Problèmes depuis virus Trojan

MCosmo -  
QuelBeauPseudo Messages postés 258 Date d'inscription   Statut Membre -
Bonjour. Il y a deux jours , mon virus a été infecté par un Trojan et spywares, après avoir télécharger un fichier (démo d'un jeu, soit disant) Depuis, mon ordinateur ne cesse de partir en vrille. J'ai tout d'abord utilisé mon anti-virus Trojan, qui est apparament arrivé à supprimer le ou les virus. J'ai ensuite utilisé Spybot et Ad-Aware, qui m'indique à présent que mon ordinateur n'est pas infecté.

Seulement, j'ai toujours des problèmes :
- quand je vais sur internet, que je clique sur un lien, ce sont des pages de publicités qui s'affichent, je dois faire retour puis recliquer plusieurs fois, pour voir le vrai site en question
- les 3/4 du temps, au bout de 15 minutes s'affiche le message "explorer.exe a rencontré un problème et doit fermer [...]"
- j'ai des dossiers qui sont apparus et que je n'arrive pas à supprimer (même avec utilisation de TuneUp Utilities), C:\Program Files\Nutttuhv\bgzaauqn.dll , et C:\Program Files\xcfcvmbo\bodmdsno.dll

Voilà, j'espère que le message est clair, je ne suis pas vraiment doué question technique ^^

Merci !
Configuration: Windows XP
Internet Explorer 6.0

10 réponses

  1. MCosmo Messages postés 3 Date d'inscription   Statut Membre
     
    Voici le rapport HIJACKTHIS ;)

    Logfile of HijackThis v1.99.1
    Scan saved at 22:17:05, on 14/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\MESSAG~1\StartMessager.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Logitech\ImageStudio\LowLight.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {64B94229-7967-860A-A0C2-034C02BA876B} - C:\Program Files\Nutttuhv\bgzaauqn.dll
    O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\efcyaxy.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [xcfcvmbo] rundll32.exe "C:\Program Files\xcfcvmbo\bodmdsno.dll",Init
    O4 - HKLM\..\Run: [upchghcr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\upchghcr.dll"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - https://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.fr/clients/uploader_v2.1.0.56.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: bw+0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {B8A64775-E8B5-4539-AD7A-1ACE598631C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: efcyaxy - C:\WINDOWS\SYSTEM32\efcyaxy.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    0
  2. QuelBeauPseudo Messages postés 258 Date d'inscription   Statut Membre 32
     
    Bonsoir.
    Pour hijackthis j'ai besoin de temps.

    1)Assure toi que l'option de bouclier resident est enclenché dans spybot

    2)degage avast installe antivir
    https://www.malekal.com/avira-free-security-antivirus-gratuit/
    Fait la mise a jour et le scan.
    Ya aussi le tutorial dans cette page.
    Verifie que l'option d'antivir qui l'empeche d'etre coupée est enclenchée

    3)telecharge avg antispy
    https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/
    Fait la mise a jour et le scan.
    Ya aussi le tutorial dans cette page.

    4)Mur de feu?
    https://www.malekal.com/tutorial-et-guide-counterspy/
    Ya aussi le tutorial dans cette page.

    5)Prends connaissance du contenu le lien suivant:
    http://www.f-secure.com/products/license-terms/eult_fra.pdf
    Tu as donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que tu vas télécharger.
    Maintenant fais un clic droit sur ce lien :
    http://perso.orange.fr/il.mafioso/Navifix/navilog1.zip
    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Fais un clic droit sur navilog1.zip et choisis "tout extraire"
    Ensuite double clique sur navilog1.bat
    Laisses-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2 sans notre avis/accord)
    Patientes jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuies sur une touche comme demandé, le blocnote va s'ouvrir.
    Copies-colles l'intégralité dans une réponse. Refermes le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
    0
  3. QuelBeauPseudo Messages postés 258 Date d'inscription   Statut Membre 32
     
    Je vient de trouver un truc louche lance un scan ici pour confirmation et poste le rapport.
    https://www.kaspersky.fr/downloads
    Oulala, bon pas de panique... Je croit qu'il ya du boulot.
    Fait bien toutes les mises a jours des antispy et les scans aussi pour antivir.
    Ensuite poste un nouveau rapport d'HyjackThis avec celui de kaspersky je repasse apres et aussi biensur le navilog/blacklight.
    Ne t'inquiete, sa va aller.
    0
  4. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir,

    je m'excuse d'intervenir, mais vundofix serait peut être approprié

    * Télécharge VundoFix.exe (par Atribune) sur ton Bureau

    http://www.atribune.org/ccount/click.php?id=4

    * Double-clique VundoFix.exe afin de le lancer

    * Clique sur le bouton Scan for Vundo

    * Lorsque le scan est complété, clique sur le bouton Remove Vundo

    * Une invite te demandera si tu veux supprimer les fichiers, clique YES

    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. MCosmo Messages postés 3 Date d'inscription   Statut Membre
     
    Je vais essayer tout ça et vous tenir au courant, merci pour ces réponses, car je suis assez dépassée.
    QuelBeauPseudo : tu entends quoi par "navilog/blacklight" , c'est un peu du chinois pour moi =/

    Merci !
    0
  7. QuelBeauPseudo Messages postés 258 Date d'inscription   Statut Membre 32
     
    navilog/blacklight c'est les rapports que tu obtient par l'utilisation de navifix.
    "philae83" est sans doute competent laisse tranquille navifix et lance plutot vundo comme il dit
    (moi j'ai pas encore une habitude eprouvée, "philae83" si)
    J'ai trouvé 2 lignes tres suspectes mais il devrait probablement avoir du ménage avec antivir et avg antispy, c'est pour sa que je n'est pas analysé la totalité du rapport hyjackthis. Il en faudrat un nouveau apres les manips pour voir se qui persiste.
    0
  8. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    "philae83" est sans doute competent laisse tranquille navifix et lance plutot vundo comme il dit


    je suis elle :) lol

    ceci dit, tu verras après le passage de vundo, ce que ça donne
    0
  9. MCosmo
     
    J'ai commencé avec VundoFix, voici le rapport :

    VundoFix V6.5.8

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 11:42:22 15/09/2007

    Listing files found while scanning....

    C:\windows\system32\drvmetr.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\drvmetr.dll
    C:\windows\system32\drvmetr.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    0
  10. MCosmo
     
    Rapport Antivir

    AntiVir PersonalEdition Classic
    Report file date: samedi 15 septembre 2007 11:58

    Scanning for 1070955 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: PERSO-5157E8835

    Version information:
    BUILD.DAT : 268 15604 Bytes 31/08/2007 13:04:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
    ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 11:32:40
    ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 11:32:46
    ANTIVIR2.VDF : 6.39.1.120 1918464 Bytes 12/09/2007 21:36:04
    ANTIVIR3.VDF : 6.39.1.133 109568 Bytes 14/09/2007 21:36:04
    AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 29/08/2007 16:09:10
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: G:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 15 septembre 2007 11:58

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'Watch.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
    Scan process 'ComComp.exe' - '1' Module(s) have been scanned
    Scan process 'dslmon.exe' - '1' Module(s) have been scanned
    Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'LowLight.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'LVComS.exe' - '1' Module(s) have been scanned
    Scan process 'StartMessager.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    47 processes with 47 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'G:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    C:\WINDOWS\system32\efcyaxy.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\efcyaxy.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen

    The registry was scanned ( '43' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Caroline\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-42db2dea-68e3a961.zip
    [0] Archive type: ZIP
    --> BnnnnBaa.class
    [DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
    --> VaannnaaBaa.class
    [DETECTION] Is the Trojan horse TR/ClassLoader
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\System Volume Information\_restore{DE8E013D-DB8D-44E7-B9E4-B9FDBCA37222}\RP625\A0249637.exe
    [0] Archive type: ZIP SFX (self extracting)
    --> resource.0000.pkg
    [1] Archive type: ZIP
    --> RPCInstall_US.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    --> RPCInstall_INTL.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    --> ShopperReports.exe
    [DETECTION] Contains detection pattern of the dropper DR/Shopper.K.13
    --> osfreez118.exe
    [DETECTION] Contains detection pattern of the dropper DR/OneStep.A
    [INFO] The file was moved to '471dbe29.qua'!
    C:\System Volume Information\_restore{DE8E013D-DB8D-44E7-B9E4-B9FDBCA37222}\RP647\A0252772.dll
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was moved to '471dbe50.qua'!
    C:\System Volume Information\_restore{DE8E013D-DB8D-44E7-B9E4-B9FDBCA37222}\RP647\A0252775.exe
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '471dbe52.qua'!
    C:\System Volume Information\_restore{DE8E013D-DB8D-44E7-B9E4-B9FDBCA37222}\RP647\A0252776.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '471dbe54.qua'!
    C:\System Volume Information\_restore{DE8E013D-DB8D-44E7-B9E4-B9FDBCA37222}\RP647\A0253572.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.11776
    [INFO] The file was moved to '471dbe57.qua'!
    C:\System Volume Information\_restore{DE8E013D-DB8D-44E7-B9E4-B9FDBCA37222}\RP647\A0253595.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Nonaco.A.2
    [INFO] The file was moved to '471dbe59.qua'!
    C:\System Volume Information\_restore{DE8E013D-DB8D-44E7-B9E4-B9FDBCA37222}\RP647\A0253596.exe
    [DETECTION] Is the Trojan horse TR/Dldr.PurityScan.EG.8
    [INFO] The file was moved to '471dbe5b.qua'!
    C:\System Volume Information\_restore{DE8E013D-DB8D-44E7-B9E4-B9FDBCA37222}\RP647\A0253604.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
    [INFO] The file was moved to '471dbe5f.qua'!
    C:\System Volume Information\_restore{DE8E013D-DB8D-44E7-B9E4-B9FDBCA37222}\RP648\A0253631.dll
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was moved to '471dbe61.qua'!
    C:\System Volume Information\_restore{DE8E013D-DB8D-44E7-B9E4-B9FDBCA37222}\RP658\A0256558.exe
    [DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen
    [INFO] The file was moved to '471dbe8e.qua'!
    C:\WINDOWS\system32\efcyaxy.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\pmnkifd.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4759c3ef.qua'!
    C:\WINDOWS\system32\wvusrrr.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4760c410.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'G:\' <Sauvegarde>

    End of the scan: samedi 15 septembre 2007 13:39
    Used time: 1:41:26 min

    The scan has been done completely.

    8053 Scanning directories
    218857 Files were scanned
    16 viruses and/or unwanted programs were found
    3 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    12 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    218841 Files not concerned
    1244 Archives were scanned
    6 Warnings
    0 Notes
    0
  11. QuelBeauPseudo Messages postés 258 Date d'inscription   Statut Membre 32
     
    Bonjour.
    Dans antivir il y a une option pour la recherche de "rootkits" enclenche la.
    Va dans c/programs files/java et suprime le dossier java 1.5.0.3 normalement tu en a un autre qui s'appelle java 1.6.0 (tu le garde celui si), si (on sait jamais) java 1.6.0 n'est pas present n'efface pas java 1.5.0.3
    Bon vundo et antivir on fait du ménage mais 3 fichiers n'ont pas put etre scanné et une saloperie a ete detectée mais n'a pas put etre effacée car non trouvée, je croit que sa sent le rootkit.

    Donc refait un scan avec antivir (l'option antirootkit enclenchée cette fois si).
    Lance les scans de "F-secure blacklight" et de "Panda anti rootkits" que tu trouvera tous deux ici:
    securite

    Deja 12 trojan mis en quarantaine... Sacrée demo de jeu... Le but de jeu est de desinfecter le pc...
    0