A l'aide!! Besoin d'aide s'il vous plait!
crawford2
Messages postés
87
Statut
Membre
-
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
j'ai un serieu problème que je n'arrive pas a résoudre sur mon ordinateur, pourriez-vous m'aider, je n'arrive pas a éliminer le virus BDS/IRC.Zapchast.A3
Voici un rapport Hijackthis suivit d'un rapport d'un antivirus Avira Antivir:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:54:48, on 01/06/2001
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\UTILISATEUR\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.sn/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F622601B-0FB3-4B78-BE90-21963BAF921C} - C:\WINDOWS\System32\xxwtr.dll (file missing)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PepID] C:\WINDOWS\System32\pepid.exe
O4 - HKLM\..\Run: [msennger] C:\Program Files\taskmngr\tasket.com
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [superproxy] C:\WINDOWS\superproxy.exe
O4 - HKCU\..\Run: [hohohhaha] C:\Program Files\taskmngr\tasket.com
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Pense-bête.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\register.exe
O4 - Global Startup: DSLMON.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech QuickCam Manager - Unknown owner - C:\WINDOWS\System32\dllcache\mlqm.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\nsch0st.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Windows Terminal Services - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
End of file - 5554 bytes
Voila,
AntiVir PersonalEdition Classic
Report file date: vendredi 1 juin 2001 15:03
Scanning for 1036370 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: UTILISATEUR
Computer name: ACER-OINPT4WFVC
Version information:
BUILD.DAT : 268 15604 Bytes 31/08/2007 13:04:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 12:32:42
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 12:32:48
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25/08/2007 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 28/08/2007 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 29/08/2007 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 1 juin 2001 15:03
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '40' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279408.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b49a884.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279410.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a887.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279411.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b49a88a.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279412.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a88b.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279414.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a88d.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279416.dll
[DETECTION] Is the Trojan horse TR/Juan.H
[INFO] The file was moved to '3b49a88f.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279417.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b49a890.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279422.DLL
[DETECTION] Is the Trojan horse TR/Virtumonde.26730
[INFO] The file was moved to '3b49a892.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279425.DLL
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b49a894.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP316\A0200999.DLL
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8c1.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP316\A0201041.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8c3.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP316\A0201052.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8c5.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP316\A0202052.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8c7.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP317\A0202081.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8ca.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP318\A0202142.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8ce.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP318\A0202155.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8d0.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP323\A0209324.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8d3.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP323\A0212324.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8d5.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP323\A0212342.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8d7.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP327\A0217459.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8db.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP327\A0217460.DLL
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8dd.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP327\A0218464.DLL
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8de.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP335\A0235739.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8e2.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP335\A0236739.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8e4.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP314\A0191919.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b48a9b3.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP319\A0203184.DLL
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9b7.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP319\A0203196.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9b9.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP321\A0209244.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9bd.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP321\A0209259.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9bf.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP324\A0214364.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9c4.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP324\A0215374.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9c6.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP325\A0216383.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9c8.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP326\A0216413.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9cb.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP328\A0221481.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9cf.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP328\A0222481.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9d1.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP328\A0222491.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9d2.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP328\A0223491.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9d5.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP330\A0225528.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9d8.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP330\A0226528.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9da.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP330\A0227528.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9e0.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP330\A0229552.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9e1.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP331\A0233561.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9e4.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP332\A0233571.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9e5.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP332\A0233580.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3ac46b26.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP332\A0233591.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9e6.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP332\A0233602.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3ac46b27.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP333\A0233627.DLL
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9e8.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP336\A0237765.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9ea.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP346\A0251054.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Vanebot.B Backdoor server programs
[INFO] The file was moved to '3b49a9f3.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279454.exe
[DETECTION] Is the Trojan horse TR/Dldr.Tibs.HH.2
[INFO] The file was moved to '3b49a9fb.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279455.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '3ac46b3c.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279456.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '3b49a9fd.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279459.dll
[DETECTION] Is the Trojan horse TR/PSW.Sinowal.I.9
[INFO] The file was moved to '3b49a9fc.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279460.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3ac46b3d.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279461.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b49a9fe.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279462.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3ac46b3e.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279463.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b49a9ff.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279464.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3ac468c0.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279465.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3ac46b3f.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279466.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b49a980.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279467.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3ac46b41.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279468.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b49aa01.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279469.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3ac468c2.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279470.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b49aa03.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279471.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3ac468c4.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279472.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b49aa00.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279473.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3ac468c1.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279474.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b49aa02.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279475.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b49aa05.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279476.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3ac468c6.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279477.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b49aa07.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279478.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3ac468c8.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279479.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3ac468c3.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP354\A0289937.com
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/IRC.Zapchast.A3 Backdoor server programs
[INFO] The file was moved to '3b49aa2d.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP354\A0289938.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Vanebot.B Backdoor server programs
[INFO] The file was moved to '3b49aa2e.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP354\A0289939.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.147456
[INFO] The file was moved to '3ac468ef.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP354\A0289940.exe
[DETECTION] Is the Trojan horse TR/Click.Agen.7168
[INFO] The file was moved to '3b49aa2f.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP354\A0289941.INS
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/IRC.Zapchast.A3 Backdoor server programs
[INFO] The file was moved to '3ac468f0.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP354\A0289942.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.618496.47
[INFO] The file was moved to '3b49aa31.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP354\A0289943.INS
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/IRC.Zapchast.A3 Backdoor server programs
[INFO] The file was moved to '3b49aa30.qua'!
C:\VundoFix Backups\atmefeoe.dll.bad
[DETECTION] Is the Trojan horse TR/Spy.VBStat.B.1
[INFO] The file was moved to '3b84aa89.qua'!
C:\VundoFix Backups\bsmnkcco.dll.bad
[DETECTION] Is the Trojan horse TR/Spy.VBStat.B.1
[INFO] The file was moved to '3b84aa88.qua'!
C:\VundoFix Backups\byxyvtt.dll.bad
[DETECTION] Is the Trojan horse TR/Virtumonde.26730
[INFO] The file was moved to '3b8faa8f.qua'!
C:\VundoFix Backups\cokdbeag.dll.bad
[DETECTION] Is the Trojan horse TR/Spy.Agent.132660
[INFO] The file was moved to '3b82aa85.qua'!
C:\VundoFix Backups\dslqdalw.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b83aa8a.qua'!
C:\VundoFix Backups\efcabby.dll.bad
[DETECTION] Is the Trojan horse TR/Virtumonde.26730
[INFO] The file was moved to '3b7aaa7d.qua'!
C:\VundoFix Backups\elujapqi.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b8caa83.qua'!
C:\VundoFix Backups\eumsjvmr.dll.bad
[DETECTION] Is the Trojan horse TR/Spy.VBStat.B.1
[INFO] The file was moved to '3b84aa8d.qua'!
C:\VundoFix Backups\fefraxwq.dll.bad
[DETECTION] Is the Trojan horse TR/Spy.VBStat.B.1
[INFO] The file was moved to '3b7daa7d.qua'!
C:\VundoFix Backups\hjcfdrwg.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b7aaa83.qua'!
C:\VundoFix Backups\ictaqjkg.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b8baa7c.qua'!
C:\VundoFix Backups\idkkevhx.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b82aa7d.qua'!
C:\VundoFix Backups\ifucpyvu.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b8caa80.qua'!
C:\VundoFix Backups\jqdsujwp.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b7baa8b.qua'!
C:\VundoFix Backups\jyahufqk.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b78aa93.qua'!
C:\VundoFix Backups\kmxgrloa.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b8faa88.qua'!
C:\VundoFix Backups\leuxdpum.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3a071d31.qua'!
C:\VundoFix Backups\lfjycdgw.dll.bad
[DETECTION] Is the Trojan horse TR/Juan.E
[INFO] The file was moved to '3b81aa81.qua'!
C:\VundoFix Backups\ncycvmfs.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b90aa7f.qua'!
C:\VundoFix Backups\nniaettu.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b80aa8a.qua'!
C:\VundoFix Backups\qgpdlclu.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b87aa84.qua'!
C:\VundoFix Backups\qrhasdfn.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b7faa8f.qua'!
C:\VundoFix Backups\rfupsnxu.dll.bad
[DETECTION] Is the Trojan horse TR/Spy.VBStat.B.1
[INFO] The file was moved to '3b8caa84.qua'!
C:\VundoFix Backups\rjltidok.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b83aa88.qua'!
C:\VundoFix Backups\rlsqnqwt.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b8aaa8a.qua'!
C:\VundoFix Backups\sieknoyp.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b7caa88.qua'!
C:\VundoFix Backups\unvxqfdr.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b8daa8e.qua'!
C:\VundoFix Backups\uriipasp.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b80aa92.qua'!
C:\VundoFix Backups\wcsbjxko.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b8aaa83.qua'!
C:\VundoFix Backups\wdtyifdg.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b8baa85.qua'!
C:\VundoFix Backups\whtplvpp.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b8baa89.qua'!
C:\VundoFix Backups\xwujmnaa.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b8caa98.qua'!
C:\VundoFix Backups\xxwtr.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b8eaa99.qua'!
C:\VundoFix Backups\ylyedbur.dll.bad
[DETECTION] Is the Trojan horse TR/Juan.H
[INFO] The file was moved to '3b90aa8e.qua'!
C:\VundoFix Backups\ysjfehmv.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b81aa95.qua'!
C:\qoobox\Quarantine\C\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft\Internet Explorer\Desktop.htt.vir
[DETECTION] Contains detection pattern of the HTML script virus HTML/Ficticious
[INFO] The file was moved to '3b8aaa88.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dlh9jkd1q2.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '3af06740.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dlh9jkd1q6.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '3b7faa91.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dmmwhgsd.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b84aa90.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jlvwrgfb.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b8daa90.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xfhwhxdf.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b7faa8a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\blscudua.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b8aaa90.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vqbaoebb.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b79aa96.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\lpsnwbmn.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b8aaa95.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mxukhqbh.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b8caa9d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gyimvlhp.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b80aa9f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jmstqsqw.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b8aaa93.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jaxtgryd.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b8faa87.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mqmosdnr.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b84aa98.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\haolmfao.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b86aa88.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\crchvihr.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b7aaa99.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ftpdtmah.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b87aa9c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ookrwkop.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b82aa97.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mhfssgtq.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b7daa90.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ntefdwnp.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b7caa9d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\olnlnidp.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b85aa95.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gxqavusr.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b88aaa1.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vwvtincj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b8daaa1.qua'!
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.Sinowal.I.9
[INFO] The file was moved to '3b84aa8c.qua'!
Begin scan in 'D:\' <ACERDATA>
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: vendredi 1 juin 2001 15:44
Used time: 40:56 min
The scan has been done completely.
4344 Scanning directories
197942 Files were scanned
139 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
139 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
197803 Files not concerned
6114 Archives were scanned
1 Warnings
0 Notes
Voila, merci d'avance... prevenez moi si vous pouvez faire quelque chose, merci
j'ai un serieu problème que je n'arrive pas a résoudre sur mon ordinateur, pourriez-vous m'aider, je n'arrive pas a éliminer le virus BDS/IRC.Zapchast.A3
Voici un rapport Hijackthis suivit d'un rapport d'un antivirus Avira Antivir:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:54:48, on 01/06/2001
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\UTILISATEUR\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.sn/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F622601B-0FB3-4B78-BE90-21963BAF921C} - C:\WINDOWS\System32\xxwtr.dll (file missing)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PepID] C:\WINDOWS\System32\pepid.exe
O4 - HKLM\..\Run: [msennger] C:\Program Files\taskmngr\tasket.com
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [superproxy] C:\WINDOWS\superproxy.exe
O4 - HKCU\..\Run: [hohohhaha] C:\Program Files\taskmngr\tasket.com
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Pense-bête.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\register.exe
O4 - Global Startup: DSLMON.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech QuickCam Manager - Unknown owner - C:\WINDOWS\System32\dllcache\mlqm.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\nsch0st.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Windows Terminal Services - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
End of file - 5554 bytes
Voila,
AntiVir PersonalEdition Classic
Report file date: vendredi 1 juin 2001 15:03
Scanning for 1036370 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: UTILISATEUR
Computer name: ACER-OINPT4WFVC
Version information:
BUILD.DAT : 268 15604 Bytes 31/08/2007 13:04:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 12:32:42
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 12:32:48
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25/08/2007 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 28/08/2007 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 29/08/2007 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 1 juin 2001 15:03
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '40' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279408.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b49a884.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279410.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a887.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279411.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b49a88a.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279412.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a88b.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279414.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a88d.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279416.dll
[DETECTION] Is the Trojan horse TR/Juan.H
[INFO] The file was moved to '3b49a88f.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279417.dll
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b49a890.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279422.DLL
[DETECTION] Is the Trojan horse TR/Virtumonde.26730
[INFO] The file was moved to '3b49a892.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP352\A0279425.DLL
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b49a894.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP316\A0200999.DLL
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8c1.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP316\A0201041.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8c3.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP316\A0201052.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8c5.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP316\A0202052.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8c7.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP317\A0202081.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8ca.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP318\A0202142.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8ce.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP318\A0202155.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8d0.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP323\A0209324.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8d3.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP323\A0212324.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8d5.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP323\A0212342.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8d7.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP327\A0217459.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8db.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP327\A0217460.DLL
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8dd.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP327\A0218464.DLL
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8de.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP335\A0235739.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8e2.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP335\A0236739.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a8e4.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP314\A0191919.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b48a9b3.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP319\A0203184.DLL
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9b7.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP319\A0203196.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9b9.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP321\A0209244.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9bd.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP321\A0209259.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9bf.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP324\A0214364.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9c4.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP324\A0215374.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9c6.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP325\A0216383.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9c8.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP326\A0216413.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9cb.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP328\A0221481.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9cf.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP328\A0222481.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9d1.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP328\A0222491.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9d2.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP328\A0223491.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9d5.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP330\A0225528.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9d8.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP330\A0226528.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9da.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP330\A0227528.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9e0.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP330\A0229552.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9e1.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP331\A0233561.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9e4.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP332\A0233571.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9e5.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP332\A0233580.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3ac46b26.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP332\A0233591.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9e6.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP332\A0233602.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3ac46b27.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP333\A0233627.DLL
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9e8.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP336\A0237765.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b49a9ea.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP346\A0251054.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Vanebot.B Backdoor server programs
[INFO] The file was moved to '3b49a9f3.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279454.exe
[DETECTION] Is the Trojan horse TR/Dldr.Tibs.HH.2
[INFO] The file was moved to '3b49a9fb.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279455.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '3ac46b3c.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279456.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '3b49a9fd.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279459.dll
[DETECTION] Is the Trojan horse TR/PSW.Sinowal.I.9
[INFO] The file was moved to '3b49a9fc.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279460.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3ac46b3d.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279461.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b49a9fe.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279462.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3ac46b3e.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279463.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b49a9ff.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279464.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3ac468c0.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279465.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3ac46b3f.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279466.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b49a980.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279467.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3ac46b41.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279468.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b49aa01.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279469.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3ac468c2.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279470.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b49aa03.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279471.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3ac468c4.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279472.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b49aa00.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279473.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3ac468c1.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279474.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b49aa02.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279475.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b49aa05.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279476.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3ac468c6.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279477.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b49aa07.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279478.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3ac468c8.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP353\A0279479.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3ac468c3.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP354\A0289937.com
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/IRC.Zapchast.A3 Backdoor server programs
[INFO] The file was moved to '3b49aa2d.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP354\A0289938.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Vanebot.B Backdoor server programs
[INFO] The file was moved to '3b49aa2e.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP354\A0289939.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.147456
[INFO] The file was moved to '3ac468ef.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP354\A0289940.exe
[DETECTION] Is the Trojan horse TR/Click.Agen.7168
[INFO] The file was moved to '3b49aa2f.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP354\A0289941.INS
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/IRC.Zapchast.A3 Backdoor server programs
[INFO] The file was moved to '3ac468f0.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP354\A0289942.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.618496.47
[INFO] The file was moved to '3b49aa31.qua'!
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP354\A0289943.INS
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/IRC.Zapchast.A3 Backdoor server programs
[INFO] The file was moved to '3b49aa30.qua'!
C:\VundoFix Backups\atmefeoe.dll.bad
[DETECTION] Is the Trojan horse TR/Spy.VBStat.B.1
[INFO] The file was moved to '3b84aa89.qua'!
C:\VundoFix Backups\bsmnkcco.dll.bad
[DETECTION] Is the Trojan horse TR/Spy.VBStat.B.1
[INFO] The file was moved to '3b84aa88.qua'!
C:\VundoFix Backups\byxyvtt.dll.bad
[DETECTION] Is the Trojan horse TR/Virtumonde.26730
[INFO] The file was moved to '3b8faa8f.qua'!
C:\VundoFix Backups\cokdbeag.dll.bad
[DETECTION] Is the Trojan horse TR/Spy.Agent.132660
[INFO] The file was moved to '3b82aa85.qua'!
C:\VundoFix Backups\dslqdalw.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b83aa8a.qua'!
C:\VundoFix Backups\efcabby.dll.bad
[DETECTION] Is the Trojan horse TR/Virtumonde.26730
[INFO] The file was moved to '3b7aaa7d.qua'!
C:\VundoFix Backups\elujapqi.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b8caa83.qua'!
C:\VundoFix Backups\eumsjvmr.dll.bad
[DETECTION] Is the Trojan horse TR/Spy.VBStat.B.1
[INFO] The file was moved to '3b84aa8d.qua'!
C:\VundoFix Backups\fefraxwq.dll.bad
[DETECTION] Is the Trojan horse TR/Spy.VBStat.B.1
[INFO] The file was moved to '3b7daa7d.qua'!
C:\VundoFix Backups\hjcfdrwg.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b7aaa83.qua'!
C:\VundoFix Backups\ictaqjkg.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b8baa7c.qua'!
C:\VundoFix Backups\idkkevhx.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b82aa7d.qua'!
C:\VundoFix Backups\ifucpyvu.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b8caa80.qua'!
C:\VundoFix Backups\jqdsujwp.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b7baa8b.qua'!
C:\VundoFix Backups\jyahufqk.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b78aa93.qua'!
C:\VundoFix Backups\kmxgrloa.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b8faa88.qua'!
C:\VundoFix Backups\leuxdpum.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3a071d31.qua'!
C:\VundoFix Backups\lfjycdgw.dll.bad
[DETECTION] Is the Trojan horse TR/Juan.E
[INFO] The file was moved to '3b81aa81.qua'!
C:\VundoFix Backups\ncycvmfs.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b90aa7f.qua'!
C:\VundoFix Backups\nniaettu.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b80aa8a.qua'!
C:\VundoFix Backups\qgpdlclu.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b87aa84.qua'!
C:\VundoFix Backups\qrhasdfn.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b7faa8f.qua'!
C:\VundoFix Backups\rfupsnxu.dll.bad
[DETECTION] Is the Trojan horse TR/Spy.VBStat.B.1
[INFO] The file was moved to '3b8caa84.qua'!
C:\VundoFix Backups\rjltidok.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b83aa88.qua'!
C:\VundoFix Backups\rlsqnqwt.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b8aaa8a.qua'!
C:\VundoFix Backups\sieknoyp.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b7caa88.qua'!
C:\VundoFix Backups\unvxqfdr.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b8daa8e.qua'!
C:\VundoFix Backups\uriipasp.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b80aa92.qua'!
C:\VundoFix Backups\wcsbjxko.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b8aaa83.qua'!
C:\VundoFix Backups\wdtyifdg.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b8baa85.qua'!
C:\VundoFix Backups\whtplvpp.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b8baa89.qua'!
C:\VundoFix Backups\xwujmnaa.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '3b8caa98.qua'!
C:\VundoFix Backups\xxwtr.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b8eaa99.qua'!
C:\VundoFix Backups\ylyedbur.dll.bad
[DETECTION] Is the Trojan horse TR/Juan.H
[INFO] The file was moved to '3b90aa8e.qua'!
C:\VundoFix Backups\ysjfehmv.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '3b81aa95.qua'!
C:\qoobox\Quarantine\C\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft\Internet Explorer\Desktop.htt.vir
[DETECTION] Contains detection pattern of the HTML script virus HTML/Ficticious
[INFO] The file was moved to '3b8aaa88.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dlh9jkd1q2.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '3af06740.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dlh9jkd1q6.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '3b7faa91.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dmmwhgsd.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b84aa90.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jlvwrgfb.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b8daa90.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xfhwhxdf.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b7faa8a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\blscudua.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b8aaa90.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vqbaoebb.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b79aa96.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\lpsnwbmn.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b8aaa95.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mxukhqbh.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b8caa9d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gyimvlhp.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.A
[INFO] The file was moved to '3b80aa9f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jmstqsqw.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b8aaa93.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jaxtgryd.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b8faa87.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mqmosdnr.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b84aa98.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\haolmfao.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b86aa88.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\crchvihr.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '3b7aaa99.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ftpdtmah.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b87aa9c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ookrwkop.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b82aa97.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mhfssgtq.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b7daa90.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ntefdwnp.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b7caa9d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\olnlnidp.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b85aa95.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gxqavusr.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b88aaa1.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vwvtincj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '3b8daaa1.qua'!
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.Sinowal.I.9
[INFO] The file was moved to '3b84aa8c.qua'!
Begin scan in 'D:\' <ACERDATA>
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: vendredi 1 juin 2001 15:44
Used time: 40:56 min
The scan has been done completely.
4344 Scanning directories
197942 Files were scanned
139 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
139 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
197803 Files not concerned
6114 Archives were scanned
1 Warnings
0 Notes
Voila, merci d'avance... prevenez moi si vous pouvez faire quelque chose, merci
A voir également:
- A l'aide!! Besoin d'aide s'il vous plait!
- Adresse s'il vous plaît ✓ - Forum Mail
- S'il te plait ne pars pas oh mon amour ✓ - Forum Cinéma / Télé
- Bonjour j'ai besoin d'aide s'il vous plaît. ✓ - Forum C
- Autocar SNCF : Besoin d'aide S'il vous plait ✓ - Forum Loisirs / Divertissements
- AIDE s'il vous plaît (Japonais) ✓ - Forum Loisirs / Divertissements
2 réponses
Bonjour,
ton ordi a déjà fait l'objet de désinfection.
Donne moi les références des posts concernés.
En fait, ta version de Windows n'est pas jour, ni ton navigateur.
Tu es probablement un bon cas d'ordinateur zombie.
En fin de désinfection, il faudra mettre à jour Windows, d'où ma question : version légale ?
1) Commence par mettre un log Hijackthis en mode normal (si tu peux).
2) Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\WINDOWS\System32\pepid.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Tu recommences avec :
C:\Program Files\taskmngr\tasket.com
C:\WINDOWS\superproxy.exe
C:\WINDOWS\System32\dllcache\mlqm.exe
C:\WINDOWS\System32\dllcache\nsch0st.exe
C:\WINDOWS\System32\msasvc.exe
C:\WINDOWS\system32\spoolvc.exe
3) ========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage
[Coche] « afficher les dossiers et fichiers cachés »
[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
[Décoche] « masquer les extensions dont le type est connu »
Puis fais [appliquer] pour valider les changements.
Et [Ok]
========================================
-> Relance HijackThis cliques sur « scanner seulement » ou (« do a scan only »),
coche les cases devant ces lignes :
O2 - BHO: (no name) - {F622601B-0FB3-4B78-BE90-21963BAF921C} - C:\WINDOWS\System32\xxwtr.dll (file missing)
O4 - HKLM\..\Run: [msennger] C:\Program Files\taskmngr\tasket.com
O4 - HKCU\..\Run: [superproxy] C:\WINDOWS\superproxy.exe
O4 - HKCU\..\Run: [hohohhaha] C:\Program Files\taskmngr\tasket.com
et ensuite ferme toutes les fenêtres actives autres que HijackThis!, navigateur inclus,
puis clique "Fix checked"( ou « fixer objet »). Ferme HijackThis!
========================================
Arrête ce service
Microsoft Agent
pour ça fais cette manip :
Démarrer -> executer tape services.msc clic droit sur le service cité - > propriétés et dans "type de démarrage" et mets le sur « arrêté » et « désactivé ».
recommence avec :
Microsoft authenticate service
Windows Terminal Services
=======================================
4) redémarre l'ordi et remets un log Hijackthis.
@+
ton ordi a déjà fait l'objet de désinfection.
Donne moi les références des posts concernés.
En fait, ta version de Windows n'est pas jour, ni ton navigateur.
Tu es probablement un bon cas d'ordinateur zombie.
En fin de désinfection, il faudra mettre à jour Windows, d'où ma question : version légale ?
1) Commence par mettre un log Hijackthis en mode normal (si tu peux).
2) Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\WINDOWS\System32\pepid.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Tu recommences avec :
C:\Program Files\taskmngr\tasket.com
C:\WINDOWS\superproxy.exe
C:\WINDOWS\System32\dllcache\mlqm.exe
C:\WINDOWS\System32\dllcache\nsch0st.exe
C:\WINDOWS\System32\msasvc.exe
C:\WINDOWS\system32\spoolvc.exe
3) ========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage
[Coche] « afficher les dossiers et fichiers cachés »
[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
[Décoche] « masquer les extensions dont le type est connu »
Puis fais [appliquer] pour valider les changements.
Et [Ok]
========================================
-> Relance HijackThis cliques sur « scanner seulement » ou (« do a scan only »),
coche les cases devant ces lignes :
O2 - BHO: (no name) - {F622601B-0FB3-4B78-BE90-21963BAF921C} - C:\WINDOWS\System32\xxwtr.dll (file missing)
O4 - HKLM\..\Run: [msennger] C:\Program Files\taskmngr\tasket.com
O4 - HKCU\..\Run: [superproxy] C:\WINDOWS\superproxy.exe
O4 - HKCU\..\Run: [hohohhaha] C:\Program Files\taskmngr\tasket.com
et ensuite ferme toutes les fenêtres actives autres que HijackThis!, navigateur inclus,
puis clique "Fix checked"( ou « fixer objet »). Ferme HijackThis!
========================================
Arrête ce service
Microsoft Agent
pour ça fais cette manip :
Démarrer -> executer tape services.msc clic droit sur le service cité - > propriétés et dans "type de démarrage" et mets le sur « arrêté » et « désactivé ».
recommence avec :
Microsoft authenticate service
Windows Terminal Services
=======================================
4) redémarre l'ordi et remets un log Hijackthis.
@+
