Virus Virtumonde ??

Résolu
tamaire Messages postés 9 Date d'inscription   Statut Membre Dernière intervention   -  
tamaire Messages postés 9 Date d'inscription   Statut Membre Dernière intervention   -
Bonsoir,

J'ai un problème avec mon ordinateur, il rame et j'arrive à rien ouvrir dessus, ni même de l'éteindre correctement. Un scan de spybot en mode sans échec a détecté "virtumonde", je ne sais pas comment le virer. Voici mon log HJT:

Logfile of HijackThis v1.99.1
Scan saved at 8:09:49 PM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\detoured.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Y'a quelques trucs que je reconnais pas la dedans, "BgMonitor" entre autre, si vous pourriez m'aider je vous serais très reconnaissant (une fois de plus).
A voir également:

9 réponses

Réponse 1 / 9
!^^![ME] Messages postés 4744 Date d'inscription   Statut Contributeur Dernière intervention   395
 
salut,
fait ceci;
Supprimer le trojan Vundo/Virtumonde
et ceci:
http://bloginformatique.blogspot.com/2007/08/tuto-navifix.html
poste les rapports
@+
0
Réponse 2 / 9
tamaire Messages postés 9 Date d'inscription   Statut Membre Dernière intervention  
 
Rebonsoir, voici donc les rapports:

ComboFix 07-08-30.3 - "Administrator" 2007-08-31 20:59:32.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1769 [GMT 1:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{38262~2
C:\Program Files\Common Files\{68262~1
C:\Program Files\Common Files\{68262~2
C:\WINDOWS\system32\_000110_.tmp.dll
C:\WINDOWS\system32\_000114_.tmp.dll
C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\cdrwovkg.dll
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\icroso~1\?icrosoft\
C:\WINDOWS\system32\pufxovdj.dll
C:\WINDOWS\system32\rtstv.bak1
C:\WINDOWS\system32\rtstv.ini


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))


2007-08-31 20:58 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 21:23 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2007-08-12 21:23 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2007-08-12 21:23 5,606 --a------ C:\WINDOWS\system32\stci.dll
2007-08-12 21:23 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2007-08-12 21:23 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys
2007-08-12 20:57 84,912 -ra------ C:\WINDOWS\system32\drivers\FwRad17.bin
2007-08-12 20:57 83,320 -ra------ C:\WINDOWS\system32\drivers\FwRad16.bin
2007-08-12 20:57 386,688 -ra------ C:\WINDOWS\system32\drivers\TNET1130.sys
2007-07-28 21:23 8,704 --a------ C:\WINDOWS\system32\drivers\UsbFltr.sys
2007-07-28 21:23 <DIR> d-------- C:\Program Files\Wireless Device


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-24 18:58 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\teamspeak2
2007-08-24 18:34 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
2007-08-24 18:25 --------- d-------- C:\Program Files\Azureus
2007-08-23 13:42 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
2007-08-23 13:17 --------- d-------- C:\Program Files\SpywareBlaster
2007-08-23 13:16 --------- d-------- C:\Program Files\SpywareGuard
2007-08-12 21:23 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-03 22:35 --------- d-------- C:\Program Files\Wanadoo Edition
2007-07-03 22:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
2007-06-27 14:19 17920 --a------ C:\WINDOWS\system32\sophosboottasks.exe
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-24 20:15 99904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 08:00 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 18:22]
"nwiz"="nwiz.exe" [2006-10-22 18:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 18:22]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-06-05 15:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-28 02:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"NWEReboot"="" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\PROGRA~1\Sophos\SOPHOS~1\detoured.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys
R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
R3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter;C:\WINDOWS\system32\DRIVERS\tnet1130.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aba7cfc6-49ad-11dc-b3c8-0013d3c27dd4}]
AutoRun\command- G:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-08-29 14:22:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-31 21:06:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-31 21:07:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-31 21:07

--- E O F ---

Search Navipromo version 2.0.9 commencé le Fri 08/31/2007 à 21:21:25.40

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 20.08.2007 a 22h30 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Administrator\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 08/31/07 at 21:21:26.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ...............................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 08/31/07 at 21:25:19 (return code = 0).


*** Recherche avec GenericNaviSearch ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!

Fichiers trouvés :

Aucun Fichier trouvé !

Fichiers suspects :

Aucun Fichier suspect trouvé !



*** Recherche fichiers ***




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********


3)Recherche Certificats :

Certificat Egroup absent !


*** Analyse Terminé le Fri 08/31/2007 à 21:25:37.71 ***



Merci de ton aide !
0
Réponse 3 / 9
!^^![ME] Messages postés 4744 Date d'inscription   Statut Contributeur Dernière intervention   395
 
salut,
tente ceci:
http://bloginformatique.blogspot.com/2007/08/nettoyage-procedure-longue.html
et ceci:
http://bloginformatique.blogspot.com/2007/08/defragmentation.html
poste les rapports et dit moi comment va le pc.
0
Réponse 4 / 9
tamaire Messages postés 9 Date d'inscription   Statut Membre Dernière intervention  
 
Voici les logs:

F-secure:

Scanning Report
Saturday, September 01, 2007 14:41:13 - 15:22:21

Computer name: BLAISE
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 1 malware found
Vundo.gen38 (virus)

* C:\WINDOWS\SYSTEM32\HVMCSNRM.INI (Submitted)

Statistics
Scanned:

* Files: 31579
* System: 4090
* Not scanned: 2

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 1

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-08-28
* F-Secure AVP: 7.0.171, 2007-08-31
* F-Secure Orion: 1.2.37, 2007-08-31
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0597-150-72
* F-Secure Pegasus: 1.19.0, 2007-07-20

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

A-Squared:

a-squared Free - Version 3.0
Last update: 9/1/2007 6:32:36 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 9/1/2007 7:44:37 PM

c:\program files\ares\ares.exe detected: Trace.File.Ares
c:\program files\ares\data\blocked.txt.sample detected: Trace.File.Ares
c:\program files\ares\data\blocked_keywords.txt.sample detected: Trace.File.Ares
c:\program files\ares\data\chanlistfilter.txt detected: Trace.File.Ares
c:\program files\ares\data\gui\general\chat.bmp detected: Trace.File.Ares
c:\program files\ares\data\gui\general\emotic.bmp detected: Trace.File.Ares
c:\program files\ares\data\gui\general\libbig.bmp detected: Trace.File.Ares
c:\program files\ares\data\gui\general\logo.bmp detected: Trace.File.Ares
c:\program files\ares\data\gui\general\mimesmall.bmp detected: Trace.File.Ares
c:\program files\ares\data\gui\general\mshareset.bmp detected: Trace.File.Ares
c:\program files\ares\data\gui\general\prefs.txt detected: Trace.File.Ares
c:\program files\ares\data\gui\general\searchpnl.bmp detected: Trace.File.Ares
c:\program files\ares\data\gui\general\searchstars.bmp detected: Trace.File.Ares
c:\program files\ares\data\gui\general\tabssmall.bmp detected: Trace.File.Ares
c:\program files\ares\data\gui\general\transfer.bmp detected: Trace.File.Ares
c:\program files\ares\data\p2pfilter.txt detected: Trace.File.Ares
c:\program files\ares\lang\arabic.txt detected: Trace.File.Ares
c:\program files\ares\lang\czech.txt detected: Trace.File.Ares
c:\program files\ares\lang\dutch.txt detected: Trace.File.Ares
c:\program files\ares\lang\french.txt detected: Trace.File.Ares
c:\program files\ares\lang\german.txt detected: Trace.File.Ares
c:\program files\ares\lang\italian.txt detected: Trace.File.Ares
c:\program files\ares\lang\japanese.txt detected: Trace.File.Ares
c:\program files\ares\lang\polish.txt detected: Trace.File.Ares
c:\program files\ares\lang\slovak.txt detected: Trace.File.Ares
c:\program files\ares\lang\spanish.txt detected: Trace.File.Ares
c:\program files\ares\lang\swedish.txt detected: Trace.File.Ares
c:\program files\ares\lang\turkish.txt detected: Trace.File.Ares
c:\program files\ares\tcpip_patcher.sys detected: Trace.File.Ares
c:\program files\ares\tcpippatcherdll.dll detected: Trace.File.Ares
Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Height detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Left detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Maximized detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Top detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Width detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Download detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Queue detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Upload detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Data --> AresNet1 detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Data --> JI.AresNet1 detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Download detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Queue detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Upload detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Extra.ShowActiveCaption detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoConnect detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoStartUp detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.LastLibraryMode detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastChatRoomBrowse detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastLibrary detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastPMBrowse detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastSearch detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Network.DHTID detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Personal.GUID detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Privacy.SendRegularPath detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AllowBrowse detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AwayMessage detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CAvgTime detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CDnSpeed detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CFRTime detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CTtUptime detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.CUpSpeed detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.HasLQCa detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQuery detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQueryInt detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.MaximizeUpBandOnIdle detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.ServerPort detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayName detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayVersion detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> Publisher detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> UninstallString detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLInfoAbout detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLUpdateInfo detected: Trace.Registry.Ares
c:\program files\ares detected: Trace.Directory.Ares
c:\program files\ares\data detected: Trace.Directory.Ares
c:\program files\ares\data\gui detected: Trace.Directory.Ares
c:\program files\ares\data\gui\general detected: Trace.Directory.Ares
c:\program files\ares\data\gui\osthemes detected: Trace.Directory.Ares
c:\program files\ares\lang detected: Trace.Directory.Ares
c:\program files\ares\asyncex.ax detected: Trace.File.Ares
c:\program files\ares\chatserver.exe detected: Trace.File.Ares
c:\program files\ares\data\chatconf.txt detected: Trace.File.Ares
c:\program files\ares\data\chatlang.txt.sample detected: Trace.File.Ares
c:\program files\ares\data\gui\general\buttonsbitmap.bmp detected: Trace.File.Ares
c:\program files\ares\data\homepage.url detected: Trace.File.Ares
c:\program files\ares\libfaad2.dll detected: Trace.File.Ares
c:\program files\ares\mp3source.ax detected: Trace.File.Ares
Value: HKEY_CLASSES_ROOT\CLSID\{3E0FA044-926C-42D9-BA12-EF16E980913B}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.AutoAddToFavorites detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.AutoClose detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ShowTaskBtn detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.HookBitTorrentExt detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.Language detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.MSNSongNotif detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Hashing.Priority detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Playlist.PreviousASXApp detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Playlist.PreviousM3UApp detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Playlist.PreviousWAXApp detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Torrents.PreviousApp detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E0FA044-926C-42D9-BA12-EF16E980913B}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Ares
C:\Program Files\mIRC\mirc.exe detected: Riskware.Client-IRC.Win32.mIRC.621
C:\Program Files\Navilog1\Process.exe detected: Riskware.RiskTool.Win32.Processor.20
C:\qoobox\Quarantine\C\WINDOWS\system32\cdrwovkg.dll.vir detected: Adware.Win32.BHO.v
C:\qoobox\Quarantine\C\WINDOWS\system32\pufxovdj.dll.vir detected: Adware.Win32.BHO.v

Scanned

Files: 189558
Traces: 137487
Cookies: 30
Processes: 13

Found

Files: 4
Traces: 100
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 9/1/2007 10:02:51 PM
Scan time: 2:18:14 AM

C:\qoobox\Quarantine\C\WINDOWS\system32\cdrwovkg.dll.vir Quarantined Adware.Win32.BHO.v
C:\qoobox\Quarantine\C\WINDOWS\system32\pufxovdj.dll.vir Quarantined Adware.Win32.BHO.v

Quarantined

Files: 2
Traces: 0
Cookies: 0


Ad-Aware:

Scan mode: Full
Scan time: 00:49:00
Number of objects scanned: 258301
Number of infections found: 4
Critical: 0
Privacy Objects: 4
Infections deleted: 4
Total infections quarantined: 0
Total infections ignored by scanner: 0

AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:18:20 PM 9/2/2007

+ Scan result:



:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\szzn0236.default\cookies.txt -> TrackingCookie.Com : Cleaned.


::Report end


SAS n'a rien trouvé. J'ai toujours le même problème, mon desktop prend 1 minute et demi pour s'afficher, au lieu de quelques secondes.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
tamaire Messages postés 9 Date d'inscription   Statut Membre Dernière intervention  
 
A priori tout est bon, il démarre normalement maintenant, la seule chose differente est que mes CD (ou DVD) ne se lancent pas automatiquement, y'a-t-il un moyen de réctifier ceci ?

Et dans mon log HJT j'ai cette ligne:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

C'est une trace de Virtumonde ? Est-ce qu'il faut que je le "fix" ?

Voila en tout cas merci de votre aide, j'espère que vous aurez le temps de répondre à mes questions, histoire de savoir si je peux reconnecter mon ordi au net ^^
0
Réponse 6 / 9
!^^![ME] Messages postés 4744 Date d'inscription   Statut Contributeur Dernière intervention   395
 
Pour tes cd va voir dans la partie materiel...coche cette ligne mais ce n'est pas une trace de vundo...@+
0
Réponse 7 / 9
tamaire Messages postés 9 Date d'inscription   Statut Membre Dernière intervention  
 
Merci beaucoup pour ta réponse rapide :)
0
Réponse 8 / 9
!^^![ME] Messages postés 4744 Date d'inscription   Statut Contributeur Dernière intervention   395
 
met resolu stp.
0
Réponse 9 / 9
tamaire Messages postés 9 Date d'inscription   Statut Membre Dernière intervention  
 
Oui j'avais oublié désolais, c'est fait maintenant.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
message de postmaster incessant !
wasap -
wasap -

9 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses