Sujet Précédent Sujet Suivant

[virus trojan]besoin d'avis d'experts

dondiegodelavega -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Salut à tous,

Aprés avoir suivi le tuto de desinfection preliminaire,voici les 3 rapports.
Que dois-je faire maintenant pour nettoyer enfin mon PC et resoudre mes 2 soucis:
1.infection par un trjan-dropper
2.message "Microsoft Visual C++ runtime library :buffer overrun detected.program:C\windows\explorer.exe
Merci à tous
Voici les 3 rapports:
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 22:34:56 22/07/2007

+ Résultat de l'analyse:

HKLM\SYSTEM\ControlSet001\Enum\HID\Vid_046d&Pid_c505&MI_00\7&14c4d367&0&0000\\HardwareID -> Adware.CoolWebSearch : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1101.dll -> Adware.Gator : Aucune action entreprise.
C:\System Volume Information\_restore{3B61242C-BF44-4928-9165-75FAAE23BAA3}\RP309\A0049447.exe -> Adware.HotBar : Aucune action entreprise.
C:\WINDOWS\system32\vtutrpn.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\WINDOWS\system32\xxyywut.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\WINDOWS\system32\TFTP3056 -> Backdoor.Rbot : Aucune action entreprise.
C:\WINDOWS\system32\TFTP3228 -> Backdoor.Rbot.rp : Aucune action entreprise.
C:\Documents and Settings\Famille\Local Settings\Temp\Répertoire temporaire 1 pour (CiA) louise attaque 1 [Full] [x].zip\Setup.exe -> Logger.Winflyer : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc743.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@hotelopia.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc209.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc339.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc355.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc371.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc387.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc733.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc740.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc756.txt -> TrackingCookie.Abcsearch : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc778.txt -> TrackingCookie.Addynamix : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc777.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@adtech[2].txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc722.txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc724.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.26:C:\Documents and Settings\chef\Application Data\Mozilla\Firefox\Profiles\5059vt04.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc72.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.27:C:\Documents and Settings\chef\Application Data\Mozilla\Firefox\Profiles\5059vt04.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc90.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc109.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc132.txt -> TrackingCookie.Com : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc208.txt -> TrackingCookie.Comclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc150.txt -> TrackingCookie.Coremetrics : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc152.txt -> TrackingCookie.Dealtime : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc468.txt -> TrackingCookie.Dealtime : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\chef\Application Data\Mozilla\Firefox\Profiles\5059vt04.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@doubleclick[2].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc175.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc196.txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc773.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc68.txt -> TrackingCookie.Falkag : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@fastclick[1].txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc202.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc185.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc186.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc245.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@ilead.itrack[1].txt -> TrackingCookie.Itrack : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc258.txt -> TrackingCookie.Itrack : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Aucune action entreprise.
C:\Documents and Settings\Famille\Local Settings\Temp\Cookies\famille@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc451.txt -> TrackingCookie.Liveperson : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Famille\Local Settings\Temp\Cookies\famille@mediaplex[2].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc332.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc257.txt -> TrackingCookie.Msn : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc626.txt -> TrackingCookie.Myaffiliateprogram : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc469.txt -> TrackingCookie.Onestat : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@perf.overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc377.txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc641.txt -> TrackingCookie.Paypal : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@questionmarket[1].txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc409.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@real[2].txt -> TrackingCookie.Real : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc416.txt -> TrackingCookie.Real : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc417.txt -> TrackingCookie.Realmedia : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc425.txt -> TrackingCookie.Revenue : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc452.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc95.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc455.txt -> TrackingCookie.Skype : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc458.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc670.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc465.txt -> TrackingCookie.Specificclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc775.txt -> TrackingCookie.Specificclick : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@h.starware[1].txt -> TrackingCookie.Starware : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@try.starware[1].txt -> TrackingCookie.Starware : Aucune action entreprise.
C:\Documents and Settings\Famille\Local Settings\Temp\Cookies\famille@statcounter[1].txt -> TrackingCookie.Statcounter : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc470.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc500.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc503.txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc510.txt -> TrackingCookie.Valueclick : Aucune action entreprise.
:mozilla.18:C:\Documents and Settings\chef\Application Data\Mozilla\Firefox\Profiles\5059vt04.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc532.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Famille\Cookies\famille@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1214440339-1958367476-839522115-1004\Dc768.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.

Fin du rapport

BitDefender Online Scanner

Scan report generated at: Mon, Jul 23, 2007 - 22:20:05

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistics

Time

00:56:27

Files

150111

Folders

4026

Boot Sectors

2

Archives

3207

Packed Files

7113

Results

Identified Viruses

3

Infected Files

7

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

6

Engines Info

Virus Definitions

640129

Engine build

AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins

14

Archive plugins

38

Unpack plugins

6

E-mail plugins

6

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Documents and Settings\chef\Application Data\Thunderbird\Profiles\ntypvx8d.default\Mail\pop.free-1.fr\Inbox=>(message 18)=>[Subject: postcard]=>(MIME part)=>postcard.zip=>postcard.exe

Infected with: Win32.Virtob.2.Gen

C:\Documents and Settings\chef\Application Data\Thunderbird\Profiles\ntypvx8d.default\Mail\pop.free-1.fr\Inbox=>(message 18)=>[Subject: postcard]=>(MIME part)=>postcard.zip=>postcard.exe

Disinfection failed

C:\Documents and Settings\chef\Application Data\Thunderbird\Profiles\ntypvx8d.default\Mail\pop.free-1.fr\Inbox=>(message 18)=>[Subject: postcard]=>(MIME part)=>postcard.zip=>postcard.exe

Deleted

C:\Documents and Settings\chef\Application Data\Thunderbird\Profiles\ntypvx8d.default\Mail\pop.free-1.fr\Inbox=>(message 18)=>[Subject: postcard]=>(MIME part)=>postcard.zip

Updated

C:\Documents and Settings\chef\Application Data\Thunderbird\Profiles\ntypvx8d.default\Mail\pop.free-1.fr\Inbox=>(message 18)=>[Subject: postcard]=>(MIME part)

Updated

C:\Documents and Settings\chef\Application Data\Thunderbird\Profiles\ntypvx8d.default\Mail\pop.free-1.fr\Inbox=>(message 18)

Updated

C:\Documents and Settings\chef\Application Data\Thunderbird\Profiles\ntypvx8d.default\Mail\pop.free-1.fr\Inbox

Updated

C:\Documents and Settings\chef\Application Data\Thunderbird\Profiles\ntypvx8d.default\Mail\pop.free-1.fr\Trash=>(message 9)=>[Subject: postcard]=>(MIME part)=>postcard.zip=>postcard.exe

Infected with: Win32.Virtob.2.Gen

C:\Documents and Settings\chef\Application Data\Thunderbird\Profiles\ntypvx8d.default\Mail\pop.free-1.fr\Trash=>(message 9)=>[Subject: postcard]=>(MIME part)=>postcard.zip=>postcard.exe

Disinfection failed

C:\Documents and Settings\chef\Application Data\Thunderbird\Profiles\ntypvx8d.default\Mail\pop.free-1.fr\Trash=>(message 9)=>[Subject: postcard]=>(MIME part)=>postcard.zip=>postcard.exe

Deleted

C:\Documents and Settings\chef\Application Data\Thunderbird\Profiles\ntypvx8d.default\Mail\pop.free-1.fr\Trash=>(message 9)=>[Subject: postcard]=>(MIME part)=>postcard.zip

Updated

C:\Documents and Settings\chef\Application Data\Thunderbird\Profiles\ntypvx8d.default\Mail\pop.free-1.fr\Trash=>(message 9)=>[Subject: postcard]=>(MIME part)

Updated

C:\Documents and Settings\chef\Application Data\Thunderbird\Profiles\ntypvx8d.default\Mail\pop.free-1.fr\Trash=>(message 9)

Updated

C:\Documents and Settings\chef\Application Data\Thunderbird\Profiles\ntypvx8d.default\Mail\pop.free-1.fr\Trash

Updated

C:\Documents and Settings\chef\Bureau\sauvegardeMail\pop.free-1.fr\Inbox=>(message 18)=>[Subject: postcard]=>(MIME part)=>postcard.zip=>postcard.exe

Infected with: Win32.Virtob.2.Gen

C:\Documents and Settings\chef\Bureau\sauvegardeMail\pop.free-1.fr\Inbox=>(message 18)=>[Subject: postcard]=>(MIME part)=>postcard.zip=>postcard.exe

Disinfection failed

C:\Documents and Settings\chef\Bureau\sauvegardeMail\pop.free-1.fr\Inbox=>(message 18)=>[Subject: postcard]=>(MIME part)=>postcard.zip=>postcard.exe

Deleted

C:\Documents and Settings\chef\Bureau\sauvegardeMail\pop.free-1.fr\Inbox=>(message 18)=>[Subject: postcard]=>(MIME part)=>postcard.zip

Updated

C:\Documents and Settings\chef\Bureau\sauvegardeMail\pop.free-1.fr\Inbox=>(message 18)=>[Subject: postcard]=>(MIME part)

Updated

C:\Documents and Settings\chef\Bureau\sauvegardeMail\pop.free-1.fr\Inbox=>(message 18)

Updated

C:\Documents and Settings\chef\Bureau\sauvegardeMail\pop.free-1.fr\Inbox

Updated

C:\Documents and Settings\chef\Bureau\sauvegardeMail\pop.free-1.fr\Trash=>(message 9)=>[Subject: postcard]=>(MIME part)=>postcard.zip=>postcard.exe

Infected with: Win32.Virtob.2.Gen

C:\Documents and Settings\chef\Bureau\sauvegardeMail\pop.free-1.fr\Trash=>(message 9)=>[Subject: postcard]=>(MIME part)=>postcard.zip=>postcard.exe

Disinfection failed

C:\Documents and Settings\chef\Bureau\sauvegardeMail\pop.free-1.fr\Trash=>(message 9)=>[Subject: postcard]=>(MIME part)=>postcard.zip=>postcard.exe

Deleted

C:\Documents and Settings\chef\Bureau\sauvegardeMail\pop.free-1.fr\Trash=>(message 9)=>[Subject: postcard]=>(MIME part)=>postcard.zip

Updated

C:\Documents and Settings\chef\Bureau\sauvegardeMail\pop.free-1.fr\Trash=>(message 9)=>[Subject: postcard]=>(MIME part)

Updated

C:\Documents and Settings\chef\Bureau\sauvegardeMail\pop.free-1.fr\Trash=>(message 9)

Updated

C:\Documents and Settings\chef\Bureau\sauvegardeMail\pop.free-1.fr\Trash

Updated

C:\System Volume Information\_restore{3B61242C-BF44-4928-9165-75FAAE23BAA3}\RP364\A0052541.dll

Infected with: Trojan.Virtumod.GK

C:\System Volume Information\_restore{3B61242C-BF44-4928-9165-75FAAE23BAA3}\RP364\A0052541.dll

Disinfection failed

C:\System Volume Information\_restore{3B61242C-BF44-4928-9165-75FAAE23BAA3}\RP364\A0052541.dll

Deleted

C:\System Volume Information\_restore{3B61242C-BF44-4928-9165-75FAAE23BAA3}\RP364\A0052542.dll

Infected with: Trojan.Virtumod.GK

C:\System Volume Information\_restore{3B61242C-BF44-4928-9165-75FAAE23BAA3}\RP364\A0052542.dll

Disinfection failed

C:\System Volume Information\_restore{3B61242C-BF44-4928-9165-75FAAE23BAA3}\RP364\A0052542.dll

Deleted

C:\WINDOWS\system32\taqxayxk.dll

Infected with: Trojan.Virtumod.JB

C:\WINDOWS\system32\taqxayxk.dll

Disinfection failed

C:\WINDOWS\system32\taqxayxk.dll

Delete failed

HIJACKTHIS:

Logfile of HijackThis v1.99.1
Scan saved at 22:24:38, on 23/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BA82311C-2E7D-4003-ABD6-D845C6C23FD4} - C:\WINDOWS\System32\awvtt.dll
O3 - Toolbar: Barre &Magique - {01A7812B-59E8-4A4F-BFD6-EEE6D4CB6BA2} - C:\Program Files\Telecom Italia France\Barre Magique 1.05.08.22\Tiscali BBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [rant] rant.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\taqxayxk.dll",setvm
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [rant] rant.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {041816FE-7869-4B5F-9BE4-FFF3B7368727} (IsHere Class) - http://barremagique.aliceadsl.fr/download/BarreMagique.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O20 - Winlogon Notify: awvtt - C:\WINDOWS\System32\awvtt.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\chef\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
A voir également:

7 réponses

Réponse 1 / 7
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

1) Télécharge HijackThis ici:
https://www.01net.com/

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://perso.orange.fr/rginformatique/section%20virus/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)

http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

2) Clique sur ce lien :
http://www.alt-shift-return.org/Info/GenProc-HowTo.html

ensuite, clique sur celui-ci et exécute le tuto du lien ci-dessus
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

Poste le rapport dans ta réponse.
@+

0
dondiegodelavega
 
Salut,

1)le rapport Hijackthis est dans mon premier post

2)voici le rapport aprés exécution de GenProc:

Rapport GenProc 0.64 [1] effectué le 24/07/2007 à 21:39:48,07 - SystemRoot = C:\WINDOWS

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

# Etape 1/ Télécharge :

- VundoFix.exe (par Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau

- combofix.exe (par [b]sUBs[/b]) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau


***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://docs.microsoft.com/en-us/?mfr=true (choisis ta session courante "chef") *****


# Etape 2/

* Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo

* Double clique [b]combofix.exe[/b].
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste :
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ;
- Le contenu du rapport situé dans C:\vundofix.txt ;
- Le contenu du rapport situé dans C:\Combofix.txt ;


Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

FIN DU RAPPORT

Que dois je faire maintenant ?
Merci à tous de vos conseil avisés

Don diégo de la vega
0
Réponse 2 / 7
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

fais tout ce que te préconise le rapport de Genproc.

@+
0
dondiegodelavega
 
impossiblede démarrer en mode sans echec:
je selectionne le mode de démarrage sans echec, puis ma session:
j'arrive sur un ecran noir avec l'inscription mode sans echec mais rien ne bouge:-(
c'est quoi le problème !
au secours

don diégo de la vega
0
Réponse 3 / 7
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

fais tout en mode normal.
@+
0
Réponse 4 / 7
dondiegodelavega
 
ok.J'ai fais comme indiqué
Sauh erreur Vundo ne m'a pas genéré de rapport.
voici donc :
1.rapport combofix
2.rapport Hijacthis

Merci de ton aide Lyonnais92

don diego

1.COMBOFIX

"chef" - 2007-07-24 22:56:32 - ComboFix 07-07-23.6 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\chef\Bureau.\internet explorer.lnk

((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))

2007-07-24 22:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 22:48 <REP> d-------- C:\VundoFix Backups
2007-07-23 22:24 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-07-23 21:22 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-07-22 21:35 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-21 23:09 <REP> d-------- C:\Program Files\CCleaner
2007-07-05 16:43 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2007-07-05 16:43 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2007-07-05 16:43 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-23 20:24:38 -------- d-----w C:\Program Files\Hijackthis Version Française
2007-07-05 14:43:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-14 18:32:39 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-06-07 19:00:47 6,833 ----a-w C:\WINDOWS\mozver.dat
2007-05-27 07:47:24 -------- d-----w C:\Program Files\Google
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-02 15:35:42 41,653,912 ----a-w C:\Program Files\zlsSetup_70_337_000_fr.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9504B436-AFBA-4EED-9D24-A88803A5F7DC}]
C:\WINDOWS\System32\awvtt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-12-05 16:24]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"rant"="rant.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-06 22:42]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-12 13:08]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 21:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"rant"=rant.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"rant"=rant.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFlyer32.dll]
"rundll32.exe" C:\WINDOWS\System32\WinFlyer32.dll,Run

Contents of the 'Scheduled Tasks' folder
2007-04-04 21:31:20 C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 22:59:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-24 23:00:39
C:\ComboFix-quarantined-files.txt ... 2007-07-24 23:00

--- E O F ---

2.HIJACTHIS
Logfile of HijackThis v1.99.1
Scan saved at 23:07:04, on 24/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9504B436-AFBA-4EED-9D24-A88803A5F7DC} - C:\WINDOWS\System32\awvtt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Barre &Magique - {01A7812B-59E8-4A4F-BFD6-EEE6D4CB6BA2} - C:\Program Files\Telecom Italia France\Barre Magique 1.05.08.22\Tiscali BBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [rant] rant.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [rant] rant.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {041816FE-7869-4B5F-9BE4-FFF3B7368727} (IsHere Class) - http://barremagique.aliceadsl.fr/download/BarreMagique.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\chef\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

le rapport est dans c:\vundofix.txt.
@+
0
dondiegodelavega
 
OK .
Le voici.
Merci


don diego de la vega


VundoFix V6.5.6

Checking Java version...

Scan started at 22:48:39 24/07/2007

Listing files found while scanning....

C:\windows\system32\awvtt.dll
C:\WINDOWS\System32\byxwvus.dll
C:\windows\system32\ffhkj.ini
C:\windows\system32\jkhff.dll
C:\windows\system32\kxyaxqat.ini
C:\WINDOWS\System32\taqxayxk.dll
C:\WINDOWS\System32\ttvwa.bak2
C:\WINDOWS\System32\ttvwa.ini
C:\WINDOWS\System32\ttvwa.ini2
C:\windows\system32\ttvwa.tmp

Beginning removal...

Attempting to delete C:\windows\system32\awvtt.dll
C:\windows\system32\awvtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\byxwvus.dll
C:\WINDOWS\System32\byxwvus.dll Has been deleted!

Attempting to delete C:\windows\system32\ffhkj.ini
C:\windows\system32\ffhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\jkhff.dll
C:\windows\system32\jkhff.dll Has been deleted!

Attempting to delete C:\windows\system32\kxyaxqat.ini
C:\windows\system32\kxyaxqat.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\taqxayxk.dll
C:\WINDOWS\System32\taqxayxk.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\ttvwa.bak2
C:\WINDOWS\System32\ttvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\ttvwa.ini
C:\WINDOWS\System32\ttvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\ttvwa.ini2
C:\WINDOWS\System32\ttvwa.ini2 Has been deleted!

Attempting to delete C:\windows\system32\ttvwa.tmp
C:\windows\system32\ttvwa.tmp Has been deleted!

Performing Repairs to the registry.
Done!
0
Réponse 6 / 7
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

relance AVG et Bitdefender.

Poste les rapports.

Où en sont tes soucis.
@+
0
dondiegodelavega
 
plus de problèmes dans l'immédiat. :-)
Merci encore à toi.
Je relance AVG et Bitdefender dés que possible,probablement pas avant le we.
@ plus

Don diégo de la véga
0
Réponse 7 / 7
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

pas de soucis.

A ce week-end
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses