and destroy
https://www.safer-networking.org/?page=download
défragmente
pense à bien te protéger, j'ai découvert ce lien qui est plutôt pas mal à ce sujet
https://forum.pcastuces.com/default.asp
désactive ta restauration
clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer
redémarre ton PC
clique droit sur poste de travail/propriétés/décoche la case désactiver la restauration, appliquer
démarrer/tous les programmes/ outils système/ restauration du système/ créer un point de restauration
la sécurité c'est très important mais ne remplace pas l'internaute, un surf prudent en évitant le crack, les sites "chauds", permet déjà d'éviter bien des soucis, le P2P lui aussi est source d'infections...
et bon surf
