Sujet Précédent Sujet Suivant

Problème avec TR/VUNDO.gen

Résolu
tomeke Messages postés 9 Statut Membre -  
tomeke Messages postés 9 Statut Membre -
Bonjour,

1) J'ai un problème avec le trojan vundo.gen. J'utilisais avast et je suis passé à antivir qui m'a découvert ce virus. Seulement, il m'ouvrait toujours la même fenêtre (toutes les 2 secondes) en me signalant que le fichier mlldj.dll (je pense que c'est le nom exact) était infecté. J'avais beau le traiter de toutes les façons, cette fenêtre s'ouvrait toujours et m'empécher de travailler. J'ai utilisé le logiciel VundoFix qui n'a pas pu résoudre le problème.

2) J'ai donc réinstallé avast et exécuter la méthode préliminaire de désinfection conseillé sur ce site. Bitdefender n'a pas su traiter d'autres virus apparament.

==> Est-ce que quelqu'un pourrait m'aider à me débarasser de vundo et des autres virus ?

Voici les 3 rapports :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 11:19:37 12/12/2007

+ Résultat de l'analyse:

:mozilla.54:C:\Documents and Settings\NONE\Application Data\Mozilla\Firefox\Profiles\1rkbbib0.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.7:C:\Documents and Settings\NONE\Application Data\Mozilla\Firefox\Profiles\1rkbbib0.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\NONE\Cookies\none@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\NONE\Cookies\none@linksynergy[2].txt -> TrackingCookie.Linksynergy : Nettoyé.
C:\Documents and Settings\NONE\Cookies\none@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\NONE\Cookies\none@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\NONE\Cookies\none@ssl-hints.netflame[3].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\NONE\Cookies\none@ssl-hints.netflame[4].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\NONE\Cookies\none@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.20:C:\Documents and Settings\NONE\Application Data\Mozilla\Firefox\Profiles\1rkbbib0.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.21:C:\Documents and Settings\NONE\Application Data\Mozilla\Firefox\Profiles\1rkbbib0.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.50:C:\Documents and Settings\NONE\Application Data\Mozilla\Firefox\Profiles\1rkbbib0.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.22:C:\Documents and Settings\NONE\Application Data\Mozilla\Firefox\Profiles\1rkbbib0.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.23:C:\Documents and Settings\NONE\Application Data\Mozilla\Firefox\Profiles\1rkbbib0.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.24:C:\Documents and Settings\NONE\Application Data\Mozilla\Firefox\Profiles\1rkbbib0.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.25:C:\Documents and Settings\NONE\Application Data\Mozilla\Firefox\Profiles\1rkbbib0.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.26:C:\Documents and Settings\NONE\Application Data\Mozilla\Firefox\Profiles\1rkbbib0.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\NONE\Cookies\none@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\NONE\Cookies\none@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.

Fin du rapport

RAPPORT BITDEFENDER

BitDefender Online Scanner

Scan report generated at: Wed, Dec 12, 2007 - 10:14:30

Scan path: C:\;D:\;

Statistics
Time
00:33:33
Files
143116
Folders
3929
Boot Sectors
2
Archives
1131
Packed Files
5127

Results
Identified Viruses
6
Infected Files
11
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
9

Engines Info
Virus Definitions
881568
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1

Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions

Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes

Scanned File
Status
C:\System Volume Information\_restore{30426B8D-D669-4FB0-B2CD-4A8B9A42CB18}\RP216\A0019190.dll
Infected with: Trojan.Vundo.DRI
C:\System Volume Information\_restore{30426B8D-D669-4FB0-B2CD-4A8B9A42CB18}\RP216\A0019190.dll
Deleted
C:\System Volume Information\_restore{30426B8D-D669-4FB0-B2CD-4A8B9A42CB18}\RP216\A0019191.dll
Infected with: Trojan.Vundo.DRI
C:\System Volume Information\_restore{30426B8D-D669-4FB0-B2CD-4A8B9A42CB18}\RP216\A0019191.dll
Deleted
C:\System Volume Information\_restore{30426B8D-D669-4FB0-B2CD-4A8B9A42CB18}\RP216\A0019196.dll
Infected with: Trojan.Vundo.DRI
C:\System Volume Information\_restore{30426B8D-D669-4FB0-B2CD-4A8B9A42CB18}\RP216\A0019196.dll
Deleted
C:\WINDOWS\system32\cfjsgbtr.dll
Infected with: Trojan.Vundo.DSJ
C:\WINDOWS\system32\cfjsgbtr.dll
Disinfection failed
C:\WINDOWS\system32\cfjsgbtr.dll
Deleted
C:\WINDOWS\system32\daSgo01\daSgo011065.exe
Infected with: Trojan.Downloader.VB.VKO
C:\WINDOWS\system32\daSgo01\daSgo011065.exe
Disinfection failed
C:\WINDOWS\system32\daSgo01\daSgo011065.exe
Deleted
C:\WINDOWS\system32\dnwcxjhg.exe
Infected with: Trojan.Agent.AGBD
C:\WINDOWS\system32\dnwcxjhg.exe
Disinfection failed
C:\WINDOWS\system32\dnwcxjhg.exe
Deleted
C:\WINDOWS\system32\kncfdkbf.dll
Infected with: Trojan.Vundo.DRT
C:\WINDOWS\system32\kncfdkbf.dll
Disinfection failed
C:\WINDOWS\system32\kncfdkbf.dll
Deleted
C:\WINDOWS\system32\l4\swdrv83122.exe
Infected with: Trojan.Generic.78149
C:\WINDOWS\system32\l4\swdrv83122.exe
Disinfection failed
C:\WINDOWS\system32\l4\swdrv83122.exe
Deleted
C:\WINDOWS\system32\olsmpylq.dll
Infected with: Trojan.Vundo.DSJ
C:\WINDOWS\system32\olsmpylq.dll
Disinfection failed
C:\WINDOWS\system32\olsmpylq.dll
Delete failed
C:\WINDOWS\system32\oyeegasw.exe
Infected with: Trojan.Agent.AGBD
C:\WINDOWS\system32\oyeegasw.exe
Disinfection failed
C:\WINDOWS\system32\oyeegasw.exe
Delete failed
C:\WINDOWS\system32\tllxenlb.dll
Infected with: Trojan.Vundo.DSJ
C:\WINDOWS\system32\tllxenlb.dll
Disinfection failed
C:\WINDOWS\system32\tllxenlb.dll
Deleted

RAPPORT HI-JACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:57, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\oyeegasw.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\coolpro2\coolpro2.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [2c2876d6] rundll32.exe "C:\WINDOWS\system32\kncfdkbf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\oyeegasw.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

10 réponses

Réponse 1 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O4 - HKLM\..\Run: [2c2876d6] rundll32.exe "C:\WINDOWS\system32\kncfdkbf.dll",b

________________________

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

________________________

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\system32\kncfdkbf.dll
C:\WINDOWS\system32\olsmpylq.dll
C:\WINDOWS\system32\oyeegasw.exe
C:\WINDOWS\system32\oyeegasw.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

______________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

_________________________

désactive la restauration système pour purger les virus qui seraient dedans puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

__________________________

recolle un rapport hijackthis et dis tes problemes

a plus
0
Réponse 2 / 10
tomeke Messages postés 9 Statut Membre
 
Resalut,

J'ai fait ce que tu m'as dit. A part deux petit truc, je pense que ça a réglé le problème.

1)En fait, je n'ai pas pu faire la première étape avec hijackthis. Le fichier n'était pas dans la liste.

2)Tout le reste s'est déroulé comme il faut.
J'ai donc réinstallé Antivir et refait un scan plus de Vundo.
Par contre, il a trouvé 2 trucs que j'ai mis en quarantaine dans le doute et qui était situé à l'adresse suivante :

C:\qoobox\quarantine\catchme2007-12-12_153430.28.zip
C:\qoobox\quarantine\C\windows\system32mllmj.dll.vir

Fallait-il les laisser dans ce dossier qoobox ? (le rapport du scan antivir est plus bas)

Je copie ci-dessous les différents rapports (virtumondebegone, Otmoveit, combofix, antivir et hijackthis)

virtumondebegone

[12/12/2007, 15:20:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\NONE\Bureau\VirtumundoBeGone.exe" )
[12/12/2007, 15:21:14] - Detected System Information:
[12/12/2007, 15:21:14] - Windows Version: 5.1.2600, Service Pack 2
[12/12/2007, 15:21:14] - Current Username: NONE (Admin)
[12/12/2007, 15:21:14] - Windows is in NORMAL mode.
[12/12/2007, 15:21:14] - Searching for Browser Helper Objects:
[12/12/2007, 15:21:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/12/2007, 15:21:14] - BHO 2: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[12/12/2007, 15:21:14] - BHO 3: {d4dd43d5-f64a-435c-be76-fc2660092ef8} ()
[12/12/2007, 15:21:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/12/2007, 15:21:14] - Checking for HKLM\...\Winlogon\Notify\olsmpylq
[12/12/2007, 15:21:14] - Key not found: HKLM\...\Winlogon\Notify\olsmpylq, continuing.
[12/12/2007, 15:21:14] - BHO 4: {F2A3D66E-29CE-41AC-A689-C02686EF0B46} ()
[12/12/2007, 15:21:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/12/2007, 15:21:14] - Checking for HKLM\...\Winlogon\Notify\mllmj
[12/12/2007, 15:21:14] - Key not found: HKLM\...\Winlogon\Notify\mllmj, continuing.
[12/12/2007, 15:21:14] - BHO 5: {F544C93C-5555-4DD0-946D-4F1B6DF4FC74} ()
[12/12/2007, 15:21:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/12/2007, 15:21:14] - Checking for HKLM\...\Winlogon\Notify\
[12/12/2007, 15:21:14] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
[12/12/2007, 15:21:14] - Finished Searching Browser Helper Objects
[12/12/2007, 15:21:14] - Finishing up...
[12/12/2007, 15:21:14] - Nothing found! Exiting...

Otmoveit

File/Folder C:\WINDOWS\system32\kncfdkbf.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\olsmpylq.dll
C:\WINDOWS\system32\olsmpylq.dll NOT unregistered.
C:\WINDOWS\system32\olsmpylq.dll moved successfully.
File/Folder C:\WINDOWS\system32\oyeegasw.exe not found.
File/Folder C:\WINDOWS\system32\oyeegasw.exe not found.

Created on 12/12/2007 15:24:53

combofix

ComboFix 07-12-12.3 - NONE 2007-12-12 15:29:10.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.633 [GMT 1:00]
Running from: C:\Documents and Settings\NONE\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\bkR11
C:\Temp\bkR11\ftCa.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\f3
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\l4
C:\WINDOWS\system32\mllmj.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))))))))
.

2007-12-12 10:48 . 2007-12-12 15:15 <REP> d-------- C:\HijackThis
2007-12-12 09:32 . 2007-12-12 10:22 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-11 19:37 . 2007-12-11 19:37 <REP> d-------- C:\Program Files\CCleaner
2007-12-11 19:31 . 2007-12-12 10:06 913,040 ---hs---- C:\WINDOWS\system32\fbkdfcnk.ini
2007-12-11 18:50 . 2007-07-28 00:07 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-11 18:50 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-11 18:50 . 2007-07-27 23:57 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-11 18:50 . 2007-07-28 00:02 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-11 18:50 . 2007-07-28 00:02 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-11 18:50 . 2007-07-27 23:59 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-11 18:50 . 2007-07-27 23:58 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-11 18:50 . 2007-07-28 00:00 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-10 22:40 . 2007-12-10 22:40 <REP> d-------- C:\Documents and Settings\NONE\Application Data\Grisoft
2007-12-10 22:40 . 2007-12-10 22:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-10 22:40 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-10 20:43 . 2007-12-10 22:11 <REP> d-------- C:\VundoFix Backups
2007-12-10 20:19 . 2007-12-10 20:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-10 19:21 . 2007-12-10 19:22 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-10 15:42 . 2007-12-10 22:03 714 ---hs---- C:\WINDOWS\system32\vwtrgsnr.ini
2007-12-02 23:17 . 2007-12-02 23:17 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-29 13:22 . 2007-12-12 10:12 <REP> d-------- C:\WINDOWS\system32\daSgo01
2007-11-29 13:22 . 2007-12-12 15:32 <REP> d-------- C:\Temp
2007-11-14 19:13 . 2006-08-17 13:29 728,576 -----c--- C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-14 19:13 . 2006-08-17 13:29 332,288 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2007-11-14 19:13 . 2006-08-17 13:29 132,096 -----c--- C:\WINDOWS\system32\dllcache\wkssvc.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 10:43 --------- d-----w C:\Documents and Settings\NONE\Application Data\OpenOffice.org2
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4dd43d5-f64a-435c-be76-fc2660092ef8}]
C:\WINDOWS\system32\olsmpylq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F544C93C-5555-4DD0-946D-4F1B6DF4FC74}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 21:00]
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [2000-10-16 08:37]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 18:51]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-08 23:53]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
S3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-04 09:24:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 15:34:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-12 15:35:53 - machine was rebooted
.
2007-12-02 21:01:03 --- E O F ---

Antivir

AntiVir PersonalEdition Classic
Report file date: mercredi 12 décembre 2007 15:59

Scanning for 971335 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: SAM

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 14:59:13
ANTIVIR3.VDF : 7.0.1.79 213504 Bytes 12/12/2007 14:59:13
AVEWIN32.DLL : 7.6.0.40 3064320 Bytes 12/12/2007 14:59:13
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 12 décembre 2007 15:59

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'rmctrl.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '24' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\qoobox\Quarantine\catchme2007-12-12_153430.28.zip
[0] Archive type: ZIP
--> mllmj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d3fb1a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mllmj.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47cbfbc4.qua'!

End of the scan: mercredi 12 décembre 2007 16:24
Used time: 24:53 min

The scan has been done completely.

3806 Scanning directories
139984 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
139982 Files not concerned
1324 Archives were scanned
1 Warnings
0 Notes

Rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:18, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: {8fe29006-62cf-67eb-c534-a46f5d34dd4d} - {d4dd43d5-f64a-435c-be76-fc2660092ef8} - C:\WINDOWS\system32\olsmpylq.dll (file missing)
O2 - BHO: (no name) - {F544C93C-5555-4DD0-946D-4F1B6DF4FC74} - \
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
0
Réponse 3 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok
vire ce qui est dans quarantine en allant dans poste de travail puis C puis qqbox

C:\qoobox\Quarantine\

______________

vire ce qui est en quarantaine dans antivir

______________

analyse ces deux fixhiers sur virus total et colle moi les rapports: https://www.virustotal.com/gui/

C:\WINDOWS\system32\fbkdfcnk.ini
C:\WINDOWS\system32\vwtrgsnr.ini
0
Réponse 4 / 10
tomeke Messages postés 9 Statut Membre
 
Salut,

Voici les 2 rapports :

C:\WINDOWS\system32\fbkdfcnk.ini

File fbkdfcnk.ini_ received on 12.12.2007 19:41:13 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)

Antivirus Version Last Update Result
AhnLab-V3 2007.12.12.11 2007.12.12 -
AntiVir 7.6.0.40 2007.12.12 -
Authentium 4.93.8 2007.12.11 -
Avast 4.7.1098.0 2007.12.11 -
AVG 7.5.0.503 2007.12.12 -
BitDefender 7.2 2007.12.12 -
CAT-QuickHeal 9.00 2007.12.12 -
ClamAV 0.91.2 2007.12.12 -
DrWeb 4.44.0.09170 2007.12.12 -
eSafe 7.0.15.0 2007.12.12 -
eTrust-Vet 31.3.5371 2007.12.12 -
Ewido 4.0 2007.12.12 -
FileAdvisor 1 2007.12.12 -
Fortinet 3.14.0.0 2007.12.12 -
F-Prot 4.4.2.54 2007.12.11 -
F-Secure 6.70.13030.0 2007.12.12 -
Ikarus T3.1.1.12 2007.12.12 -
Kaspersky 7.0.0.125 2007.12.12 -
McAfee 5183 2007.12.11 -
Microsoft 1.3007 2007.12.12 -
NOD32v2 2719 2007.12.12 -
Norman 5.80.02 2007.12.12 -
Panda 9.0.0.4 2007.12.12 -
Prevx1 V2 2007.12.12 -
Rising 20.22.22.00 2007.12.12 -
Sophos 4.24.0 2007.12.12 -
Sunbelt 2.2.907.0 2007.12.12 -
Symantec 10 2007.12.12 -
TheHacker 6.2.9.156 2007.12.12 -
VBA32 3.12.2.5 2007.12.10 -
VirusBuster 4.3.26:9 2007.12.12 -
Webwasher-Gateway 6.0.1 2007.12.12 -
Additional information
File size: 913040 bytes
MD5: f1549e067733d2ae107ea2a7527db514
SHA1: d09ff047b0358840931b179f8d9c1fe8b6797a19
PEiD: -

C:\WINDOWS\system32\vwtrgsnr.ini

Fichier vwtrgsnr.ini reçu le 2007.12.12 22:03:23 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.12.12.11 2007.12.12 -
AntiVir 7.6.0.40 2007.12.12 -
Authentium 4.93.8 2007.12.12 -
Avast 4.7.1098.0 2007.12.11 -
AVG 7.5.0.503 2007.12.12 -
BitDefender 7.2 2007.12.12 -
CAT-QuickHeal 9.00 2007.12.12 -
ClamAV 0.91.2 2007.12.12 -
DrWeb 4.44.0.09170 2007.12.12 -
eSafe 7.0.15.0 2007.12.12 -
eTrust-Vet 31.3.5371 2007.12.12 -
Ewido 4.0 2007.12.12 -
FileAdvisor 1 2007.12.12 -
Fortinet 3.14.0.0 2007.12.12 -
F-Prot 4.4.2.54 2007.12.12 -
F-Secure 6.70.13030.0 2007.12.12 -
Ikarus T3.1.1.12 2007.12.12 -
Kaspersky 7.0.0.125 2007.12.12 -
McAfee 5183 2007.12.11 -
Microsoft 1.3007 2007.12.12 -
NOD32v2 2719 2007.12.12 -
Norman 5.80.02 2007.12.12 -
Panda 9.0.0.4 2007.12.12 -
Prevx1 V2 2007.12.12 -
Rising 20.22.22.00 2007.12.12 -
Sophos 4.24.0 2007.12.12 -
Sunbelt 2.2.907.0 2007.12.12 -
Symantec 10 2007.12.12 -
TheHacker 6.2.9.156 2007.12.12 -
VBA32 3.12.2.5 2007.12.10 -
VirusBuster 4.3.26:9 2007.12.12 -
Webwasher-Gateway 6.6.2 2007.12.12 -
Information additionnelle
File size: 714 bytes
MD5: 812b3b15aa07a62528878e53add0c6ba
SHA1: 54f8e1dbd829cc30cc57ae5e1e6c16d2aeb6a03e
PEiD: -

Celà veut-il dire que le PC est désinfecté ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
nettoie ton registre avec regcleaner
http://manuelsdaide.com/RegCleaner/RegCleaner.htm

_________________

recolle un rapport hijackhtis et combofix et dis tes soucis

pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT +/- si tea timer non active de spybot: WINDOWS DEFENDER ou SPYWARE TERMINATOR

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment que tu avais!!! mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf
0
Réponse 6 / 10
tomeke Messages postés 9 Statut Membre
 
Salut,

Voici les rapports. J'ai plus de soucis.

Merci pour tes conseils !

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:26:57, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: {8fe29006-62cf-67eb-c534-a46f5d34dd4d} - {d4dd43d5-f64a-435c-be76-fc2660092ef8} - C:\WINDOWS\system32\olsmpylq.dll (file missing)
O2 - BHO: (no name) - {F544C93C-5555-4DD0-946D-4F1B6DF4FC74} - \
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
0
Réponse 7 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O2 - BHO: {8fe29006-62cf-67eb-c534-a46f5d34dd4d} - {d4dd43d5-f64a-435c-be76-fc2660092ef8} - C:\WINDOWS\system32\olsmpylq.dll (file missing)
O2 - BHO: (no name) - {F544C93C-5555-4DD0-946D-4F1B6DF4FC74} - \
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

_____________________

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4dd43d5-f64a-435c-be76-fc2660092ef8}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX X

note : regedit4 doit etre sur la premiere ligne dans le bloc note et a la fin il y a une ligne blanche

Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

recolle combofix

pour protéger gratos ton ordi

https://www.commentcamarche.net/telecharger/ 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT +/- si tea timer non active de spybot: WINDOWS DEFENDER ou SPYWARE TERMINATOR

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment que tu avais!!! mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf
0
Réponse 8 / 10
tomeke Messages postés 9 Statut Membre
 
Salut

J'ai suivi tes conseils mais quand j'ouvre fix.reg il me pose bien la question mais ensuite une boite s'ouvre avec le message suivant :

editeur du registre

impossible d importer C:\Documents and settings\NONE\Bureau\fix.reg : erreur d'accès au Registre.
0
Réponse 9 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
pas grave refais un coups de regcleaner pour nettoyer le registre
et c'est bon!
0
Réponse 10 / 10
tomeke Messages postés 9 Statut Membre
 
ok,

Un tout grand merci a toi ! merci pour tout ces bons conseils !
0

Discussions similaires

Signification "TR"
andromeid -
matrix4422 -

3 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses
Problème casque sennheiser 4200
barbie35 -
Beenaxa -

1 réponse