Virus Win 32 conhok
matb65
-
matb65 -
matb65 -
Bonjour,
Cela fait plusieurs jours que mon ordi est infecté par le virus Win 32(Win 32 Conhook et Trojan downloader.conhook ak)après un recovry de mon ordi à sa config d'origine.
J'ais essayer plusieurs antivirus(avast, avg, bitdefender)mais rien y fait. a cuse du virus mon ordi rame et des que je connecte au web avast detecte le cheval de troie qui m'ouvre des pages
vers des soi disant antispyware qui contiennent plein de virus.
Pourriez vous m'aider à m'en débarasser.
Voila les differents rapport:
------- HijackThis v2.0.2
Scan saved at 19:25:47, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
O4 - HKLM\..\Run: [Windows update 55] zdqbucvsvb.exe
O4 - HKLM\..\Run: [Server Daemon Host Manager] C:\WINDOWS\System32\inetsrv\sdhost.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\gnvbuimp.dll",sitypnow
O4 - HKLM\..\RunServices: [Windows update 55] zdqbucvsvb.exe
O4 - HKLM\..\RunServices: [Server Daemon Host Manager] C:\WINDOWS\System32\inetsrv\sdhost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: c:\windows\system32\awvvsrq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Mat\Application Data\tmp9.tmp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 5177 bytes
--------------------------
BitDefender Online Scanner
Scan report generated at: Sun, Oct 21, 2007 - 20:41:11
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;
Statistics
Time
01:13:24
Files
172504
Folders
3571
Boot Sectors
4
Archives
6776
Packed Files
9268
Results
Identified Viruses
5
Infected Files
17
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
15
Engines Info
Virus Definitions
856860
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\0D2FGT67\gepj[1]
Infected with: Trojan.Vundo.DNR
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\0D2FGT67\gepj[1]
Disinfection failed
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\0D2FGT67\gepj[1]
Deleted
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\ODE3S56V\valera[1]
Infected with: Trojan.Fotomoto.E
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\ODE3S56V\valera[1]
Disinfection failed
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\ODE3S56V\valera[1]
Deleted
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\W9MBCD2F\gepj[1]
Infected with: Trojan.Vundo.DNR
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\W9MBCD2F\gepj[1]
Disinfection failed
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\W9MBCD2F\gepj[1]
Deleted
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008504.exe
Infected with: Backdoor.Irc.Sdbot.KC
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008504.exe
Disinfection failed
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008504.exe
Deleted
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008505.exe
Infected with: Backdoor.Irc.Sdbot.KC
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008505.exe
Disinfection failed
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008505.exe
Deleted
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008506.dll
Infected with: Trojan.Vundo.DNR
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008506.dll
Disinfection failed
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008506.dll
Deleted
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008507.dll
Infected with: Trojan.Vundo.DNR
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008507.dll
Disinfection failed
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008507.dll
Deleted
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008809.exe
Infected with: MemScan:Trojan.Fotomoto.A
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008809.exe
Disinfection failed
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008809.exe
Deleted
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008856.dll
Infected with: Trojan.Vundo.DNR
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008856.dll
Disinfection failed
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008856.dll
Deleted
C:\WINDOWS\system32\aiihjewn.dll
Infected with: Trojan.Vundo.DNR
C:\WINDOWS\system32\aiihjewn.dll
Disinfection failed
C:\WINDOWS\system32\aiihjewn.dll
Deleted
C:\WINDOWS\system32\gnvbuimp.dll
Infected with: Trojan.Vundo.DNR
C:\WINDOWS\system32\gnvbuimp.dll
Disinfection failed
C:\WINDOWS\system32\gnvbuimp.dll
Deleted
C:\WINDOWS\system32\lftif11n.dll
Clean
C:\WINDOWS\system32\lfwfx11n.dll
Clean
C:\WINDOWS\system32\licdll.dll
Clean
C:\WINDOWS\system32\licmgr10.dll
Clean
C:\WINDOWS\system32\licwmi.dll
Clean
C:\WINDOWS\system32\lights.exe
Clean
C:\WINDOWS\system32\linkinfo.dll
Clean
C:\WINDOWS\system32\ljjihij.dll
Clean
C:\WINDOWS\system32\lmhsvc.dll
Clean
C:\WINDOWS\system32\lmrt.dll
Clean
C:\WINDOWS\system32\LMRTREND.dll
Clean
C:\WINDOWS\system32\lnkstub.exe
Clean
C:\WINDOWS\system32\loadfix.com
Clean
C:\WINDOWS\system32\loadperf.dll
Clean
C:\WINDOWS\system32\locale.nls
Clean
C:\WINDOWS\system32\localsec.dll
Clean
C:\WINDOWS\system32\localspl.dll
Clean
C:\WINDOWS\system32\localui.dll
Clean
C:\WINDOWS\system32\locator.exe
Clean
C:\WINDOWS\system32\lodctr.exe
Clean
C:\WINDOWS\system32\logagent.exe
Clean
C:\WINDOWS\system32\loghours.dll
Clean
C:\WINDOWS\system32\logman.exe
Clean
C:\WINDOWS\system32\logoff.exe
Clean
C:\WINDOWS\system32\logon.scr
Clean
C:\WINDOWS\system32\logonui.exe
Clean
C:\WINDOWS\system32\lpk.dll
Clean
C:\WINDOWS\system32\lpq.exe
Clean
C:\WINDOWS\system32\lpr.exe
Clean
C:\WINDOWS\system32\lprhelp.dll
Clean
C:\WINDOWS\system32\lprmonui.dll
Clean
C:\WINDOWS\system32\lsasrv.dll
Clean
C:\WINDOWS\system32\lsass.exe
Clean
C:\WINDOWS\system32\lsdelete.exe
Clean
C:\WINDOWS\system32\LTDIS11n.dll
Clean
C:\WINDOWS\system32\ltefx11n.dll
Clean
C:\WINDOWS\system32\ltfil11n.DLL
Clean
C:\WINDOWS\system32\ltimg11n.dll
Clean
C:\WINDOWS\system32\mfghvtka.dll
Infected with: Trojan.Vundo.DNR
C:\WINDOWS\system32\mfghvtka.dll
Disinfection failed
C:\WINDOWS\system32\mfghvtka.dll
Deleted
C:\WINDOWS\system32\noykrecp.exe
Infected with: Trojan.Fotomoto.E
C:\WINDOWS\system32\noykrecp.exe
Disinfection failed
C:\WINDOWS\system32\noykrecp.exe
Deleted
C:\WINDOWS\system32\pmnnk.dll
Infected with: Generic.Virtumod.85C9DE5C
C:\WINDOWS\system32\pmnnk.dll
Disinfection failed
C:\WINDOWS\system32\pmnnk.dll
Delete failed
C:\WINDOWS\system32\tsylwynq.dll
Infected with: Trojan.Vundo.DNR
C:\WINDOWS\system32\tsylwynq.dll
Disinfection failed
C:\WINDOWS\system32\tsylwynq.dll
Deleted
C:\WINDOWS\system32\wpvgojgb.dll
Infected with: Trojan.Vundo.DNR
C:\WINDOWS\system32\wpvgojgb.dll
Disinfection failed
C:\WINDOWS\system32\wpvgojgb.dll
Delete failed
C:\WINDOWS\system32\xtdvdbtv.dll
Infected with: Trojan.Vundo.DNR
C:\WINDOWS\system32\xtdvdbtv.dll
Disinfection failed
C:\WINDOWS\system32\xtdvdbtv.dll
Deleted
------------------------
--------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 21:27:53 21/10/2007
+ Résultat de l'analyse:
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008799.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008800.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008801.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008802.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008803.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008804.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008805.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008806.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008807.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008808.exe -> Dropper.Small : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
Fin du rapport
Merci pour votre aide.
Cela fait plusieurs jours que mon ordi est infecté par le virus Win 32(Win 32 Conhook et Trojan downloader.conhook ak)après un recovry de mon ordi à sa config d'origine.
J'ais essayer plusieurs antivirus(avast, avg, bitdefender)mais rien y fait. a cuse du virus mon ordi rame et des que je connecte au web avast detecte le cheval de troie qui m'ouvre des pages
vers des soi disant antispyware qui contiennent plein de virus.
Pourriez vous m'aider à m'en débarasser.
Voila les differents rapport:
------- HijackThis v2.0.2
Scan saved at 19:25:47, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
O4 - HKLM\..\Run: [Windows update 55] zdqbucvsvb.exe
O4 - HKLM\..\Run: [Server Daemon Host Manager] C:\WINDOWS\System32\inetsrv\sdhost.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\gnvbuimp.dll",sitypnow
O4 - HKLM\..\RunServices: [Windows update 55] zdqbucvsvb.exe
O4 - HKLM\..\RunServices: [Server Daemon Host Manager] C:\WINDOWS\System32\inetsrv\sdhost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: c:\windows\system32\awvvsrq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Mat\Application Data\tmp9.tmp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 5177 bytes
--------------------------
BitDefender Online Scanner
Scan report generated at: Sun, Oct 21, 2007 - 20:41:11
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;
Statistics
Time
01:13:24
Files
172504
Folders
3571
Boot Sectors
4
Archives
6776
Packed Files
9268
Results
Identified Viruses
5
Infected Files
17
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
15
Engines Info
Virus Definitions
856860
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\0D2FGT67\gepj[1]
Infected with: Trojan.Vundo.DNR
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\0D2FGT67\gepj[1]
Disinfection failed
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\0D2FGT67\gepj[1]
Deleted
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\ODE3S56V\valera[1]
Infected with: Trojan.Fotomoto.E
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\ODE3S56V\valera[1]
Disinfection failed
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\ODE3S56V\valera[1]
Deleted
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\W9MBCD2F\gepj[1]
Infected with: Trojan.Vundo.DNR
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\W9MBCD2F\gepj[1]
Disinfection failed
C:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\W9MBCD2F\gepj[1]
Deleted
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008504.exe
Infected with: Backdoor.Irc.Sdbot.KC
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008504.exe
Disinfection failed
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008504.exe
Deleted
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008505.exe
Infected with: Backdoor.Irc.Sdbot.KC
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008505.exe
Disinfection failed
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008505.exe
Deleted
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008506.dll
Infected with: Trojan.Vundo.DNR
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008506.dll
Disinfection failed
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008506.dll
Deleted
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008507.dll
Infected with: Trojan.Vundo.DNR
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008507.dll
Disinfection failed
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP105\A0008507.dll
Deleted
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008809.exe
Infected with: MemScan:Trojan.Fotomoto.A
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008809.exe
Disinfection failed
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008809.exe
Deleted
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008856.dll
Infected with: Trojan.Vundo.DNR
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008856.dll
Disinfection failed
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008856.dll
Deleted
C:\WINDOWS\system32\aiihjewn.dll
Infected with: Trojan.Vundo.DNR
C:\WINDOWS\system32\aiihjewn.dll
Disinfection failed
C:\WINDOWS\system32\aiihjewn.dll
Deleted
C:\WINDOWS\system32\gnvbuimp.dll
Infected with: Trojan.Vundo.DNR
C:\WINDOWS\system32\gnvbuimp.dll
Disinfection failed
C:\WINDOWS\system32\gnvbuimp.dll
Deleted
C:\WINDOWS\system32\lftif11n.dll
Clean
C:\WINDOWS\system32\lfwfx11n.dll
Clean
C:\WINDOWS\system32\licdll.dll
Clean
C:\WINDOWS\system32\licmgr10.dll
Clean
C:\WINDOWS\system32\licwmi.dll
Clean
C:\WINDOWS\system32\lights.exe
Clean
C:\WINDOWS\system32\linkinfo.dll
Clean
C:\WINDOWS\system32\ljjihij.dll
Clean
C:\WINDOWS\system32\lmhsvc.dll
Clean
C:\WINDOWS\system32\lmrt.dll
Clean
C:\WINDOWS\system32\LMRTREND.dll
Clean
C:\WINDOWS\system32\lnkstub.exe
Clean
C:\WINDOWS\system32\loadfix.com
Clean
C:\WINDOWS\system32\loadperf.dll
Clean
C:\WINDOWS\system32\locale.nls
Clean
C:\WINDOWS\system32\localsec.dll
Clean
C:\WINDOWS\system32\localspl.dll
Clean
C:\WINDOWS\system32\localui.dll
Clean
C:\WINDOWS\system32\locator.exe
Clean
C:\WINDOWS\system32\lodctr.exe
Clean
C:\WINDOWS\system32\logagent.exe
Clean
C:\WINDOWS\system32\loghours.dll
Clean
C:\WINDOWS\system32\logman.exe
Clean
C:\WINDOWS\system32\logoff.exe
Clean
C:\WINDOWS\system32\logon.scr
Clean
C:\WINDOWS\system32\logonui.exe
Clean
C:\WINDOWS\system32\lpk.dll
Clean
C:\WINDOWS\system32\lpq.exe
Clean
C:\WINDOWS\system32\lpr.exe
Clean
C:\WINDOWS\system32\lprhelp.dll
Clean
C:\WINDOWS\system32\lprmonui.dll
Clean
C:\WINDOWS\system32\lsasrv.dll
Clean
C:\WINDOWS\system32\lsass.exe
Clean
C:\WINDOWS\system32\lsdelete.exe
Clean
C:\WINDOWS\system32\LTDIS11n.dll
Clean
C:\WINDOWS\system32\ltefx11n.dll
Clean
C:\WINDOWS\system32\ltfil11n.DLL
Clean
C:\WINDOWS\system32\ltimg11n.dll
Clean
C:\WINDOWS\system32\mfghvtka.dll
Infected with: Trojan.Vundo.DNR
C:\WINDOWS\system32\mfghvtka.dll
Disinfection failed
C:\WINDOWS\system32\mfghvtka.dll
Deleted
C:\WINDOWS\system32\noykrecp.exe
Infected with: Trojan.Fotomoto.E
C:\WINDOWS\system32\noykrecp.exe
Disinfection failed
C:\WINDOWS\system32\noykrecp.exe
Deleted
C:\WINDOWS\system32\pmnnk.dll
Infected with: Generic.Virtumod.85C9DE5C
C:\WINDOWS\system32\pmnnk.dll
Disinfection failed
C:\WINDOWS\system32\pmnnk.dll
Delete failed
C:\WINDOWS\system32\tsylwynq.dll
Infected with: Trojan.Vundo.DNR
C:\WINDOWS\system32\tsylwynq.dll
Disinfection failed
C:\WINDOWS\system32\tsylwynq.dll
Deleted
C:\WINDOWS\system32\wpvgojgb.dll
Infected with: Trojan.Vundo.DNR
C:\WINDOWS\system32\wpvgojgb.dll
Disinfection failed
C:\WINDOWS\system32\wpvgojgb.dll
Delete failed
C:\WINDOWS\system32\xtdvdbtv.dll
Infected with: Trojan.Vundo.DNR
C:\WINDOWS\system32\xtdvdbtv.dll
Disinfection failed
C:\WINDOWS\system32\xtdvdbtv.dll
Deleted
------------------------
--------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 21:27:53 21/10/2007
+ Résultat de l'analyse:
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008799.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008800.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008801.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008802.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008803.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008804.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008805.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008806.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008807.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP106\A0008808.exe -> Dropper.Small : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
C:\Documents and Settings\Mat\Cookies\mat@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
Fin du rapport
Merci pour votre aide.
Configuration: Windows XP Internet Explorer 6.0
A voir également:
- Virus Win 32 conhok
- Cle win 8.1 - Guide
- 32 bits - Guide
- Power iso 32 bit - Télécharger - Gravure
- Win rar - Télécharger - Compression & Décompression
- Virus mcafee - Accueil - Piratage
2 réponses
Salut,
coche et fait fix checked :
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
O4 - HKLM\..\Run: [Windows update 55] zdqbucvsvb.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\gnvbuimp.dll",sitypnow
O4 - HKLM\..\RunServices: [Windows update 55] zdqbucvsvb.exe
O20 - AppInit_DLLs: c:\windows\system32\awvvsrq.dll
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Mat\Application Data\tmp9.tmp.exe (file missing)
Redemarre et supprime ( des fichiers peuvente etre caché pour ca : outils-option-affichage puis afficher les dossiers et fichiers cachés.) :
C:\WINDOWS\System32\csrs.exe
C:\WINDOWS\system32\gnvbuimp.dll
c:\windows\system32\awvvsrq.dll
recherche : zdqbucvsvb.exe
désactive la restauration systeme : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924
connecte toi sur :
https://www.eset.com/
ensuite : Scanner en ligne.
Coche la case et puis clique sur start.
Accepte l'active X
Coche les 2 options du scan et fait un scan complet.
coche et fait fix checked :
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
O4 - HKLM\..\Run: [Windows update 55] zdqbucvsvb.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\gnvbuimp.dll",sitypnow
O4 - HKLM\..\RunServices: [Windows update 55] zdqbucvsvb.exe
O20 - AppInit_DLLs: c:\windows\system32\awvvsrq.dll
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Mat\Application Data\tmp9.tmp.exe (file missing)
Redemarre et supprime ( des fichiers peuvente etre caché pour ca : outils-option-affichage puis afficher les dossiers et fichiers cachés.) :
C:\WINDOWS\System32\csrs.exe
C:\WINDOWS\system32\gnvbuimp.dll
c:\windows\system32\awvvsrq.dll
recherche : zdqbucvsvb.exe
désactive la restauration systeme : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924
connecte toi sur :
https://www.eset.com/
ensuite : Scanner en ligne.
Coche la case et puis clique sur start.
Accepte l'active X
Coche les 2 options du scan et fait un scan complet.
Tout d'abord merci pour ta réponse.
j'ais juste une petite question:
Qu'entend tu part "coche et fixe checked". Je ne suis pas tres fort en informatique et je sias pas ce que c'est.
Merci