Problème avec Win32:Sramler-J [Trj]

Résolu
jojo_67 Messages postés 35 Date d'inscription   Statut Membre Dernière intervention   -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,tout le monde
jai un problème avec Win32:Sramler-J [Trj] il aparait a chaque fois que je me connect a internet ou a chaque fois que jouvre une page la google. Qui pourrait m'aider plz

41 réponses

Réponse 1 / 41
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 163
 
Salut

Télécharge ceci :

Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

++
0
Réponse 2 / 41
jojo_67 Messages postés 35 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:53, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wpssvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Logical Driver] wpssvc.exe
O4 - HKLM\..\Run: [b4c641dc] rundll32.exe "C:\WINDOWS\system32\ylxvxvpa.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E5CB2E7-738F-4753-A455-BCA34FDE39FD}: NameServer = 86.64.145.148 84.103.237.148
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
0
Réponse 3 / 41
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 163
 
ok, fais un clic droit sur hijackthis.exe < renommer et nomme le CCM.exe

puis poste un nouveau rapport stp

++
0
Réponse 4 / 41
jojo_67 Messages postés 35 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:29, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wpssvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Logical Driver] wpssvc.exe
O4 - HKLM\..\Run: [b4c641dc] rundll32.exe "C:\WINDOWS\system32\ylxvxvpa.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E5CB2E7-738F-4753-A455-BCA34FDE39FD}: NameServer = 86.64.145.146 84.103.237.146
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 41
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 163
 
veut pas se renommer ?! :/

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp


++

0
Réponse 6 / 41
jojo_67 Messages postés 35 Date d'inscription   Statut Membre Dernière intervention  
 
c'est celui la???


ComboFix 07-12-08.1 - cueff 2007-12-08 15:31:03.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.195 [GMT 1:00]
Running from: C:\Documents and Settings\cueff\Mes documents\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))))))))
.

2007-12-08 14:11 . 2006-06-22 17:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-08 14:11 . 2006-06-22 17:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-08 14:11 . 2006-06-22 15:51 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-12-08 14:11 . 2006-06-22 17:47 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-08 14:11 . 2006-06-22 17:47 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-08 14:11 . 2006-06-22 17:47 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-08 14:11 . 2006-06-22 17:47 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-08 10:47 . 2007-12-08 10:47 107 --a------ C:\WINDOWS\wininit.ini
2007-12-08 10:09 . 2007-12-08 15:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-06 19:49 . 2007-12-08 09:29 831,777 ---hs---- C:\WINDOWS\system32\upagwauu.ini
2007-12-04 15:57 . 2007-12-04 15:58 2,298 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-04 15:56 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-04 15:56 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-04 15:56 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-04 15:56 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-04 15:56 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-03 20:30 . 2007-12-04 13:09 354 ---hs---- C:\WINDOWS\system32\dsmxjxwr.ini
2007-12-02 20:24 . 2007-12-03 19:09 794,291 ---hs---- C:\WINDOWS\system32\upquncxh.ini
2007-12-01 20:21 . 2007-12-02 20:21 793,844 ---hs---- C:\WINDOWS\system32\csaqxmdr.ini
2007-11-30 20:18 . 2007-12-01 18:03 794,684 ---hs---- C:\WINDOWS\system32\kcpjcqka.ini
2007-11-29 20:16 . 2007-11-30 20:17 835,017 ---hs---- C:\WINDOWS\system32\rhyyrbrb.ini
2007-11-29 18:38 . 2007-11-29 18:38 <REP> d-------- C:\Program Files\Realtek Sound Manager
2007-11-29 18:37 . 2007-11-29 18:37 <REP> d-------- C:\Program Files\Realtek AC97
2007-11-29 18:37 . 2007-11-29 18:37 <REP> d-------- C:\Program Files\AvRack
2007-11-28 20:16 . 2007-11-29 18:41 790,054 ---hs---- C:\WINDOWS\system32\ywbjbcuy.ini
2007-11-27 18:29 . 2007-11-29 17:44 <REP> d-------- C:\VundoFix Backups
2007-11-27 17:05 . 2007-11-28 17:05 784,546 ---hs---- C:\WINDOWS\system32\yxcunwux.ini
2007-11-25 22:07 . 2007-11-25 16:24 10,752 -r-hs---- C:\WINDOWS\system32\wpssvc.exe
2007-11-21 15:06 . 2007-11-21 15:06 <REP> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-11-21 15:06 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-21 15:05 . 2006-03-21 15:49 2,729,472 --a------ C:\WINDOWS\system32\fun_avcodec.dll
2007-11-21 15:05 . 2006-04-18 16:32 684,032 --a------ C:\WINDOWS\system32\fun_mp4_enc.dll
2007-11-21 15:05 . 2006-04-11 16:49 671,744 --a------ C:\WINDOWS\system32\FunDecFilter.ax
2007-11-21 15:05 . 2006-04-11 13:13 532,480 --a------ C:\WINDOWS\system32\FunEncFilter.ax
2007-11-21 15:05 . 2006-04-06 11:28 77,824 --a------ C:\WINDOWS\system32\fun_mp4_dec.dll
2007-11-21 15:01 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Sample.ico
2007-11-21 14:57 . 2007-11-21 14:57 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-11-21 14:57 . 2007-11-21 14:57 <REP> d-------- C:\Program Files\Samsung
2007-11-21 14:57 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2007-11-21 14:57 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2007-11-21 14:57 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Driver.ico
2007-11-21 14:57 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2007-11-21 14:57 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2007-11-21 14:57 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2007-11-21 14:57 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2007-11-21 14:57 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2007-11-10 10:43 . 2007-09-06 12:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-10 10:42 . 2007-09-06 12:09 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-10 10:42 . 2007-09-06 12:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-10 10:42 . 2007-09-06 12:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-10 10:42 . 2007-09-06 12:05 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-10 10:42 . 2007-09-06 12:02 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-10 10:42 . 2007-09-06 12:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 14:27 --------- d-----w C:\Program Files\Steam
2007-12-08 12:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 11:11 --------- d-----w C:\Program Files\eMule
2007-12-08 09:47 --------- d-----w C:\Program Files\CasinoOnNet
2007-12-01 08:32 --------- d-----w C:\Program Files\Google
2007-11-29 16:33 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-03 11:16 --------- d-----w C:\Program Files\DivX
2007-10-27 07:35 --------- d-----w C:\Program Files\Java
2007-10-20 10:01 --------- d-----w C:\Program Files\Trend Micro
2007-10-17 17:47 --------- d-----w C:\Program Files\Windows Media Connect 2
.

((((((((((((((((((((((((((((( snapshot@2007-12-08_15.14.11.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-08 14:26:24 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_598.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 11:46]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-10-25 13:21]
"Steam"="c:\program files\steam\steam.exe" [2007-11-30 18:20]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 14:42 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 10:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"Windows Logical Driver"="wpssvc.exe" [2007-11-25 16:24 C:\WINDOWS\system32\wpssvc.exe]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 00:17:18]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]

R2 SetupNT;SetupNT;C:\WINDOWS\system32\SetupNT.sys
S3 AIDA32Driver;AIDA32Driver;\??\C:\Program Files\AIDA32 - Personal System Information\aida32.sys
S3 gel90xne;gel90xne;\??\C:\DOCUME~1\cueff\LOCALS~1\Temp\gel90xne.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-10-20 10:23:27 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1152785938.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\DOCUME~1\cueff\LOCALS~1\Temp\epguqesb.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 15:32:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 15:33:36
C:\ComboFix2.txt ... 2007-12-08 15:15
.
--- E O F ---
0
Réponse 7 / 41
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 163
 
oui, c'est bien ça, pas mal de bébéttes ...

Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

++
0
Réponse 8 / 41
jojo_67 Messages postés 35 Date d'inscription   Statut Membre Dernière intervention  
 
quand vundofix a fini son scan il me mes
"done searching for files" je click sur "ok" je nai pa le choi il y a que "ok" et aprè avoir clicker il me mes "done searching for files. No infected file were found"et aprè vundofix s'enlève et rien ne se passe.
je sais pas si c'est bon signe ou pas ??
0
Réponse 9 / 41
jojo_67 Messages postés 35 Date d'inscription   Statut Membre Dernière intervention  
 
voila le rapport de vundofix enfin je pense =)


VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 18:29:05 27/11/2007

Listing files found while scanning....

C:\windows\system32\elqagupc.dll
C:\WINDOWS\system32\itvezqxc.dll
C:\windows\system32\itvezqxc.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\elqagupc.dll
C:\windows\system32\elqagupc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\itvezqxc.dll
C:\WINDOWS\system32\itvezqxc.dll Has been deleted!

Attempting to delete C:\windows\system32\itvezqxc.dllbox
C:\windows\system32\itvezqxc.dllbox Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 17:38:24 29/11/2007

Listing files found while scanning....

C:\windows\system32\wfumrhlu.dll
C:\WINDOWS\system32\zozycipa.dll
C:\windows\system32\zozycipa.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\wfumrhlu.dll
C:\windows\system32\wfumrhlu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\zozycipa.dll
C:\WINDOWS\system32\zozycipa.dll Has been deleted!

Attempting to delete C:\windows\system32\zozycipa.dllbox
C:\windows\system32\zozycipa.dllbox Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.0

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 16:05:23 08/12/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.7.0

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 16:25:48 08/12/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...
0
Réponse 10 / 41
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 163
 
très bien

poste un nouveau hijack stp

++
0
Réponse 11 / 41
jojo_67 Messages postés 35 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:34, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wpssvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Logical Driver] wpssvc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E5CB2E7-738F-4753-A455-BCA34FDE39FD}: NameServer = 84.103.237.143 86.64.145.143
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
0
Réponse 12 / 41
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 163
 
ok, fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++
0
Réponse 13 / 41
jojo_67 Messages postés 35 Date d'inscription   Statut Membre Dernière intervention  
 
c'est bon jai lu
et j'ai du télécharger 2 logiciel donc c'est régler non?
0
Réponse 14 / 41
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 163
 
???
0
Réponse 15 / 41
jojo_67 Messages postés 35 Date d'inscription   Statut Membre Dernière intervention  
 
qu'est-ce que je dois faire sur se site??
0
Réponse 16 / 41
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 163
 
Ccleaner puis avg et le scan en ligne stp

++
0
Réponse 17 / 41
jojo_67
 
voila le rapport de avg je sui entrin de faire le scan en ligne je t'envérer l'autre rapport quand le scan sera fini

-------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:50:11 08/12/2007

+ Résultat de l'analyse:



C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132406.dll -> Not-A-Virus.PornDownloader.Win32.HotTV.a : Nettoyé.
C:\qoobox\Quarantine\C\WINDOWS\system32\HotTVPlayer.dll.vir -> Not-A-Virus.PornDownloader.Win32.HotTV.a : Nettoyé.


Fin du rapport
0
Réponse 18 / 41
jojo_67 Messages postés 35 Date d'inscription   Statut Membre Dernière intervention  
 
voila le rapport du scan





BitDefender Online Scanner



Scan report generated at: Sat, Dec 08, 2007 - 19:59:25





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
01:02:16

Files
198244

Folders
4980

Boot Sectors
2

Archives
2650

Packed Files
9116




Results

Identified Viruses
13

Infected Files
48

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
47




Engines Info

Virus Definitions
880847

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\cueff\Mes documents\Mes fichiers reçus\image12.zip=>image12-www.photobucket.com
Infected with: Trojan.Peed.Gen

C:\Documents and Settings\cueff\Mes documents\Mes fichiers reçus\image12.zip=>image12-www.photobucket.com
Disinfection failed

C:\Documents and Settings\cueff\Mes documents\Mes fichiers reçus\image12.zip=>image12-www.photobucket.com
Deleted

C:\Documents and Settings\cueff\Mes documents\Mes fichiers reçus\image12.zip
Updated

C:\Program Files\Alwil Software\Avast4\DATA\moved\35.exe.vir
Infected with: Generic.Sdbot.995DBF95

C:\Program Files\Alwil Software\Avast4\DATA\moved\35.exe.vir
Deleted

C:\Program Files\Trend Micro\HijackThis\backups\backup-20071203-193256-751.dll
Infected with: Trojan.Vundo.DRV

C:\Program Files\Trend Micro\HijackThis\backups\backup-20071203-193256-751.dll
Disinfection failed

C:\Program Files\Trend Micro\HijackThis\backups\backup-20071203-193256-751.dll
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\byxurpm.dll.vir
Infected with: Trojan.Vundo.DRU

C:\qoobox\Quarantine\C\WINDOWS\system32\byxurpm.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\byxurpm.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ddcawvs.dll.vir
Infected with: Trojan.Vundo.DRU

C:\qoobox\Quarantine\C\WINDOWS\system32\ddcawvs.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\ddcawvs.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\dsdfaors.dll.vir
Infected with: Trojan.Vundo.DRL

C:\qoobox\Quarantine\C\WINDOWS\system32\dsdfaors.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\dsdfaors.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ipglncyf.dll.vir
Infected with: Trojan.Vundo.DRR

C:\qoobox\Quarantine\C\WINDOWS\system32\ipglncyf.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\ipglncyf.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\jkkkkii.dll.vir
Infected with: Trojan.Vundo.DRU

C:\qoobox\Quarantine\C\WINDOWS\system32\jkkkkii.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\jkkkkii.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ljjgday.dll.vir
Infected with: Trojan.Vundo.DRU

C:\qoobox\Quarantine\C\WINDOWS\system32\ljjgday.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\ljjgday.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ljjkjhg.dll.vir
Infected with: Trojan.Vundo.DRU

C:\qoobox\Quarantine\C\WINDOWS\system32\ljjkjhg.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\ljjkjhg.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\mlstdrrg.dll.vir
Infected with: Trojan.Vundo.DRT

C:\qoobox\Quarantine\C\WINDOWS\system32\mlstdrrg.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\mlstdrrg.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\qommlif.dll.vir
Infected with: Trojan.Vundo.DRU

C:\qoobox\Quarantine\C\WINDOWS\system32\qommlif.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\qommlif.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\wlgrioxp.dll.vir
Infected with: Trojan.Vundo.DRS

C:\qoobox\Quarantine\C\WINDOWS\system32\wlgrioxp.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\wlgrioxp.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\wvusrpo.dll.vir
Infected with: Trojan.Vundo.DRU

C:\qoobox\Quarantine\C\WINDOWS\system32\wvusrpo.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\wvusrpo.dll.vir
Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ylxvxvpa.dll.vir
Infected with: Trojan.Vundo.DRT

C:\qoobox\Quarantine\C\WINDOWS\system32\ylxvxvpa.dll.vir
Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\ylxvxvpa.dll.vir
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP411\A0105958.exe
Detected with: Adware.Navipromo.BYZ

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP411\A0105958.exe
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP411\A0105958.exe
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP423\A0109043.exe
Detected with: Adware.Navipromo.BZC

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP423\A0109043.exe
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP423\A0109043.exe
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP427\A0112797.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP427\A0112797.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP427\A0112797.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP430\A0113267.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP430\A0113267.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP430\A0113267.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP430\A0113416.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP430\A0113416.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP430\A0113416.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP431\A0115565.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP431\A0115565.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP431\A0115565.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP431\A0118607.dll
Infected with: Trojan.Vundo.DRV

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP431\A0118607.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP431\A0118607.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP433\A0121004.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP433\A0121004.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP433\A0121004.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP433\A0121011.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP433\A0121011.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP433\A0121011.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128180.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128180.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128180.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128193.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128193.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128193.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128194.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128194.exe
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128194.exe
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128195.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128195.exe
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128195.exe
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128196.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128196.exe
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128196.exe
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128197.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128197.exe
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128197.exe
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128198.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128198.exe
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128198.exe
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128199.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128199.exe
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128199.exe
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128200.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128200.exe
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128200.exe
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128218.exe
Infected with: Trojan.Agent.AGBD

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128218.exe
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP434\A0128218.exe
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132367.dll
Infected with: Trojan.Vundo.DRU

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132367.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132367.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132369.dll
Infected with: Trojan.Vundo.DRU

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132369.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132369.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132370.dll
Infected with: Trojan.Vundo.DRL

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132370.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132370.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132376.dll
Infected with: Trojan.Vundo.DRR

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132376.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132376.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132377.dll
Infected with: Trojan.Vundo.DRU

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132377.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132377.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132379.dll
Infected with: Trojan.Vundo.DRU

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132379.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132379.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132381.dll
Infected with: Trojan.Vundo.DRU

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132381.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132381.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132384.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132384.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132384.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132387.dll
Infected with: Trojan.Vundo.DRU

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132387.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132387.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132391.dll
Infected with: Trojan.Vundo.DRS

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132391.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132391.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132393.dll
Infected with: Trojan.Vundo.DRU

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132393.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132393.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132397.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132397.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP436\A0132397.dll
Deleted

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP437\A0132857.dll
Infected with: Trojan.Vundo.DRV

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP437\A0132857.dll
Disinfection failed

C:\System Volume Information\_restore{7C6876EC-054A-46C8-AA01-2A332A64AFC7}\RP437\A0132857.dll
Deleted

C:\WINDOWS\system32\wpssvc.exe
Infected with: Trojan.Peed.Gen

C:\WINDOWS\system32\wpssvc.exe
Disinfection failed

C:\WINDOWS\system32\wpssvc.exe
Delete failed
0
Réponse 19 / 41
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 163
 
bon nettoyage !

fais un nouveau scan avec combo et poste le stp

++
0
Réponse 20 / 41
jojo_67 Messages postés 35 Date d'inscription   Statut Membre Dernière intervention  
 
ComboFix 07-12-08.1 - cueff 2007-12-08 20:16:51.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.189 [GMT 1:00]
Running from: C:\Documents and Settings\cueff\Mes documents\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ddaxw.dll
C:\WINDOWS\system32\iifgday.dll
C:\WINDOWS\system32\wvusron.dll
C:\WINDOWS\system32\wxadd.ini
C:\WINDOWS\system32\wxadd.ini2
C:\WINDOWS\system32\xxywwvw.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))))))))
.

2007-12-08 18:55 . 2007-12-08 18:55 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2007-12-08 18:55 . 2007-12-08 19:59 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-08 17:24 . 2007-12-08 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-08 17:21 . 2007-12-08 17:21 <REP> d-------- C:\Program Files\Yahoo!
2007-12-08 17:21 . 2007-12-08 17:21 <REP> d-------- C:\Program Files\CCleaner
2007-12-08 17:18 . 2007-12-08 17:18 <REP> d-------- C:\Documents and Settings\cueff\Application Data\Grisoft
2007-12-08 17:18 . 2007-12-08 17:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-08 17:18 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-08 14:11 . 2006-06-22 17:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-12-08 14:11 . 2006-06-22 17:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-08 14:11 . 2006-06-22 15:51 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-12-08 14:11 . 2006-06-22 17:47 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-08 14:11 . 2006-06-22 17:47 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-12-08 14:11 . 2006-06-22 17:47 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-08 14:11 . 2006-06-22 17:47 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-08 10:47 . 2007-12-08 10:47 107 --a------ C:\WINDOWS\wininit.ini
2007-12-08 10:09 . 2007-12-08 15:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-06 19:49 . 2007-12-08 09:29 831,777 ---hs---- C:\WINDOWS\system32\upagwauu.ini
2007-12-04 15:57 . 2007-12-04 15:58 2,298 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-04 15:56 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-04 15:56 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-04 15:56 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-04 15:56 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-04 15:56 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-03 20:30 . 2007-12-04 13:09 354 ---hs---- C:\WINDOWS\system32\dsmxjxwr.ini
2007-12-02 20:24 . 2007-12-03 19:09 794,291 ---hs---- C:\WINDOWS\system32\upquncxh.ini
2007-12-01 20:21 . 2007-12-02 20:21 793,844 ---hs---- C:\WINDOWS\system32\csaqxmdr.ini
2007-11-30 20:18 . 2007-12-01 18:03 794,684 ---hs---- C:\WINDOWS\system32\kcpjcqka.ini
2007-11-29 20:16 . 2007-11-30 20:17 835,017 ---hs---- C:\WINDOWS\system32\rhyyrbrb.ini
2007-11-29 18:38 . 2007-11-29 18:38 <REP> d-------- C:\Program Files\Realtek Sound Manager
2007-11-29 18:37 . 2007-11-29 18:37 <REP> d-------- C:\Program Files\Realtek AC97
2007-11-29 18:37 . 2007-11-29 18:37 <REP> d-------- C:\Program Files\AvRack
2007-11-28 20:16 . 2007-11-29 18:41 790,054 ---hs---- C:\WINDOWS\system32\ywbjbcuy.ini
2007-11-27 18:29 . 2007-12-08 16:05 <REP> d-------- C:\VundoFix Backups
2007-11-27 17:05 . 2007-11-28 17:05 784,546 ---hs---- C:\WINDOWS\system32\yxcunwux.ini
2007-11-25 22:07 . 2007-11-25 16:24 10,752 ---hs---- C:\WINDOWS\system32\wpssvc.exe
2007-11-21 15:06 . 2007-11-21 15:06 <REP> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-11-21 15:06 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-21 15:05 . 2006-03-21 15:49 2,729,472 --a------ C:\WINDOWS\system32\fun_avcodec.dll
2007-11-21 15:05 . 2006-04-18 16:32 684,032 --a------ C:\WINDOWS\system32\fun_mp4_enc.dll
2007-11-21 15:05 . 2006-04-11 16:49 671,744 --a------ C:\WINDOWS\system32\FunDecFilter.ax
2007-11-21 15:05 . 2006-04-11 13:13 532,480 --a------ C:\WINDOWS\system32\FunEncFilter.ax
2007-11-21 15:05 . 2006-04-06 11:28 77,824 --a------ C:\WINDOWS\system32\fun_mp4_dec.dll
2007-11-21 15:01 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Sample.ico
2007-11-21 14:57 . 2007-11-21 14:57 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-11-21 14:57 . 2007-11-21 14:57 <REP> d-------- C:\Program Files\Samsung
2007-11-21 14:57 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2007-11-21 14:57 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2007-11-21 14:57 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Driver.ico
2007-11-21 14:57 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2007-11-21 14:57 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2007-11-21 14:57 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2007-11-21 14:57 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2007-11-21 14:57 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2007-11-10 10:43 . 2007-09-06 12:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-10 10:42 . 2007-09-06 12:09 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-10 10:42 . 2007-09-06 12:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-10 10:42 . 2007-09-06 12:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-10 10:42 . 2007-09-06 12:05 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-10 10:42 . 2007-09-06 12:02 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-10 10:42 . 2007-09-06 12:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 19:25 --------- d-----w C:\Program Files\Steam
2007-12-08 12:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 11:11 --------- d-----w C:\Program Files\eMule
2007-12-08 09:47 --------- d-----w C:\Program Files\CasinoOnNet
2007-12-01 08:32 --------- d-----w C:\Program Files\Google
2007-11-29 16:33 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-03 11:16 --------- d-----w C:\Program Files\DivX
2007-10-27 07:35 --------- d-----w C:\Program Files\Java
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-20 10:01 --------- d-----w C:\Program Files\Trend Micro
2007-10-17 17:47 --------- d-----w C:\Program Files\Windows Media Connect 2
.

((((((((((((((((((((((((((((( snapshot@2007-12-08_15.14.11.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-08 17:56:01 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2007-12-08 17:56:01 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2007-12-08 17:56:01 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2007-12-08 17:56:04 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2007-10-25 09:26:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-10-25 09:26:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2007-12-08 17:56:04 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2007-12-08 17:56:01 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2007-10-25 09:26:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2007-10-25 09:26:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2007-12-08 19:25:09 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5ac.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 11:46]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-10-25 13:21]
"Steam"="c:\program files\steam\steam.exe" [2007-11-30 18:20]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 14:42 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 10:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"Windows Logical Driver"="wpssvc.exe" [2007-11-25 16:24 C:\WINDOWS\system32\wpssvc.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]
"{B285004D-6D02-4212-91FC-B8F47B68C254}"= C:\WINDOWS\system32\xxywwvw.dll [ ]


.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2006-10-20 10:23:27 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1152785938.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\cueff\LOCALS~1\Temp\epguqesb.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 20:26:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-08 20:27:58 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-08 15:33
C:\ComboFix3.txt ... 2007-12-08 15:15
.
--- E O F ---
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
Pb Windows 7, .EXE n'est pas app win32 valide
Witeric -
Lio -

15 réponses
Menaces HackTool:Win32
LeMax5993 -
lisa4777 -

4 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses