Problème avec Win32:Sramler-J [Trj]

Résolu
jojo_67 Messages postés 35 Statut Membre -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,tout le monde
jai un problème avec Win32:Sramler-J [Trj] il aparait a chaque fois que je me connect a internet ou a chaque fois que jouvre une page la google. Qui pourrait m'aider plz
Configuration: Windows XP
Internet Explorer 6.0

41 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Le fil décrit une détection récurrente de Win32:Sramler-J [Trj] lors de la connexion Internet ou de l'ouverture de pages, sur Windows XP avec Internet Explorer 6, posant un problème de malware. Plusieurs interventions proposent des outils de détection et de suppression, notamment VundoFix pour les variantes Vundo, HijackThis pour analyser les entrées de démarrage et ComboFix pour nettoyer les traces. En cas de doute, des scans en ligne (BitDefender Online Scanner) et des recommandations comme nettoyer la base de registre avec CCleaner et réinstaller les programmes concernés reviennent fréquemment. Enfin, certaines sources indiquent que le redémarrage et la vérification des entrées autorun ou des fichiers temporaires peuvent être nécessaires pour assurer la suppression complète.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    Télécharge ceci :

    Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

    Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

    ++
    0
  2. jojo_67 Messages postés 35 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:28:53, on 08/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\wpssvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows Logical Driver] wpssvc.exe
    O4 - HKLM\..\Run: [b4c641dc] rundll32.exe "C:\WINDOWS\system32\ylxvxvpa.dll",b
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E5CB2E7-738F-4753-A455-BCA34FDE39FD}: NameServer = 86.64.145.148 84.103.237.148
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, fais un clic droit sur hijackthis.exe < renommer et nomme le CCM.exe

    puis poste un nouveau rapport stp

    ++
    0
  4. jojo_67 Messages postés 35 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:52:29, on 08/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\wpssvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Steam\Steam.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows Logical Driver] wpssvc.exe
    O4 - HKLM\..\Run: [b4c641dc] rundll32.exe "C:\WINDOWS\system32\ylxvxvpa.dll",b
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E5CB2E7-738F-4753-A455-BCA34FDE39FD}: NameServer = 86.64.145.146 84.103.237.146
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    veut pas se renommer ?! :/

    Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarrer en mode sans echec
    * Double cliquer combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt, poste le stp

    ++

    0
  7. jojo_67 Messages postés 35 Statut Membre
     
    c'est celui la???

    ComboFix 07-12-08.1 - cueff 2007-12-08 15:31:03.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.195 [GMT 1:00]
    Running from: C:\Documents and Settings\cueff\Mes documents\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-08 14:11 . 2006-06-22 17:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2007-12-08 14:11 . 2006-06-22 17:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2007-12-08 14:11 . 2006-06-22 15:51 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2007-12-08 14:11 . 2006-06-22 17:47 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2007-12-08 14:11 . 2006-06-22 17:47 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2007-12-08 14:11 . 2006-06-22 17:47 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2007-12-08 14:11 . 2006-06-22 17:47 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2007-12-08 10:47 . 2007-12-08 10:47 107 --a------ C:\WINDOWS\wininit.ini
    2007-12-08 10:09 . 2007-12-08 15:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-06 19:49 . 2007-12-08 09:29 831,777 ---hs---- C:\WINDOWS\system32\upagwauu.ini
    2007-12-04 15:57 . 2007-12-04 15:58 2,298 --a------ C:\WINDOWS\system32\tmp.reg
    2007-12-04 15:56 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-12-04 15:56 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-12-04 15:56 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-12-04 15:56 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-12-04 15:56 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-12-03 20:30 . 2007-12-04 13:09 354 ---hs---- C:\WINDOWS\system32\dsmxjxwr.ini
    2007-12-02 20:24 . 2007-12-03 19:09 794,291 ---hs---- C:\WINDOWS\system32\upquncxh.ini
    2007-12-01 20:21 . 2007-12-02 20:21 793,844 ---hs---- C:\WINDOWS\system32\csaqxmdr.ini
    2007-11-30 20:18 . 2007-12-01 18:03 794,684 ---hs---- C:\WINDOWS\system32\kcpjcqka.ini
    2007-11-29 20:16 . 2007-11-30 20:17 835,017 ---hs---- C:\WINDOWS\system32\rhyyrbrb.ini
    2007-11-29 18:38 . 2007-11-29 18:38 <REP> d-------- C:\Program Files\Realtek Sound Manager
    2007-11-29 18:37 . 2007-11-29 18:37 <REP> d-------- C:\Program Files\Realtek AC97
    2007-11-29 18:37 . 2007-11-29 18:37 <REP> d-------- C:\Program Files\AvRack
    2007-11-28 20:16 . 2007-11-29 18:41 790,054 ---hs---- C:\WINDOWS\system32\ywbjbcuy.ini
    2007-11-27 18:29 . 2007-11-29 17:44 <REP> d-------- C:\VundoFix Backups
    2007-11-27 17:05 . 2007-11-28 17:05 784,546 ---hs---- C:\WINDOWS\system32\yxcunwux.ini
    2007-11-25 22:07 . 2007-11-25 16:24 10,752 -r-hs---- C:\WINDOWS\system32\wpssvc.exe
    2007-11-21 15:06 . 2007-11-21 15:06 <REP> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
    2007-11-21 15:06 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
    2007-11-21 15:05 . 2006-03-21 15:49 2,729,472 --a------ C:\WINDOWS\system32\fun_avcodec.dll
    2007-11-21 15:05 . 2006-04-18 16:32 684,032 --a------ C:\WINDOWS\system32\fun_mp4_enc.dll
    2007-11-21 15:05 . 2006-04-11 16:49 671,744 --a------ C:\WINDOWS\system32\FunDecFilter.ax
    2007-11-21 15:05 . 2006-04-11 13:13 532,480 --a------ C:\WINDOWS\system32\FunEncFilter.ax
    2007-11-21 15:05 . 2006-04-06 11:28 77,824 --a------ C:\WINDOWS\system32\fun_mp4_dec.dll
    2007-11-21 15:01 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Sample.ico
    2007-11-21 14:57 . 2007-11-21 14:57 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2007-11-21 14:57 . 2007-11-21 14:57 <REP> d-------- C:\Program Files\Samsung
    2007-11-21 14:57 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2007-11-21 14:57 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
    2007-11-21 14:57 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Driver.ico
    2007-11-21 14:57 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2007-11-21 14:57 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2007-11-21 14:57 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
    2007-11-21 14:57 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2007-11-21 14:57 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
    2007-11-10 10:43 . 2007-09-06 12:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-11-10 10:42 . 2007-09-06 12:09 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-11-10 10:42 . 2007-09-06 12:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-11-10 10:42 . 2007-09-06 12:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-11-10 10:42 . 2007-09-06 12:05 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-11-10 10:42 . 2007-09-06 12:02 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-11-10 10:42 . 2007-09-06 12:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-08 14:27 --------- d-----w C:\Program Files\Steam
    2007-12-08 12:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-08 11:11 --------- d-----w C:\Program Files\eMule
    2007-12-08 09:47 --------- d-----w C:\Program Files\CasinoOnNet
    2007-12-01 08:32 --------- d-----w C:\Program Files\Google
    2007-11-29 16:33 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-11-03 11:16 --------- d-----w C:\Program Files\DivX
    2007-10-27 07:35 --------- d-----w C:\Program Files\Java
    2007-10-20 10:01 --------- d-----w C:\Program Files\Trend Micro
    2007-10-17 17:47 --------- d-----w C:\Program Files\Windows Media Connect 2
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-08_15.14.11.38 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-12-08 14:26:24 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_598.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 11:46]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-10-25 13:21]
    "Steam"="c:\program files\steam\steam.exe" [2007-11-30 18:20]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2005-06-20 14:42 C:\WINDOWS\SOUNDMAN.EXE]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 10:03]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
    "Windows Logical Driver"="wpssvc.exe" [2007-11-25 16:24 C:\WINDOWS\system32\wpssvc.exe]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 00:17:18]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58]
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]

    R2 SetupNT;SetupNT;C:\WINDOWS\system32\SetupNT.sys
    S3 AIDA32Driver;AIDA32Driver;\??\C:\Program Files\AIDA32 - Personal System Information\aida32.sys
    S3 gel90xne;gel90xne;\??\C:\DOCUME~1\cueff\LOCALS~1\Temp\gel90xne.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2006-10-20 10:23:27 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1152785938.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\DOCUME~1\cueff\LOCALS~1\Temp\epguqesb.dll
    .
    **************************************************************************

    catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-08 15:32:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-08 15:33:36
    C:\ComboFix2.txt ... 2007-12-08 15:15
    .
    --- E O F ---
    0
  8. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    oui, c'est bien ça, pas mal de bébéttes ...

    Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

    * Double-cliquer sur VundoFix.exe afin de le lancer.
    * Cliquer sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
    * Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
    * Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
    * Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

    ++
    0
  9. jojo_67 Messages postés 35 Statut Membre
     
    quand vundofix a fini son scan il me mes
    "done searching for files" je click sur "ok" je nai pa le choi il y a que "ok" et aprè avoir clicker il me mes "done searching for files. No infected file were found"et aprè vundofix s'enlève et rien ne se passe.
    je sais pas si c'est bon signe ou pas ??
    0
  10. jojo_67 Messages postés 35 Statut Membre
     
    voila le rapport de vundofix enfin je pense =)

    VundoFix V6.6.2

    Checking Java version...

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 18:29:05 27/11/2007

    Listing files found while scanning....

    C:\windows\system32\elqagupc.dll
    C:\WINDOWS\system32\itvezqxc.dll
    C:\windows\system32\itvezqxc.dllbox

    Beginning removal...

    Attempting to delete C:\windows\system32\elqagupc.dll
    C:\windows\system32\elqagupc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\itvezqxc.dll
    C:\WINDOWS\system32\itvezqxc.dll Has been deleted!

    Attempting to delete C:\windows\system32\itvezqxc.dllbox
    C:\windows\system32\itvezqxc.dllbox Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.6.2

    Checking Java version...

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 17:38:24 29/11/2007

    Listing files found while scanning....

    C:\windows\system32\wfumrhlu.dll
    C:\WINDOWS\system32\zozycipa.dll
    C:\windows\system32\zozycipa.dllbox

    Beginning removal...

    Attempting to delete C:\windows\system32\wfumrhlu.dll
    C:\windows\system32\wfumrhlu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\zozycipa.dll
    C:\WINDOWS\system32\zozycipa.dll Has been deleted!

    Attempting to delete C:\windows\system32\zozycipa.dllbox
    C:\windows\system32\zozycipa.dllbox Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.0

    Checking Java version...

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 16:05:23 08/12/2007

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...

    VundoFix V6.7.0

    Checking Java version...

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 16:25:48 08/12/2007

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...
    0
  11. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    très bien

    poste un nouveau hijack stp

    ++
    0
  12. jojo_67 Messages postés 35 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:08:34, on 08/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\wpssvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Steam\Steam.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows Logical Driver] wpssvc.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E5CB2E7-738F-4753-A455-BCA34FDE39FD}: NameServer = 84.103.237.143 86.64.145.143
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    0
  13. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, fais ce qui est indiqué ici stp :

    http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

    ++
    0
  14. jojo_67 Messages postés 35 Statut Membre
     
    c'est bon jai lu
    et j'ai du télécharger 2 logiciel donc c'est régler non?
    0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ???
    0
  16. jojo_67 Messages postés 35 Statut Membre
     
    qu'est-ce que je dois faire sur se site??
    0
  17. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Ccleaner puis avg et le scan en ligne stp

    ++
    0
  18. jojo_67
     
    voila le rapport de avg je sui entrin de faire le scan en ligne je t'envérer l'autre rapport quand le scan sera fini

    -------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 18:50:11 08/12/2007

    + Résultat de l'analyse:

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132406.dll -> Not-A-Virus.PornDownloader.Win32.HotTV.a : Nettoyé.
    C:\qoobox\Quarantine\C\WINDOWS\system32\HotTVPlayer.dll.vir -> Not-A-Virus.PornDownloader.Win32.HotTV.a : Nettoyé.

    Fin du rapport
    0
  19. jojo_67 Messages postés 35 Statut Membre
     
    voila le rapport du scan

    BitDefender Online Scanner

    Scan report generated at: Sat, Dec 08, 2007 - 19:59:25

    Scan path: A:\;C:\;D:\;E:\;

    Statistics

    Time
    01:02:16

    Files
    198244

    Folders
    4980

    Boot Sectors
    2

    Archives
    2650

    Packed Files
    9116

    Results

    Identified Viruses
    13

    Infected Files
    48

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    47

    Engines Info

    Virus Definitions
    880847

    Engine build
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Documents and Settings\cueff\Mes documents\Mes fichiers reçus\image12.zip=>image12-www.photobucket.com
    Infected with: Trojan.Peed.Gen

    C:\Documents and Settings\cueff\Mes documents\Mes fichiers reçus\image12.zip=>image12-www.photobucket.com
    Disinfection failed

    C:\Documents and Settings\cueff\Mes documents\Mes fichiers reçus\image12.zip=>image12-www.photobucket.com
    Deleted

    C:\Documents and Settings\cueff\Mes documents\Mes fichiers reçus\image12.zip
    Updated

    C:\Program Files\Alwil Software\Avast4\DATA\moved\35.exe.vir
    Infected with: Generic.Sdbot.995DBF95

    C:\Program Files\Alwil Software\Avast4\DATA\moved\35.exe.vir
    Deleted

    C:\Program Files\Trend Micro\HijackThis\backups\backup-20071203-193256-751.dll
    Infected with: Trojan.Vundo.DRV

    C:\Program Files\Trend Micro\HijackThis\backups\backup-20071203-193256-751.dll
    Disinfection failed

    C:\Program Files\Trend Micro\HijackThis\backups\backup-20071203-193256-751.dll
    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\byxurpm.dll.vir
    Infected with: Trojan.Vundo.DRU

    C:\qoobox\Quarantine\C\WINDOWS\system32\byxurpm.dll.vir
    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\byxurpm.dll.vir
    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\ddcawvs.dll.vir
    Infected with: Trojan.Vundo.DRU

    C:\qoobox\Quarantine\C\WINDOWS\system32\ddcawvs.dll.vir
    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\ddcawvs.dll.vir
    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\dsdfaors.dll.vir
    Infected with: Trojan.Vundo.DRL

    C:\qoobox\Quarantine\C\WINDOWS\system32\dsdfaors.dll.vir
    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\dsdfaors.dll.vir
    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\ipglncyf.dll.vir
    Infected with: Trojan.Vundo.DRR

    C:\qoobox\Quarantine\C\WINDOWS\system32\ipglncyf.dll.vir
    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\ipglncyf.dll.vir
    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\jkkkkii.dll.vir
    Infected with: Trojan.Vundo.DRU

    C:\qoobox\Quarantine\C\WINDOWS\system32\jkkkkii.dll.vir
    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\jkkkkii.dll.vir
    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\ljjgday.dll.vir
    Infected with: Trojan.Vundo.DRU

    C:\qoobox\Quarantine\C\WINDOWS\system32\ljjgday.dll.vir
    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\ljjgday.dll.vir
    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\ljjkjhg.dll.vir
    Infected with: Trojan.Vundo.DRU

    C:\qoobox\Quarantine\C\WINDOWS\system32\ljjkjhg.dll.vir
    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\ljjkjhg.dll.vir
    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\mlstdrrg.dll.vir
    Infected with: Trojan.Vundo.DRT

    C:\qoobox\Quarantine\C\WINDOWS\system32\mlstdrrg.dll.vir
    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\mlstdrrg.dll.vir
    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\qommlif.dll.vir
    Infected with: Trojan.Vundo.DRU

    C:\qoobox\Quarantine\C\WINDOWS\system32\qommlif.dll.vir
    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\qommlif.dll.vir
    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\wlgrioxp.dll.vir
    Infected with: Trojan.Vundo.DRS

    C:\qoobox\Quarantine\C\WINDOWS\system32\wlgrioxp.dll.vir
    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\wlgrioxp.dll.vir
    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\wvusrpo.dll.vir
    Infected with: Trojan.Vundo.DRU

    C:\qoobox\Quarantine\C\WINDOWS\system32\wvusrpo.dll.vir
    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\wvusrpo.dll.vir
    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\ylxvxvpa.dll.vir
    Infected with: Trojan.Vundo.DRT

    C:\qoobox\Quarantine\C\WINDOWS\system32\ylxvxvpa.dll.vir
    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\ylxvxvpa.dll.vir
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP411\A0105958.exe
    Detected with: Adware.Navipromo.BYZ

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP411\A0105958.exe
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP411\A0105958.exe
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP423\A0109043.exe
    Detected with: Adware.Navipromo.BZC

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP423\A0109043.exe
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP423\A0109043.exe
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP427\A0112797.dll
    Infected with: Trojan.Vundo.DQO

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP427\A0112797.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP427\A0112797.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP430\A0113267.dll
    Infected with: Trojan.Vundo.DQO

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP430\A0113267.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP430\A0113267.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP430\A0113416.dll
    Infected with: Trojan.Vundo.DQO

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP430\A0113416.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP430\A0113416.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP431\A0115565.dll
    Infected with: Trojan.Vundo.DQO

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP431\A0115565.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP431\A0115565.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP431\A0118607.dll
    Infected with: Trojan.Vundo.DRV

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP431\A0118607.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP431\A0118607.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP433\A0121004.dll
    Infected with: Trojan.Vundo.DQO

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP433\A0121004.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP433\A0121004.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP433\A0121011.dll
    Infected with: Trojan.Vundo.DQO

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP433\A0121011.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP433\A0121011.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128180.dll
    Infected with: Trojan.Vundo.DRT

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128180.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128180.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128193.dll
    Infected with: Trojan.Vundo.DQO

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128193.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128193.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128194.exe
    Infected with: Trojan.Fotomoto.F

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128194.exe
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128194.exe
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128195.exe
    Infected with: Trojan.Fotomoto.F

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128195.exe
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128195.exe
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128196.exe
    Infected with: Trojan.Fotomoto.F

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128196.exe
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128196.exe
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128197.exe
    Infected with: Trojan.Fotomoto.F

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128197.exe
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128197.exe
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128198.exe
    Infected with: Trojan.Fotomoto.F

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128198.exe
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128198.exe
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128199.exe
    Infected with: Trojan.Fotomoto.F

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128199.exe
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128199.exe
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128200.exe
    Infected with: Trojan.Fotomoto.F

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128200.exe
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128200.exe
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128218.exe
    Infected with: Trojan.Agent.AGBD

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128218.exe
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128218.exe
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132367.dll
    Infected with: Trojan.Vundo.DRU

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132367.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132367.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132369.dll
    Infected with: Trojan.Vundo.DRU

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132369.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132369.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132370.dll
    Infected with: Trojan.Vundo.DRL

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132370.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132370.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132376.dll
    Infected with: Trojan.Vundo.DRR

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132376.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132376.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132377.dll
    Infected with: Trojan.Vundo.DRU

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132377.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132377.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132379.dll
    Infected with: Trojan.Vundo.DRU

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132379.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132379.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132381.dll
    Infected with: Trojan.Vundo.DRU

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132381.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132381.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132384.dll
    Infected with: Trojan.Vundo.DRT

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132384.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132384.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132387.dll
    Infected with: Trojan.Vundo.DRU

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132387.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132387.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132391.dll
    Infected with: Trojan.Vundo.DRS

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132391.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132391.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132393.dll
    Infected with: Trojan.Vundo.DRU

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132393.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132393.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132397.dll
    Infected with: Trojan.Vundo.DRT

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132397.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132397.dll
    Deleted

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP437\A0132857.dll
    Infected with: Trojan.Vundo.DRV

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP437\A0132857.dll
    Disinfection failed

    C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP437\A0132857.dll
    Deleted

    C:\WINDOWS\system32\wpssvc.exe
    Infected with: Trojan.Peed.Gen

    C:\WINDOWS\system32\wpssvc.exe
    Disinfection failed

    C:\WINDOWS\system32\wpssvc.exe
    Delete failed
    0
  20. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    bon nettoyage !

    fais un nouveau scan avec combo et poste le stp

    ++
    0
  21. jojo_67 Messages postés 35 Statut Membre
     
    ComboFix 07-12-08.1 - cueff 2007-12-08 20:16:51.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.189 [GMT 1:00]
    Running from: C:\Documents and Settings\cueff\Mes documents\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\ddaxw.dll
    C:\WINDOWS\system32\iifgday.dll
    C:\WINDOWS\system32\wvusron.dll
    C:\WINDOWS\system32\wxadd.ini
    C:\WINDOWS\system32\wxadd.ini2
    C:\WINDOWS\system32\xxywwvw.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-08 18:55 . 2007-12-08 18:55 <REP> d-------- C:\WINDOWS\LastGood.Tmp
    2007-12-08 18:55 . 2007-12-08 19:59 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-12-08 17:24 . 2007-12-08 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2007-12-08 17:21 . 2007-12-08 17:21 <REP> d-------- C:\Program Files\Yahoo!
    2007-12-08 17:21 . 2007-12-08 17:21 <REP> d-------- C:\Program Files\CCleaner
    2007-12-08 17:18 . 2007-12-08 17:18 <REP> d-------- C:\Documents and Settings\cueff\Application Data\Grisoft
    2007-12-08 17:18 . 2007-12-08 17:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-08 17:18 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-12-08 14:11 . 2006-06-22 17:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2007-12-08 14:11 . 2006-06-22 17:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2007-12-08 14:11 . 2006-06-22 15:51 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2007-12-08 14:11 . 2006-06-22 17:47 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2007-12-08 14:11 . 2006-06-22 17:47 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2007-12-08 14:11 . 2006-06-22 17:47 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2007-12-08 14:11 . 2006-06-22 17:47 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2007-12-08 10:47 . 2007-12-08 10:47 107 --a------ C:\WINDOWS\wininit.ini
    2007-12-08 10:09 . 2007-12-08 15:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-06 19:49 . 2007-12-08 09:29 831,777 ---hs---- C:\WINDOWS\system32\upagwauu.ini
    2007-12-04 15:57 . 2007-12-04 15:58 2,298 --a------ C:\WINDOWS\system32\tmp.reg
    2007-12-04 15:56 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-12-04 15:56 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-12-04 15:56 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-12-04 15:56 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-12-04 15:56 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-12-03 20:30 . 2007-12-04 13:09 354 ---hs---- C:\WINDOWS\system32\dsmxjxwr.ini
    2007-12-02 20:24 . 2007-12-03 19:09 794,291 ---hs---- C:\WINDOWS\system32\upquncxh.ini
    2007-12-01 20:21 . 2007-12-02 20:21 793,844 ---hs---- C:\WINDOWS\system32\csaqxmdr.ini
    2007-11-30 20:18 . 2007-12-01 18:03 794,684 ---hs---- C:\WINDOWS\system32\kcpjcqka.ini
    2007-11-29 20:16 . 2007-11-30 20:17 835,017 ---hs---- C:\WINDOWS\system32\rhyyrbrb.ini
    2007-11-29 18:38 . 2007-11-29 18:38 <REP> d-------- C:\Program Files\Realtek Sound Manager
    2007-11-29 18:37 . 2007-11-29 18:37 <REP> d-------- C:\Program Files\Realtek AC97
    2007-11-29 18:37 . 2007-11-29 18:37 <REP> d-------- C:\Program Files\AvRack
    2007-11-28 20:16 . 2007-11-29 18:41 790,054 ---hs---- C:\WINDOWS\system32\ywbjbcuy.ini
    2007-11-27 18:29 . 2007-12-08 16:05 <REP> d-------- C:\VundoFix Backups
    2007-11-27 17:05 . 2007-11-28 17:05 784,546 ---hs---- C:\WINDOWS\system32\yxcunwux.ini
    2007-11-25 22:07 . 2007-11-25 16:24 10,752 ---hs---- C:\WINDOWS\system32\wpssvc.exe
    2007-11-21 15:06 . 2007-11-21 15:06 <REP> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
    2007-11-21 15:06 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
    2007-11-21 15:05 . 2006-03-21 15:49 2,729,472 --a------ C:\WINDOWS\system32\fun_avcodec.dll
    2007-11-21 15:05 . 2006-04-18 16:32 684,032 --a------ C:\WINDOWS\system32\fun_mp4_enc.dll
    2007-11-21 15:05 . 2006-04-11 16:49 671,744 --a------ C:\WINDOWS\system32\FunDecFilter.ax
    2007-11-21 15:05 . 2006-04-11 13:13 532,480 --a------ C:\WINDOWS\system32\FunEncFilter.ax
    2007-11-21 15:05 . 2006-04-06 11:28 77,824 --a------ C:\WINDOWS\system32\fun_mp4_dec.dll
    2007-11-21 15:01 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Sample.ico
    2007-11-21 14:57 . 2007-11-21 14:57 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2007-11-21 14:57 . 2007-11-21 14:57 <REP> d-------- C:\Program Files\Samsung
    2007-11-21 14:57 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2007-11-21 14:57 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
    2007-11-21 14:57 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Driver.ico
    2007-11-21 14:57 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2007-11-21 14:57 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2007-11-21 14:57 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
    2007-11-21 14:57 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2007-11-21 14:57 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
    2007-11-10 10:43 . 2007-09-06 12:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-11-10 10:42 . 2007-09-06 12:09 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-11-10 10:42 . 2007-09-06 12:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-11-10 10:42 . 2007-09-06 12:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-11-10 10:42 . 2007-09-06 12:05 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-11-10 10:42 . 2007-09-06 12:02 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-11-10 10:42 . 2007-09-06 12:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-08 19:25 --------- d-----w C:\Program Files\Steam
    2007-12-08 12:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-08 11:11 --------- d-----w C:\Program Files\eMule
    2007-12-08 09:47 --------- d-----w C:\Program Files\CasinoOnNet
    2007-12-01 08:32 --------- d-----w C:\Program Files\Google
    2007-11-29 16:33 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-11-03 11:16 --------- d-----w C:\Program Files\DivX
    2007-10-27 07:35 --------- d-----w C:\Program Files\Java
    2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2007-10-20 10:01 --------- d-----w C:\Program Files\Trend Micro
    2007-10-17 17:47 --------- d-----w C:\Program Files\Windows Media Connect 2
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-08_15.14.11.38 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-12-08 17:56:01 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
    + 2007-12-08 17:56:01 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
    + 2007-12-08 17:56:01 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
    + 2007-12-08 17:56:04 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
    + 2007-10-25 09:26:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
    + 2007-10-25 09:26:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
    + 2007-12-08 17:56:04 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
    + 2007-12-08 17:56:01 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
    + 2007-10-25 09:26:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
    + 2007-10-25 09:26:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
    + 2007-12-08 19:25:09 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5ac.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 11:46]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-10-25 13:21]
    "Steam"="c:\program files\steam\steam.exe" [2007-11-30 18:20]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2005-06-20 14:42 C:\WINDOWS\SOUNDMAN.EXE]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 10:03]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
    "Windows Logical Driver"="wpssvc.exe" [2007-11-25 16:24 C:\WINDOWS\system32\wpssvc.exe]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]
    "{B285004D-6D02-4212-91FC-B8F47B68C254}"= C:\WINDOWS\system32\xxywwvw.dll [ ]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2006-10-20 10:23:27 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1152785938.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\DOCUME~1\cueff\LOCALS~1\Temp\epguqesb.dll
    .
    **************************************************************************

    catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-08 20:26:07
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-12-08 20:27:58 - machine was rebooted
    C:\ComboFix2.txt ... 2007-12-08 15:33
    C:\ComboFix3.txt ... 2007-12-08 15:15
    .
    --- E O F ---
    0
  • 1
  • 2
  • 3