Vundo Ge impossible à enlever.. aidez moi svp
Résolu
docjol
Messages postés
20
Date d'inscription
Statut
Membre
Dernière intervention
-
ep44 Messages postés 7393 Date d'inscription Statut Contributeur Dernière intervention -
ep44 Messages postés 7393 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour,
j'ai un gros probléme avec le trojan vundo ge que antivir repère dans le fichier systeme32\wvwwv.dll mais qu'il est impossible de mettre en quarantaine ou d'effacer.
Curieusement vundofix le trouve dans mljgdaw.dll...
Je suis dans l'obligation de désactiver mon antivirus antivir pour ne pas avoir des messages intempestifs m'indiquant que je suis infecté.
Suivant les conseils donnés dans votre forum, j'ai effectué vundofix, virtumundo et combofix.
Je vous joins les rapports. en espérant que vous pourrez me dépanner pour éradiquer ce logiciel génant terriblement mon activité professionelle.
Merci à vous par avance.
Vundofix
VundoFix V6.7.7
Checking Java version...
Scan started at 02:56:36 27/12/2007
Listing files found while scanning....
C:\WINDOWS\system32\mljgdaw.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mljgdaw.dll
C:\WINDOWS\system32\mljgdaw.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Virtumundo
[12/27/2007, 3:41:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Joly\Local Settings\Temporary Internet Files\Content.IE5\WVSXCD4J\VirtumundoBeGone[1].exe" )
[12/27/2007, 3:41:18] - Detected System Information:
[12/27/2007, 3:41:18] - Windows Version: 5.1.2600, Service Pack 2
[12/27/2007, 3:41:18] - Current Username: Joly (Admin)
[12/27/2007, 3:41:18] - Windows is in NORMAL mode.
[12/27/2007, 3:41:18] - Searching for Browser Helper Objects:
[12/27/2007, 3:41:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[12/27/2007, 3:41:18] - BHO 2: {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} (Download Manager Browser Helper Object)
[12/27/2007, 3:41:18] - BHO 3: {5C51A58C-15C3-4151-9C2D-98DB5C4A2B6D} ()
[12/27/2007, 3:41:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/27/2007, 3:41:18] - Checking for HKLM\...\Winlogon\Notify\wvwwv
[12/27/2007, 3:41:18] - Key not found: HKLM\...\Winlogon\Notify\wvwwv, continuing.
[12/27/2007, 3:41:18] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/27/2007, 3:41:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/27/2007, 3:41:18] - Checking for HKLM\...\Winlogon\Notify\mljgdaw
[12/27/2007, 3:41:18] - Found: HKLM\...\Winlogon\Notify\mljgdaw - This is probably Virtumundo.
[12/27/2007, 3:41:18] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/27/2007, 3:41:18] - BHO list has been changed! Starting over...
[12/27/2007, 3:41:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[12/27/2007, 3:41:18] - BHO 2: {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} (Download Manager Browser Helper Object)
[12/27/2007, 3:41:18] - BHO 3: {5C51A58C-15C3-4151-9C2D-98DB5C4A2B6D} ()
[12/27/2007, 3:41:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/27/2007, 3:41:18] - Checking for HKLM\...\Winlogon\Notify\wvwwv
[12/27/2007, 3:41:18] - Key not found: HKLM\...\Winlogon\Notify\wvwwv, continuing.
[12/27/2007, 3:41:18] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object)
[12/27/2007, 3:41:18] - ALERT: Found MSEvents Object!
[12/27/2007, 3:41:18] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/27/2007, 3:41:18] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/27/2007, 3:41:18] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/27/2007, 3:41:18] - Finished Searching Browser Helper Objects
[12/27/2007, 3:41:18] - *** Detected MSEvents Object
[12/27/2007, 3:41:18] - Trying to remove MSEvents Object...
[12/27/2007, 3:41:19] - Terminating Process: IEXPLORE.EXE
[12/27/2007, 3:41:19] - Terminating Process: RUNDLL32.EXE
[12/27/2007, 3:41:20] - Disabling Automatic Shell Restart
[12/27/2007, 3:41:20] - Terminating Process: EXPLORER.EXE
[12/27/2007, 3:41:20] - Suspending the NT Session Manager System Service
[12/27/2007, 3:41:20] - Terminating Windows NT Logon/Logoff Manager
[12/27/2007, 3:41:21] - Re-enabling Automatic Shell Restart
[12/27/2007, 3:41:21] - File to disable: C:\WINDOWS\system32\mljgdaw.dll
[12/27/2007, 3:41:21] - Renaming C:\WINDOWS\system32\mljgdaw.dll -> C:\WINDOWS\system32\mljgdaw.dll.vir
[12/27/2007, 3:41:21] - File successfully renamed!
[12/27/2007, 3:41:21] - Removing HKLM\...\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/27/2007, 3:41:21] - Removing HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/27/2007, 3:41:21] - Adding Kill Bit for ActiveX for GUID: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/27/2007, 3:41:21] - Deleting ATLEvents/MSEvents Registry entries
[12/27/2007, 3:41:21] - Removing HKLM\...\Winlogon\Notify\mljgdaw
[12/27/2007, 3:41:22] - Searching for Browser Helper Objects:
[12/27/2007, 3:41:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[12/27/2007, 3:41:22] - BHO 2: {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} (Download Manager Browser Helper Object)
[12/27/2007, 3:41:22] - BHO 3: {5C51A58C-15C3-4151-9C2D-98DB5C4A2B6D} ()
[12/27/2007, 3:41:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/27/2007, 3:41:22] - Checking for HKLM\...\Winlogon\Notify\wvwwv
[12/27/2007, 3:41:22] - Key not found: HKLM\...\Winlogon\Notify\wvwwv, continuing.
[12/27/2007, 3:41:22] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/27/2007, 3:41:22] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/27/2007, 3:41:22] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/27/2007, 3:41:22] - Finished Searching Browser Helper Objects
[12/27/2007, 3:41:22] - Finishing up...
[12/27/2007, 3:41:22] - A restart is needed.
[12/27/2007, 3:41:29] - Attempting to Restart via STOP error (Blue Screen!)
et combofix
ComboFix 07-12-21.4 - Joly 2007-12-27 4:13:11.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.474 [GMT 1:00]
Running from: C:\Documents and Settings\Joly\Local Settings\Temporary Internet Files\Content.IE5\WVSXCD4J\ComboFix[1].exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Bureau\webmediaplayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\Conditions générales.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\Confidentialité.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\Website.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
c:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew.dat
C:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew.exe
c:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew_nav.dat
c:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew_navps.dat
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Conditions générales.url
C:\Program Files\webmediaplayer\Confidentialité.url
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\Website.url
C:\WINDOWS\system32\nvs2.inf
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))))))))
.
2007-12-27 02:56 . 2007-12-27 02:56 <REP> d-------- C:\VundoFix Backups
2007-12-27 02:37 . 2007-12-27 02:37 <REP> d-------- C:\Program Files\Spyware-Secure
2007-12-26 15:57 . 2007-12-26 15:57 <REP> d-------- C:\Documents and Settings\Joly\Application Data\Apple Computer
2007-12-25 00:53 . 2007-12-25 00:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 23:58 . 2007-12-24 23:58 <REP> d-------- C:\WINDOWS\report
2007-12-24 23:57 . 2007-12-24 23:44 40,242,225 --a------ C:\WINDOWS\LPT$VPN.905
2007-12-24 23:44 . 2007-12-24 23:44 <REP> d-------- C:\WINDOWS\AU_Backup
2007-12-24 23:44 . 2007-12-24 23:44 40,242,225 --a------ C:\WINDOWS\VPTNFILE.905
2007-12-24 23:44 . 2007-12-24 23:44 1,906,226 --a------ C:\WINDOWS\tsc.ptn
2007-12-24 23:44 . 2007-12-24 23:44 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-12-24 23:44 . 2007-12-24 23:44 267,845 --a------ C:\WINDOWS\tsc.exe
2007-12-24 23:44 . 2007-12-24 23:44 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-12-24 23:44 . 2007-12-24 23:44 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-12-24 23:44 . 2007-12-24 23:59 823 --a------ C:\WINDOWS\tsc.ini
2007-12-24 23:40 . 2007-12-24 23:44 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-24 23:40 . 2007-12-24 23:40 <REP> d-------- C:\WINDOWS\AU_Log
2007-12-24 23:40 . 2007-12-24 23:40 170 --a------ C:\WINDOWS\GetServer.ini
2007-12-24 23:39 . 2007-12-24 23:39 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-12-24 23:39 . 2007-12-24 23:39 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-12-24 23:39 . 2007-12-24 23:39 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-12-24 08:42 . 2007-12-24 08:42 15 --a------ C:\WINDOWS\system32\90c6198b
2007-12-23 11:39 . 2007-12-26 13:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-23 11:39 . 2007-12-23 11:39 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 20:39 . 2007-12-27 04:21 9,486 --ahs---- C:\WINDOWS\system32\vwwvw.ini
2007-12-20 20:39 . 2007-12-27 04:19 9,384 --ahs---- C:\WINDOWS\system32\vwwvw.ini2
2007-12-20 20:04 . 2007-12-23 01:26 314,624 --------- C:\WINDOWS\system32\wvwwv.dll
2007-12-20 19:58 . 2007-12-20 19:58 24,304 --a------ C:\WINDOWS\system32\mljgdaw.dll.vir
2007-12-20 19:56 . 2007-12-20 19:56 <REP> d-------- C:\WINDOWS\Sun
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 01:22 --------- d-----w C:\Program Files\Mindscape
2007-12-27 01:21 --------- d-----w C:\Program Files\eMule
2007-12-27 01:21 --------- d-----w C:\Program Files\Azureus
2007-12-26 19:05 --------- d-----w C:\Documents and Settings\Joly\Application Data\Azureus
2007-12-25 02:10 --------- d-----w C:\Program Files\Everest Poker
2007-12-24 22:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 07:22 --------- d-----w C:\Program Files\Google
2007-12-17 19:30 --------- d-----w C:\Program Files\Java
2007-11-25 23:38 --------- d-----w C:\Documents and Settings\Joly\Application Data\Nokia Multimedia Player
2007-11-25 20:55 --------- d-----w C:\Documents and Settings\Joly\Application Data\PC Suite
2007-11-25 20:52 --------- d-----w C:\Documents and Settings\Joly\Application Data\Nokia
2007-11-25 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-25 20:41 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2007-11-25 20:40 --------- d-----w C:\Program Files\Nokia
2007-11-25 20:40 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2007-11-25 20:39 --------- d-----w C:\Program Files\DIFX
2007-11-25 20:36 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-25 20:36 --------- d-----w C:\Program Files\7-Zip
2007-11-25 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-11-25 14:03 --------- d-----w C:\Program Files\Panda Security
2007-11-25 13:11 --------- d-----w C:\Documents and Settings\Joly\Application Data\DivX
2007-11-25 13:07 --------- d-----w C:\Program Files\DivX
2007-11-25 10:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-17 15:24 --------- d-----w C:\Program Files\QuickTime
2007-11-17 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-11 13:02 283,648 ----a-w C:\WINDOWS\uninst.exe
2007-11-11 10:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-08 16:12 --------- d-----w C:\Program Files\IncrediMail
2007-11-04 10:05 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-03 18:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-03 17:54 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ADA475-622F-45F7-A4DA-22D688460D19}]
2007-12-23 01:26 314624 --------- C:\WINDOWS\system32\wvwwv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-08-05 14:01]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-20 23:38]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" []
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 14:53]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [2004-04-28 13:02]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-19 01:18]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-12 19:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\wvwwv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Docteur Club Internet.lnk
backup=C:\WINDOWS\pss\Docteur Club Internet.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
C:\WINDOWS\Temp\RecoverFromReboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 --a------ C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Workflow]
D:\install\Workflow.exe
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 09:42]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-04-21 12:33]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2005-01-27 21:24]
S3 W8335XP;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys [2004-12-24 07:43]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 04:20:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\wvwwv.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\wvwwv.dll
.
Completion time: 2007-12-27 4:22:28 - machine was rebooted
j'ai un gros probléme avec le trojan vundo ge que antivir repère dans le fichier systeme32\wvwwv.dll mais qu'il est impossible de mettre en quarantaine ou d'effacer.
Curieusement vundofix le trouve dans mljgdaw.dll...
Je suis dans l'obligation de désactiver mon antivirus antivir pour ne pas avoir des messages intempestifs m'indiquant que je suis infecté.
Suivant les conseils donnés dans votre forum, j'ai effectué vundofix, virtumundo et combofix.
Je vous joins les rapports. en espérant que vous pourrez me dépanner pour éradiquer ce logiciel génant terriblement mon activité professionelle.
Merci à vous par avance.
Vundofix
VundoFix V6.7.7
Checking Java version...
Scan started at 02:56:36 27/12/2007
Listing files found while scanning....
C:\WINDOWS\system32\mljgdaw.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mljgdaw.dll
C:\WINDOWS\system32\mljgdaw.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Virtumundo
[12/27/2007, 3:41:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Joly\Local Settings\Temporary Internet Files\Content.IE5\WVSXCD4J\VirtumundoBeGone[1].exe" )
[12/27/2007, 3:41:18] - Detected System Information:
[12/27/2007, 3:41:18] - Windows Version: 5.1.2600, Service Pack 2
[12/27/2007, 3:41:18] - Current Username: Joly (Admin)
[12/27/2007, 3:41:18] - Windows is in NORMAL mode.
[12/27/2007, 3:41:18] - Searching for Browser Helper Objects:
[12/27/2007, 3:41:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[12/27/2007, 3:41:18] - BHO 2: {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} (Download Manager Browser Helper Object)
[12/27/2007, 3:41:18] - BHO 3: {5C51A58C-15C3-4151-9C2D-98DB5C4A2B6D} ()
[12/27/2007, 3:41:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/27/2007, 3:41:18] - Checking for HKLM\...\Winlogon\Notify\wvwwv
[12/27/2007, 3:41:18] - Key not found: HKLM\...\Winlogon\Notify\wvwwv, continuing.
[12/27/2007, 3:41:18] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/27/2007, 3:41:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/27/2007, 3:41:18] - Checking for HKLM\...\Winlogon\Notify\mljgdaw
[12/27/2007, 3:41:18] - Found: HKLM\...\Winlogon\Notify\mljgdaw - This is probably Virtumundo.
[12/27/2007, 3:41:18] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/27/2007, 3:41:18] - BHO list has been changed! Starting over...
[12/27/2007, 3:41:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[12/27/2007, 3:41:18] - BHO 2: {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} (Download Manager Browser Helper Object)
[12/27/2007, 3:41:18] - BHO 3: {5C51A58C-15C3-4151-9C2D-98DB5C4A2B6D} ()
[12/27/2007, 3:41:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/27/2007, 3:41:18] - Checking for HKLM\...\Winlogon\Notify\wvwwv
[12/27/2007, 3:41:18] - Key not found: HKLM\...\Winlogon\Notify\wvwwv, continuing.
[12/27/2007, 3:41:18] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object)
[12/27/2007, 3:41:18] - ALERT: Found MSEvents Object!
[12/27/2007, 3:41:18] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/27/2007, 3:41:18] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/27/2007, 3:41:18] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/27/2007, 3:41:18] - Finished Searching Browser Helper Objects
[12/27/2007, 3:41:18] - *** Detected MSEvents Object
[12/27/2007, 3:41:18] - Trying to remove MSEvents Object...
[12/27/2007, 3:41:19] - Terminating Process: IEXPLORE.EXE
[12/27/2007, 3:41:19] - Terminating Process: RUNDLL32.EXE
[12/27/2007, 3:41:20] - Disabling Automatic Shell Restart
[12/27/2007, 3:41:20] - Terminating Process: EXPLORER.EXE
[12/27/2007, 3:41:20] - Suspending the NT Session Manager System Service
[12/27/2007, 3:41:20] - Terminating Windows NT Logon/Logoff Manager
[12/27/2007, 3:41:21] - Re-enabling Automatic Shell Restart
[12/27/2007, 3:41:21] - File to disable: C:\WINDOWS\system32\mljgdaw.dll
[12/27/2007, 3:41:21] - Renaming C:\WINDOWS\system32\mljgdaw.dll -> C:\WINDOWS\system32\mljgdaw.dll.vir
[12/27/2007, 3:41:21] - File successfully renamed!
[12/27/2007, 3:41:21] - Removing HKLM\...\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/27/2007, 3:41:21] - Removing HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/27/2007, 3:41:21] - Adding Kill Bit for ActiveX for GUID: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/27/2007, 3:41:21] - Deleting ATLEvents/MSEvents Registry entries
[12/27/2007, 3:41:21] - Removing HKLM\...\Winlogon\Notify\mljgdaw
[12/27/2007, 3:41:22] - Searching for Browser Helper Objects:
[12/27/2007, 3:41:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[12/27/2007, 3:41:22] - BHO 2: {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} (Download Manager Browser Helper Object)
[12/27/2007, 3:41:22] - BHO 3: {5C51A58C-15C3-4151-9C2D-98DB5C4A2B6D} ()
[12/27/2007, 3:41:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/27/2007, 3:41:22] - Checking for HKLM\...\Winlogon\Notify\wvwwv
[12/27/2007, 3:41:22] - Key not found: HKLM\...\Winlogon\Notify\wvwwv, continuing.
[12/27/2007, 3:41:22] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/27/2007, 3:41:22] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/27/2007, 3:41:22] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/27/2007, 3:41:22] - Finished Searching Browser Helper Objects
[12/27/2007, 3:41:22] - Finishing up...
[12/27/2007, 3:41:22] - A restart is needed.
[12/27/2007, 3:41:29] - Attempting to Restart via STOP error (Blue Screen!)
et combofix
ComboFix 07-12-21.4 - Joly 2007-12-27 4:13:11.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.474 [GMT 1:00]
Running from: C:\Documents and Settings\Joly\Local Settings\Temporary Internet Files\Content.IE5\WVSXCD4J\ComboFix[1].exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Bureau\webmediaplayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\Conditions générales.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\Confidentialité.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\Website.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
c:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew.dat
C:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew.exe
c:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew_nav.dat
c:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew_navps.dat
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Conditions générales.url
C:\Program Files\webmediaplayer\Confidentialité.url
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\Website.url
C:\WINDOWS\system32\nvs2.inf
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))))))))
.
2007-12-27 02:56 . 2007-12-27 02:56 <REP> d-------- C:\VundoFix Backups
2007-12-27 02:37 . 2007-12-27 02:37 <REP> d-------- C:\Program Files\Spyware-Secure
2007-12-26 15:57 . 2007-12-26 15:57 <REP> d-------- C:\Documents and Settings\Joly\Application Data\Apple Computer
2007-12-25 00:53 . 2007-12-25 00:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 23:58 . 2007-12-24 23:58 <REP> d-------- C:\WINDOWS\report
2007-12-24 23:57 . 2007-12-24 23:44 40,242,225 --a------ C:\WINDOWS\LPT$VPN.905
2007-12-24 23:44 . 2007-12-24 23:44 <REP> d-------- C:\WINDOWS\AU_Backup
2007-12-24 23:44 . 2007-12-24 23:44 40,242,225 --a------ C:\WINDOWS\VPTNFILE.905
2007-12-24 23:44 . 2007-12-24 23:44 1,906,226 --a------ C:\WINDOWS\tsc.ptn
2007-12-24 23:44 . 2007-12-24 23:44 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-12-24 23:44 . 2007-12-24 23:44 267,845 --a------ C:\WINDOWS\tsc.exe
2007-12-24 23:44 . 2007-12-24 23:44 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-12-24 23:44 . 2007-12-24 23:44 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-12-24 23:44 . 2007-12-24 23:59 823 --a------ C:\WINDOWS\tsc.ini
2007-12-24 23:40 . 2007-12-24 23:44 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-24 23:40 . 2007-12-24 23:40 <REP> d-------- C:\WINDOWS\AU_Log
2007-12-24 23:40 . 2007-12-24 23:40 170 --a------ C:\WINDOWS\GetServer.ini
2007-12-24 23:39 . 2007-12-24 23:39 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-12-24 23:39 . 2007-12-24 23:39 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-12-24 23:39 . 2007-12-24 23:39 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-12-24 08:42 . 2007-12-24 08:42 15 --a------ C:\WINDOWS\system32\90c6198b
2007-12-23 11:39 . 2007-12-26 13:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-23 11:39 . 2007-12-23 11:39 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 20:39 . 2007-12-27 04:21 9,486 --ahs---- C:\WINDOWS\system32\vwwvw.ini
2007-12-20 20:39 . 2007-12-27 04:19 9,384 --ahs---- C:\WINDOWS\system32\vwwvw.ini2
2007-12-20 20:04 . 2007-12-23 01:26 314,624 --------- C:\WINDOWS\system32\wvwwv.dll
2007-12-20 19:58 . 2007-12-20 19:58 24,304 --a------ C:\WINDOWS\system32\mljgdaw.dll.vir
2007-12-20 19:56 . 2007-12-20 19:56 <REP> d-------- C:\WINDOWS\Sun
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 01:22 --------- d-----w C:\Program Files\Mindscape
2007-12-27 01:21 --------- d-----w C:\Program Files\eMule
2007-12-27 01:21 --------- d-----w C:\Program Files\Azureus
2007-12-26 19:05 --------- d-----w C:\Documents and Settings\Joly\Application Data\Azureus
2007-12-25 02:10 --------- d-----w C:\Program Files\Everest Poker
2007-12-24 22:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 07:22 --------- d-----w C:\Program Files\Google
2007-12-17 19:30 --------- d-----w C:\Program Files\Java
2007-11-25 23:38 --------- d-----w C:\Documents and Settings\Joly\Application Data\Nokia Multimedia Player
2007-11-25 20:55 --------- d-----w C:\Documents and Settings\Joly\Application Data\PC Suite
2007-11-25 20:52 --------- d-----w C:\Documents and Settings\Joly\Application Data\Nokia
2007-11-25 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-25 20:41 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2007-11-25 20:40 --------- d-----w C:\Program Files\Nokia
2007-11-25 20:40 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2007-11-25 20:39 --------- d-----w C:\Program Files\DIFX
2007-11-25 20:36 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-25 20:36 --------- d-----w C:\Program Files\7-Zip
2007-11-25 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-11-25 14:03 --------- d-----w C:\Program Files\Panda Security
2007-11-25 13:11 --------- d-----w C:\Documents and Settings\Joly\Application Data\DivX
2007-11-25 13:07 --------- d-----w C:\Program Files\DivX
2007-11-25 10:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-17 15:24 --------- d-----w C:\Program Files\QuickTime
2007-11-17 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-11 13:02 283,648 ----a-w C:\WINDOWS\uninst.exe
2007-11-11 10:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-08 16:12 --------- d-----w C:\Program Files\IncrediMail
2007-11-04 10:05 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-03 18:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-03 17:54 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ADA475-622F-45F7-A4DA-22D688460D19}]
2007-12-23 01:26 314624 --------- C:\WINDOWS\system32\wvwwv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-08-05 14:01]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-20 23:38]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" []
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 14:53]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [2004-04-28 13:02]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-19 01:18]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-12 19:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\wvwwv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Docteur Club Internet.lnk
backup=C:\WINDOWS\pss\Docteur Club Internet.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
C:\WINDOWS\Temp\RecoverFromReboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 --a------ C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Workflow]
D:\install\Workflow.exe
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 09:42]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-04-21 12:33]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2005-01-27 21:24]
S3 W8335XP;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys [2004-12-24 07:43]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 04:20:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\wvwwv.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\wvwwv.dll
.
Completion time: 2007-12-27 4:22:28 - machine was rebooted
A voir également:
- Vundo Ge impossible à enlever.. aidez moi svp
- Enlever pub youtube - Accueil - Streaming
- Comment enlever une page sur word - Guide
- Enlever mode sécurisé samsung - Guide
- Enlever mot de passe windows 10 - Guide
- Enlever liste déroulante excel - Guide
30 réponses
J'ai ajouté les 2 fichiers dans vundofix puis remove.
L'outil demande effectivement un redémarrage puis rien, pas de rapport.
Faut il que je refasse un vundofix pour le rapport?
L'outil demande effectivement un redémarrage puis rien, pas de rapport.
Faut il que je refasse un vundofix pour le rapport?
C'est tout ce que j'ai trouvé:
Beginning removal...
Performing Repairs to the registry.
Done!
VundoFix V6.7.7
Checking Java version...
Scan started at 16:42:34 01/01/2008
Listing files found while scanning....
Connais tu azureus?
Quand je le lance pour télécharger des torrents au bout de qques min j'ai un reboot de la machine.
Pense tu que le virus est en cause?
Beginning removal...
Performing Repairs to the registry.
Done!
VundoFix V6.7.7
Checking Java version...
Scan started at 16:42:34 01/01/2008
Listing files found while scanning....
Connais tu azureus?
Quand je le lance pour télécharger des torrents au bout de qques min j'ai un reboot de la machine.
Pense tu que le virus est en cause?
non car je ne fait pas de peer to peer
attention justement à ce genre de pratique
un moyen très sur pour ce faire infecter ;-)
refais pour voir combofix
attention justement à ce genre de pratique
un moyen très sur pour ce faire infecter ;-)
refais pour voir combofix
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Exact mais je pensais antivir capable de me protéger.
Voici tout d'abord un rapport de mon antivirus qui a retrouvé vundo dans un autre répertoire apparement détruit.
Je fais un combofix ensuite..
AntiVir PersonalEdition Classic
Report file date: mardi 1 janvier 2008 17:26
Scanning for 996949 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: JOLY-76DB3399B9
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 06/09/2007 20:43:47
AVSCAN.DLL : 7.0.6.0 49192 Bytes 06/09/2007 20:43:47
LUKE.DLL : 7.0.5.3 147496 Bytes 06/09/2007 20:43:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 06/09/2007 20:43:48
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 22:09:57
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 07:39:22
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 16:31:05
ANTIVIR3.VDF : 7.0.1.181 36352 Bytes 31/12/2007 16:31:06
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 20/12/2007 19:39:19
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 06/09/2007 20:43:47
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 20/12/2007 19:39:21
AVREG.DLL : 7.0.1.6 30760 Bytes 06/09/2007 20:43:47
AVARKT.DLL : 1.0.0.20 278568 Bytes 06/09/2007 20:43:42
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 06/09/2007 20:43:43
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 06/09/2007 20:43:33
RCTEXT.DLL : 7.0.62.0 86056 Bytes 06/09/2007 20:43:33
SQLITE3.DLL : 3.3.17.1 339968 Bytes 06/09/2007 20:43:48
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 1 janvier 2008 17:26
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'RtWLan.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'RtlWake.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'Reader_SL.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'SetIcon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '23' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{1B69B5DB-44A6-4E35-B458-780579A32FC9}\RP231\A0095214.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
End of the scan: mardi 1 janvier 2008 23:43
Used time: 6:16:29 min
The scan has been done completely.
3716 Scanning directories
249132 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
249131 Files not concerned
1983 Archives were scanned
2 Warnings
3 Notes
Voici tout d'abord un rapport de mon antivirus qui a retrouvé vundo dans un autre répertoire apparement détruit.
Je fais un combofix ensuite..
AntiVir PersonalEdition Classic
Report file date: mardi 1 janvier 2008 17:26
Scanning for 996949 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: JOLY-76DB3399B9
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 06/09/2007 20:43:47
AVSCAN.DLL : 7.0.6.0 49192 Bytes 06/09/2007 20:43:47
LUKE.DLL : 7.0.5.3 147496 Bytes 06/09/2007 20:43:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 06/09/2007 20:43:48
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 22:09:57
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 07:39:22
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 16:31:05
ANTIVIR3.VDF : 7.0.1.181 36352 Bytes 31/12/2007 16:31:06
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 20/12/2007 19:39:19
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 06/09/2007 20:43:47
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 20/12/2007 19:39:21
AVREG.DLL : 7.0.1.6 30760 Bytes 06/09/2007 20:43:47
AVARKT.DLL : 1.0.0.20 278568 Bytes 06/09/2007 20:43:42
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 06/09/2007 20:43:43
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 06/09/2007 20:43:33
RCTEXT.DLL : 7.0.62.0 86056 Bytes 06/09/2007 20:43:33
SQLITE3.DLL : 3.3.17.1 339968 Bytes 06/09/2007 20:43:48
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 1 janvier 2008 17:26
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'RtWLan.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'RtlWake.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'Reader_SL.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'SetIcon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '23' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{1B69B5DB-44A6-4E35-B458-780579A32FC9}\RP231\A0095214.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
End of the scan: mardi 1 janvier 2008 23:43
Used time: 6:16:29 min
The scan has been done completely.
3716 Scanning directories
249132 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
249131 Files not concerned
1983 Archives were scanned
2 Warnings
3 Notes
J'ai tjs ce TR/Inject.PH qui apparait dans un fichier temp que je détruit mais qui reviens.
ComboFix 07-12-21.4 - Joly 2008-01-01 23:47:17.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.406 [GMT 1:00]
Running from: C:\Documents and Settings\Joly\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))))))))
.
2007-12-30 14:56 . 2007-12-31 01:51 <REP> d-------- C:\Program Files\Trend Micro
2007-12-27 02:56 . 2008-01-01 16:42 <REP> d-------- C:\VundoFix Backups
2007-12-27 02:37 . 2007-12-27 02:37 <REP> d-------- C:\Program Files\Spyware-Secure
2007-12-26 15:57 . 2007-12-26 15:57 <REP> d-------- C:\Documents and Settings\Joly\Application Data\Apple Computer
2007-12-25 00:53 . 2007-12-25 00:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 23:58 . 2007-12-24 23:58 <REP> d-------- C:\WINDOWS\report
2007-12-24 23:57 . 2007-12-24 23:44 40,242,225 --a------ C:\WINDOWS\LPT$VPN.905
2007-12-24 23:44 . 2007-12-24 23:44 <REP> d-------- C:\WINDOWS\AU_Backup
2007-12-24 23:44 . 2007-12-24 23:44 40,242,225 --a------ C:\WINDOWS\VPTNFILE.905
2007-12-24 23:44 . 2007-12-24 23:44 1,906,226 --a------ C:\WINDOWS\tsc.ptn
2007-12-24 23:44 . 2007-12-24 23:44 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-12-24 23:44 . 2007-12-24 23:44 267,845 --a------ C:\WINDOWS\tsc.exe
2007-12-24 23:44 . 2007-12-24 23:44 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-12-24 23:44 . 2007-12-24 23:44 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-12-24 23:44 . 2007-12-24 23:59 823 --a------ C:\WINDOWS\tsc.ini
2007-12-24 23:40 . 2007-12-24 23:44 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-24 23:40 . 2007-12-24 23:40 <REP> d-------- C:\WINDOWS\AU_Log
2007-12-24 23:40 . 2007-12-24 23:40 170 --a------ C:\WINDOWS\GetServer.ini
2007-12-24 23:39 . 2007-12-24 23:39 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-12-24 23:39 . 2007-12-24 23:39 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-12-24 23:39 . 2007-12-24 23:39 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-12-24 08:42 . 2007-12-24 08:42 15 --a------ C:\WINDOWS\system32\90c6198b
2007-12-23 11:39 . 2008-01-01 15:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-23 11:39 . 2007-12-23 11:39 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 19:56 . 2007-12-20 19:56 <REP> d-------- C:\WINDOWS\Sun
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 16:23 --------- d-----w C:\Documents and Settings\Joly\Application Data\Azureus
2007-12-31 01:00 --------- d-----w C:\Program Files\Everest Poker
2007-12-30 21:28 --------- d-----w C:\Program Files\eMule
2007-12-30 13:42 --------- d-----w C:\Program Files\Azureus
2007-12-27 01:22 --------- d-----w C:\Program Files\Mindscape
2007-12-24 22:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 07:22 --------- d-----w C:\Program Files\Google
2007-12-17 19:30 --------- d-----w C:\Program Files\Java
2007-11-25 23:38 --------- d-----w C:\Documents and Settings\Joly\Application Data\Nokia Multimedia Player
2007-11-25 20:55 --------- d-----w C:\Documents and Settings\Joly\Application Data\PC Suite
2007-11-25 20:52 --------- d-----w C:\Documents and Settings\Joly\Application Data\Nokia
2007-11-25 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-25 20:41 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2007-11-25 20:40 --------- d-----w C:\Program Files\Nokia
2007-11-25 20:40 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2007-11-25 20:39 --------- d-----w C:\Program Files\DIFX
2007-11-25 20:36 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-25 20:36 --------- d-----w C:\Program Files\7-Zip
2007-11-25 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-11-25 14:03 --------- d-----w C:\Program Files\Panda Security
2007-11-25 13:11 --------- d-----w C:\Documents and Settings\Joly\Application Data\DivX
2007-11-25 13:07 --------- d-----w C:\Program Files\DivX
2007-11-25 10:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-17 15:24 --------- d-----w C:\Program Files\QuickTime
2007-11-17 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-11 13:02 283,648 ----a-w C:\WINDOWS\uninst.exe
2007-11-11 10:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-08 16:12 --------- d-----w C:\Program Files\IncrediMail
2007-11-03 18:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-03 17:54 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-08-05 14:01]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-20 23:38]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 14:53]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [2004-04-28 13:02]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-19 01:18]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-12 19:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Docteur Club Internet.lnk
backup=C:\WINDOWS\pss\Docteur Club Internet.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
C:\WINDOWS\Temp\RecoverFromReboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 --a------ C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Workflow]
D:\install\Workflow.exe
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 09:42]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-04-21 12:33]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2005-01-27 21:24]
S3 W8335XP;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys [2004-12-24 07:43]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 23:52:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-01 23:54:10 - machine was rebooted
ComboFix 07-12-21.4 - Joly 2008-01-01 23:47:17.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.406 [GMT 1:00]
Running from: C:\Documents and Settings\Joly\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))))))))
.
2007-12-30 14:56 . 2007-12-31 01:51 <REP> d-------- C:\Program Files\Trend Micro
2007-12-27 02:56 . 2008-01-01 16:42 <REP> d-------- C:\VundoFix Backups
2007-12-27 02:37 . 2007-12-27 02:37 <REP> d-------- C:\Program Files\Spyware-Secure
2007-12-26 15:57 . 2007-12-26 15:57 <REP> d-------- C:\Documents and Settings\Joly\Application Data\Apple Computer
2007-12-25 00:53 . 2007-12-25 00:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 23:58 . 2007-12-24 23:58 <REP> d-------- C:\WINDOWS\report
2007-12-24 23:57 . 2007-12-24 23:44 40,242,225 --a------ C:\WINDOWS\LPT$VPN.905
2007-12-24 23:44 . 2007-12-24 23:44 <REP> d-------- C:\WINDOWS\AU_Backup
2007-12-24 23:44 . 2007-12-24 23:44 40,242,225 --a------ C:\WINDOWS\VPTNFILE.905
2007-12-24 23:44 . 2007-12-24 23:44 1,906,226 --a------ C:\WINDOWS\tsc.ptn
2007-12-24 23:44 . 2007-12-24 23:44 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-12-24 23:44 . 2007-12-24 23:44 267,845 --a------ C:\WINDOWS\tsc.exe
2007-12-24 23:44 . 2007-12-24 23:44 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-12-24 23:44 . 2007-12-24 23:44 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-12-24 23:44 . 2007-12-24 23:59 823 --a------ C:\WINDOWS\tsc.ini
2007-12-24 23:40 . 2007-12-24 23:44 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-24 23:40 . 2007-12-24 23:40 <REP> d-------- C:\WINDOWS\AU_Log
2007-12-24 23:40 . 2007-12-24 23:40 170 --a------ C:\WINDOWS\GetServer.ini
2007-12-24 23:39 . 2007-12-24 23:39 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-12-24 23:39 . 2007-12-24 23:39 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-12-24 23:39 . 2007-12-24 23:39 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-12-24 08:42 . 2007-12-24 08:42 15 --a------ C:\WINDOWS\system32\90c6198b
2007-12-23 11:39 . 2008-01-01 15:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-23 11:39 . 2007-12-23 11:39 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 19:56 . 2007-12-20 19:56 <REP> d-------- C:\WINDOWS\Sun
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 16:23 --------- d-----w C:\Documents and Settings\Joly\Application Data\Azureus
2007-12-31 01:00 --------- d-----w C:\Program Files\Everest Poker
2007-12-30 21:28 --------- d-----w C:\Program Files\eMule
2007-12-30 13:42 --------- d-----w C:\Program Files\Azureus
2007-12-27 01:22 --------- d-----w C:\Program Files\Mindscape
2007-12-24 22:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 07:22 --------- d-----w C:\Program Files\Google
2007-12-17 19:30 --------- d-----w C:\Program Files\Java
2007-11-25 23:38 --------- d-----w C:\Documents and Settings\Joly\Application Data\Nokia Multimedia Player
2007-11-25 20:55 --------- d-----w C:\Documents and Settings\Joly\Application Data\PC Suite
2007-11-25 20:52 --------- d-----w C:\Documents and Settings\Joly\Application Data\Nokia
2007-11-25 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-25 20:41 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2007-11-25 20:40 --------- d-----w C:\Program Files\Nokia
2007-11-25 20:40 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2007-11-25 20:39 --------- d-----w C:\Program Files\DIFX
2007-11-25 20:36 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-25 20:36 --------- d-----w C:\Program Files\7-Zip
2007-11-25 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-11-25 14:03 --------- d-----w C:\Program Files\Panda Security
2007-11-25 13:11 --------- d-----w C:\Documents and Settings\Joly\Application Data\DivX
2007-11-25 13:07 --------- d-----w C:\Program Files\DivX
2007-11-25 10:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-17 15:24 --------- d-----w C:\Program Files\QuickTime
2007-11-17 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-11 13:02 283,648 ----a-w C:\WINDOWS\uninst.exe
2007-11-11 10:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-08 16:12 --------- d-----w C:\Program Files\IncrediMail
2007-11-03 18:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-03 17:54 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-08-05 14:01]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-20 23:38]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 14:53]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [2004-04-28 13:02]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-19 01:18]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-12 19:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Docteur Club Internet.lnk
backup=C:\WINDOWS\pss\Docteur Club Internet.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
C:\WINDOWS\Temp\RecoverFromReboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 --a------ C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Workflow]
D:\install\Workflow.exe
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 09:42]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-04-21 12:33]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2005-01-27 21:24]
S3 W8335XP;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys [2004-12-24 07:43]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 23:52:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-01 23:54:10 - machine was rebooted
C:\System Volume Information\_restore{1B69B5DB-44A6-4E35-B458-780579A32FC9}\RP231\A0095214.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
voici ce que dit ton dernier rapport
le dossier à était supprimer
fait ceci
=> démarrer
=> Exécuter
=> tape %temp%
=> vide le contenu
si il ne veux pas vider à faire en mode sans échec
ensuite va dans c:/windows/temp et vide son contenu
ensuite va dans c:/windiows/prefecth et vide son contenu
ensuite refais un scan avec ton antivirus en mode sans échec
@+
Impossible de lire le contenu de tape% temp% et donc de le vider même en mode sans echec.
J'ai ensuite vidé les 2 dossiers windows.
Voici le rapport de antivir en mode sans echec.
AntiVir PersonalEdition Classic
Report file date: mercredi 2 janvier 2008 14:16
Scanning for 996949 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Joly
Computer name: JOLY-76DB3399B9
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 06/09/2007 20:43:47
AVSCAN.DLL : 7.0.6.0 49192 Bytes 06/09/2007 20:43:47
LUKE.DLL : 7.0.5.3 147496 Bytes 06/09/2007 20:43:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 06/09/2007 20:43:48
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 22:09:57
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 07:39:22
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 16:31:05
ANTIVIR3.VDF : 7.0.1.181 36352 Bytes 31/12/2007 16:31:06
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 20/12/2007 19:39:19
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 06/09/2007 20:43:47
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 20/12/2007 19:39:21
AVREG.DLL : 7.0.1.6 30760 Bytes 06/09/2007 20:43:47
AVARKT.DLL : 1.0.0.20 278568 Bytes 06/09/2007 20:43:42
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 06/09/2007 20:43:43
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 06/09/2007 20:43:33
RCTEXT.DLL : 7.0.62.0 86056 Bytes 06/09/2007 20:43:33
SQLITE3.DLL : 3.3.17.1 339968 Bytes 06/09/2007 20:43:48
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 2 janvier 2008 14:16
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '27' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Joly\Local Settings\Temporary Internet Files\Content.IE5\WPQVWXQZ\club-internet[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[INFO] The file was moved to '47f091d8.qua'!
End of the scan: mercredi 2 janvier 2008 15:00
Used time: 44:12 min
The scan has been done completely.
3724 Scanning directories
246448 Files were scanned
0 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
246448 Files not concerned
2030 Archives were scanned
1 Warnings
3 Notes
J'ai ensuite vidé les 2 dossiers windows.
Voici le rapport de antivir en mode sans echec.
AntiVir PersonalEdition Classic
Report file date: mercredi 2 janvier 2008 14:16
Scanning for 996949 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Joly
Computer name: JOLY-76DB3399B9
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 06/09/2007 20:43:47
AVSCAN.DLL : 7.0.6.0 49192 Bytes 06/09/2007 20:43:47
LUKE.DLL : 7.0.5.3 147496 Bytes 06/09/2007 20:43:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 06/09/2007 20:43:48
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 22:09:57
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 07:39:22
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 16:31:05
ANTIVIR3.VDF : 7.0.1.181 36352 Bytes 31/12/2007 16:31:06
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 20/12/2007 19:39:19
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 06/09/2007 20:43:47
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 20/12/2007 19:39:21
AVREG.DLL : 7.0.1.6 30760 Bytes 06/09/2007 20:43:47
AVARKT.DLL : 1.0.0.20 278568 Bytes 06/09/2007 20:43:42
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 06/09/2007 20:43:43
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 06/09/2007 20:43:33
RCTEXT.DLL : 7.0.62.0 86056 Bytes 06/09/2007 20:43:33
SQLITE3.DLL : 3.3.17.1 339968 Bytes 06/09/2007 20:43:48
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 2 janvier 2008 14:16
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '27' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Joly\Local Settings\Temporary Internet Files\Content.IE5\WPQVWXQZ\club-internet[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[INFO] The file was moved to '47f091d8.qua'!
End of the scan: mercredi 2 janvier 2008 15:00
Used time: 44:12 min
The scan has been done completely.
3724 Scanning directories
246448 Files were scanned
0 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
246448 Files not concerned
2030 Archives were scanned
1 Warnings
3 Notes
Bonsoir docjol,
fait ceci
=> poste de travail
=> c:
=> documents and setting
=> clic sur le non d'utilisateur
=> ensuite tu fait outils
=> options des dossiers cachés
=> affichage
=> et tu coche afficher les dossiers cachés
=> ouvre local setting
=> fichier temp et vide son contenu
si il ne veut pas se vider essaye en mode sans échec
si il ne toujours pas essaye ceci http://www.atribune.org/ccount/click.php?id=1
tu coche tout et tu clic sur empty selected
@+
fait ceci
=> poste de travail
=> c:
=> documents and setting
=> clic sur le non d'utilisateur
=> ensuite tu fait outils
=> options des dossiers cachés
=> affichage
=> et tu coche afficher les dossiers cachés
=> ouvre local setting
=> fichier temp et vide son contenu
si il ne veut pas se vider essaye en mode sans échec
si il ne toujours pas essaye ceci http://www.atribune.org/ccount/click.php?id=1
tu coche tout et tu clic sur empty selected
@+