Win32:tratHBO à l'aide!!!

v1n3ss0 Messages postés 71 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
Je suis infecté par ce trojan très ennuyeux car difficile a supprimer. J'ai pu constater que je ne suis pas le seul dans ce cas, le trojan a l'air d'etre a la mode en ce moment. De ce que j'ai vu pour les autres utilisateurs infectés la marche a suivre est spécifique à chaque cas donc je me permet de créer un topic pour ma pomme. Alors voila j'ai pour antivirus avira Antivir PE. J'ai télécharger hijackthis et je poste le rapport dans ce message pour gagner du temps. Merci beaucoup d'avance de me venir en aide car c'est vraiment dur de déchiffrer ces rapports pour les novices comme moi.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:38, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\mllji.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3F1CE1D3-7143-4BB1-80A3-0190A52CDF48} - C:\WINDOWS\system32\xxywtur.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {D82B18D2-FB7A-4828-BB60-EDF46F7A9431} - C:\WINDOWS\system32\mllji.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F38CEF60-147C-405C-BB01-039502DBAB69} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S65.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKCU\..\Policies\Explorer\Run: [System Patcher] BTCPatcher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O20 - Winlogon Notify: xxywtur - C:\WINDOWS\SYSTEM32\xxywtur.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6775 bytes
Configuration: Windows XP
Firefox 2.0.0.11

7 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut v1n3ss0.

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    @+
    0
  2. v1n3ss0 Messages postés 71 Statut Membre 10
     
    Voici le rapport combofix. Merci beaucoup pour ton aide!!

    ComboFix 08-01-23.1C - Wesh ! 2008-01-25 19:52:10.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.59 [GMT 1:00]
    Endroit: C:\Documents and Settings\Wesh !\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\ctfmon.exe.tmp
    C:\WINDOWS\system32\ijllm.ini
    C:\WINDOWS\system32\ijllm.ini2
    C:\WINDOWS\system32\ppqss.ini
    C:\WINDOWS\system32\ppqss.ini2
    C:\WINDOWS\system32\RCX25.tmp

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-25 19:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-24 16:36 . 2008-01-24 16:36 331,776 --a------ C:\WINDOWS\system32\ssqpp.VIR
    2008-01-22 13:36 . 2007-01-23 19:02 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2008-01-21 22:15 . 2008-01-21 22:15 <REP> d-------- C:\Program Files\Avira
    2008-01-21 21:43 . 2008-01-21 21:43 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-21 21:26 . 2008-01-21 21:26 334,848 --a------ C:\WINDOWS\system32\mllji.VIR
    2008-01-21 20:43 . 2008-01-21 20:44 <REP> d-------- C:\Program Files\Panda Security
    2008-01-13 00:20 . 2008-01-13 00:20 39,936 --------- C:\WINDOWS\system32\xxywtur.dll
    2008-01-12 20:21 . 2008-01-22 21:45 39,936 --a------ C:\WINDOWS\system32\NTSpool.exe
    2008-01-12 20:21 . 2008-01-12 20:24 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-01-09 11:47 . 2008-01-24 14:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-09 11:47 . 2008-01-09 11:47 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-04 00:04 . 2008-01-04 00:04 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-01-02 21:27 . 2008-01-03 01:09 <REP> d-------- C:\Program Files\Free Easy Burner
    2008-01-02 21:27 . 2000-11-29 00:07 307,200 --a------ C:\WINDOWS\system32\msvcr70.dll
    2008-01-02 21:27 . 2006-11-18 10:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx
    2008-01-02 21:27 . 1998-07-12 21:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
    2008-01-02 21:27 . 1999-03-25 17:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
    2008-01-02 21:27 . 2003-04-18 14:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
    2008-01-02 21:27 . 2003-04-18 14:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2008-01-02 21:27 . 1998-07-13 16:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
    2008-01-02 21:27 . 2003-01-26 11:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
    2008-01-02 21:27 . 1998-07-12 17:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
    2008-01-02 21:27 . 1998-07-12 21:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
    2008-01-02 20:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-02 20:46 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-01-02 20:46 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-01-02 20:46 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2007-12-28 18:14 . 2007-12-28 18:14 <REP> d-------- C:\Program Files\On2 Technologies
    2007-12-28 18:14 . 2004-08-30 13:25 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
    2007-12-28 18:14 . 2004-08-30 13:23 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
    2007-12-28 18:14 . 2004-08-30 13:26 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
    2007-12-28 18:11 . 2007-12-28 18:11 <REP> d-------- C:\Program Files\Matroska Pack
    2007-12-28 18:10 . 2007-12-28 18:10 <REP> d-------- C:\Program Files\XviD
    2007-12-28 18:10 . 2007-12-28 18:10 <REP> d-------- C:\Program Files\x264
    2007-12-28 18:10 . 2007-12-28 18:10 421,394 --a------ C:\WINDOWS\system32\x264vfw.dll
    2007-12-28 18:09 . 2008-01-02 21:43 10,022 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2007-12-28 18:09 . 2008-01-02 21:43 56 -r-hs---- C:\WINDOWS\system32\E5DFE12874.sys
    2007-12-28 18:08 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
    2007-12-28 18:06 . 2007-12-28 18:06 <REP> d-------- C:\Program Files\Ripp-It Codec Pack
    2007-12-28 18:00 . 2007-12-28 18:00 <REP> d-------- C:\Program Files\AviSynth 2.5
    2007-12-28 17:59 . 2008-01-02 22:55 <REP> d-------- C:\Program Files\Ripp-it_AM

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-25 18:56 --------- d-----w C:\Program Files\iTunes
    2008-01-25 18:56 --------- d-----w C:\Program Files\DAEMON Tools
    2008-01-25 16:22 --------- d-----w C:\Program Files\Webtarot
    2008-01-24 19:08 --------- d-----w C:\Program Files\MSN Messenger
    2008-01-22 13:13 --------- d-----w C:\Program Files\QuickTime
    2008-01-21 18:50 --------- d-----w C:\Program Files\eMule
    2007-12-28 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-28 17:09 --------- d-----w C:\Program Files\DivX
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    .
    [code]<pre>
    ----a-w 39,792 2008-01-23 18:02:15 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    ----a-w 249,896 2008-01-23 18:02:20 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
    ----a-w 171,464 2008-01-23 18:02:47 C:\Program Files\DAEMON Tools\daemon .exe
    ----a-w 185,632 2008-01-23 18:02:12 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
    ----a-w 68,856 2008-01-23 18:02:30 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    ----a-w 267,064 2008-01-23 18:02:15 C:\Program Files\iTunes\iTunesHelper .exe
    ----a-w 132,496 2008-01-23 18:02:17 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    ----a-w 1,694,208 2008-01-24 10:18:02 C:\Program Files\Messenger\msmsgs .exe
    ----a-w 5,674,352 2008-01-23 01:42:57 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    ----a-w 15,360 2007-01-23 18:02:25 C:\WINDOWS\system32\ctfmon .exe
    ----a-w 131,072 2008-01-23 18:02:11 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBEE .EXE
    </pre>[/code]

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F1CE1D3-7143-4BB1-80A3-0190A52CDF48}]
    2008-01-13 00:20 39936 --------- C:\WINDOWS\system32\xxywtur.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D82B18D2-FB7A-4828-BB60-EDF46F7A9431}]
    C:\WINDOWS\system32\mllji.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F38CEF60-147C-405C-BB01-039502DBAB69}]
    C:\WINDOWS\system32\ssqpp.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-23 22:15 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]

    C:\Documents and Settings\Wesh !\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
    "NTSpool"= NTSpool.exe
    "System Patcher"= BTCPatcher.exe

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{3F1CE1D3-7143-4BB1-80A3-0190A52CDF48}"= C:\WINDOWS\system32\xxywtur.dll [2008-01-13 00:20 39936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywtur]
    xxywtur.dll 2008-01-13 00:20 39936 C:\WINDOWS\system32\xxywtur.dll

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-20 10:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-25 19:58:55
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-01-25 20:03:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-25 19:02:51
    .
    2008-01-22 12:54:29 --- E O F ---
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    par feu : kerio

    http://www.malekal.com/kerio_firewall.php#mozTocId721480

    https://www.vulgarisation-informatique.com/kerio.php

    https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

    ou zone alarm plus facil a configurer mais moins performant

    http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\xxywtur.dll
    C:\WINDOWS\system32\mllji.dll
    C:\WINDOWS\system32\ssqpp.dll
    C:\WINDOWS\system32\mllji.VIR
    C:\WINDOWS\system32\NTSpool.exe
    C:\WINDOWS\system32\rar.exe
    C:\WINDOWS\system32\ssqpp.VIR
    C:\WINDOWS\system32\BTCPatcher.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F1CE1D3-7143-4BB1-80A3-0190A52CDF48}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D82B18D2-FB7A-4828-BB60-EDF46F7A9431}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F38CEF60-147C-405C-BB01-039502DBAB69}]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
    "NTSpool"=-
    "System Patcher"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{3F1CE1D3-7143-4BB1-80A3-0190A52CDF48}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywtur]

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
  4. v1n3ss0 Messages postés 71 Statut Membre 10
     
    Le nouveau rapport Combofix

    ComboFix 08-01-23.1C - Wesh ! 2008-01-25 20:46:13.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.74 [GMT 1:00]
    Endroit: C:\Documents and Settings\Wesh !\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Wesh !\Mes documents\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE
    C:\WINDOWS\system32\BTCPatcher.exe
    C:\WINDOWS\system32\mllji.dll
    C:\WINDOWS\system32\mllji.VIR
    C:\WINDOWS\system32\NTSpool.exe
    C:\WINDOWS\system32\rar.exe
    C:\WINDOWS\system32\ssqpp.dll
    C:\WINDOWS\system32\ssqpp.VIR
    C:\WINDOWS\system32\xxywtur.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\mllji.VIR
    C:\WINDOWS\system32\NTSpool.exe
    C:\WINDOWS\system32\rar.exe
    C:\WINDOWS\system32\ssqpp.VIR
    C:\WINDOWS\system32\xxywtur.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-25 20:27 . 2008-01-25 20:27 <REP> d-------- C:\Program Files\Kerio
    2008-01-25 19:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-22 13:36 . 2007-01-23 19:02 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2008-01-21 22:15 . 2008-01-21 22:15 <REP> d-------- C:\Program Files\Avira
    2008-01-21 21:43 . 2008-01-21 21:43 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-21 20:43 . 2008-01-21 20:44 <REP> d-------- C:\Program Files\Panda Security
    2008-01-09 11:47 . 2008-01-24 14:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-09 11:47 . 2008-01-09 11:47 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-04 00:04 . 2008-01-04 00:04 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-01-02 21:27 . 2008-01-03 01:09 <REP> d-------- C:\Program Files\Free Easy Burner
    2008-01-02 21:27 . 2000-11-29 00:07 307,200 --a------ C:\WINDOWS\system32\msvcr70.dll
    2008-01-02 21:27 . 2006-11-18 10:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx
    2008-01-02 21:27 . 1998-07-12 21:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
    2008-01-02 21:27 . 1999-03-25 17:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
    2008-01-02 21:27 . 2003-04-18 14:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
    2008-01-02 21:27 . 2003-04-18 14:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2008-01-02 21:27 . 1998-07-13 16:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
    2008-01-02 21:27 . 2003-01-26 11:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
    2008-01-02 21:27 . 1998-07-12 17:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
    2008-01-02 21:27 . 1998-07-12 21:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
    2008-01-02 20:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-02 20:46 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-01-02 20:46 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-01-02 20:46 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2007-12-28 18:14 . 2007-12-28 18:14 <REP> d-------- C:\Program Files\On2 Technologies
    2007-12-28 18:14 . 2004-08-30 13:25 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
    2007-12-28 18:14 . 2004-08-30 13:23 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
    2007-12-28 18:14 . 2004-08-30 13:26 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
    2007-12-28 18:11 . 2007-12-28 18:11 <REP> d-------- C:\Program Files\Matroska Pack
    2007-12-28 18:10 . 2007-12-28 18:10 <REP> d-------- C:\Program Files\XviD
    2007-12-28 18:10 . 2007-12-28 18:10 <REP> d-------- C:\Program Files\x264
    2007-12-28 18:10 . 2007-12-28 18:10 421,394 --a------ C:\WINDOWS\system32\x264vfw.dll
    2007-12-28 18:09 . 2008-01-02 21:43 10,022 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2007-12-28 18:09 . 2008-01-02 21:43 56 -r-hs---- C:\WINDOWS\system32\E5DFE12874.sys
    2007-12-28 18:08 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
    2007-12-28 18:06 . 2007-12-28 18:06 <REP> d-------- C:\Program Files\Ripp-It Codec Pack
    2007-12-28 18:00 . 2007-12-28 18:00 <REP> d-------- C:\Program Files\AviSynth 2.5
    2007-12-28 17:59 . 2008-01-02 22:55 <REP> d-------- C:\Program Files\Ripp-it_AM

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-25 18:56 --------- d-----w C:\Program Files\iTunes
    2008-01-25 18:56 --------- d-----w C:\Program Files\DAEMON Tools
    2008-01-25 16:22 --------- d-----w C:\Program Files\Webtarot
    2008-01-24 19:08 --------- d-----w C:\Program Files\MSN Messenger
    2008-01-22 13:13 --------- d-----w C:\Program Files\QuickTime
    2008-01-21 18:50 --------- d-----w C:\Program Files\eMule
    2007-12-28 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-28 17:09 --------- d-----w C:\Program Files\DivX
    .
    [code]<pre>
    ----a-w 39,792 2008-01-23 18:02:15 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    ----a-w 249,896 2008-01-23 18:02:20 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
    ----a-w 171,464 2008-01-23 18:02:47 C:\Program Files\DAEMON Tools\daemon .exe
    ----a-w 185,632 2008-01-23 18:02:12 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
    ----a-w 68,856 2008-01-23 18:02:30 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    ----a-w 267,064 2008-01-23 18:02:15 C:\Program Files\iTunes\iTunesHelper .exe
    ----a-w 132,496 2008-01-23 18:02:17 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    ----a-w 1,694,208 2008-01-24 10:18:02 C:\Program Files\Messenger\msmsgs .exe
    ----a-w 5,674,352 2008-01-23 01:42:57 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    ----a-w 15,360 2007-01-23 18:02:25 C:\WINDOWS\system32\ctfmon .exe
    ----a-w 131,072 2008-01-23 18:02:11 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBEE .EXE
    </pre>[/code]

    ((((((((((((((((((((((((((((( snapshot@2008-01-25_20.02.21.37 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-25 18:50:31 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-01-25 19:45:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    - 2008-01-25 18:50:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-01-25 19:45:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    - 2008-01-25 18:50:31 3,256,320 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    + 2008-01-25 19:45:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    - 2008-01-25 18:50:32 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    + 2008-01-25 19:45:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    - 2008-01-25 18:50:32 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
    + 2008-01-25 19:45:43 3,268,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
    - 2008-01-25 18:50:32 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    + 2008-01-25 19:45:43 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    + 2004-04-15 10:02:56 147,456 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-23 22:15 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]

    C:\Documents and Settings\Wesh !\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-04-15 11:02]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-20 10:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-25 21:03:49
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-01-25 21:08:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-25 20:08:12
    ComboFix2.txt 2008-01-25 19:03:00
    .
    2008-01-22 12:54:29 --- E O F ---

    Le rapport HJT

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:10:12, on 25/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    c´est beaucoup mieux, avira a du se calmer non ?

    maintenant :

    tu surf avec internet explorer 6.0 = failles de securitées importantes

    alors fais les mises a jour windows : tu veux la version 7.0

    et pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

    http://www.firefox.fr/

    ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

    et instale la derniere :

    https://get2.adobe.com/reader/otherversions/

    ou foxit plus léger :

    https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

    anti spyware :

    spywareblaster :

    http://www.brightfort.com/spywareblaster.html

    c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

    tuto : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/question-spywareblaser-sujet_174747_1.htm

    telecharge aussi cet anti spyware il a aussi un resident le teatimer :

    spybot :

    http://www.commentcamarche.net/telecharger/telecharger 122 spybot

    http://www.safer-networking.org/fr/faq/33.html

    spyware gard :

    https://www.zebulon.fr/dossiers/securite/47-spywareguard.html

    tous les trois sont complementaires, alors si tu veux; tu peux tous les installer...

    puis j´amerais que tu fasse un scan complet de ta machine avec antivir

    avec les réglages suivant :

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    post le rapport d´antivir stp

    @+
    0
  7. v1n3ss0 Messages postés 71 Statut Membre 10
     
    Voila le rapport d'antivir . Apparemment y a encore pas mal de choses à nettoyer. attend instructions... Bonne nuit

    AntiVir PersonalEdition Classic
    Report file date: vendredi 25 janvier 2008 21:45

    Scanning for 1067417 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: WESH-39DA78910D

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 21:19:56
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:19:57
    ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 21:19:57
    ANTIVIR3.VDF : 7.0.2.43 376832 Bytes 24/01/2008 21:15:13
    AVEWIN32.DLL : 7.6.0.53 3211776 Bytes 24/01/2008 21:15:13
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 21/01/2008 21:19:57
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high

    Start of the scan: vendredi 25 janvier 2008 21:45

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.bin' - '1' Module(s) have been scanned
    Scan process 'soffice.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    36 processes with 36 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '17' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Program Files\QuickTime\qttask.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '480e59d5.qua'!
    C:\QooBox\Quarantine\catchme2008-01-25_210323.31.zip
    [0] Archive type: ZIP
    --> xxywtur.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '480e5dff.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '48005e18.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\mllji.VIR.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '48065e13.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\RCX25.tmp.vir
    [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
    [INFO] The file was moved to '47f25dec.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\ssqpp.VIR.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '480b5e1e.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\xxywtur.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '48135e26.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP115\A0009646.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47ca5e0d.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP117\A0009692.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e0f.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP122\A0009927.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e16.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010031.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DNL
    [INFO] The file was moved to '47ca5e1b.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010032.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DNL
    [INFO] The file was moved to '46a4092c.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010033.exe
    [DETECTION] Is the Trojan horse TR/Drop.Age.1499136
    [INFO] The file was moved to '47ca5e1d.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010034.dll
    [DETECTION] Is the Trojan horse TR/Vundo.dvo.22
    [INFO] The file was moved to '47ca5e1c.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010035.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DWL.1
    [INFO] The file was moved to '46a4092d.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010036.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DWL.1
    [INFO] The file was moved to '47ca5e1e.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010037.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DNL
    [INFO] The file was moved to '46a4092e.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010038.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DWL.1
    [INFO] The file was moved to '47ca5e1f.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010039.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DNL
    [INFO] The file was moved to '46a40910.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010040.dll
    [DETECTION] Is the Trojan horse TR/Vundo.dvo.22
    [INFO] The file was moved to '47ca5e21.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010041.dll
    [DETECTION] Is the Trojan horse TR/Vundo.dvo.22
    [INFO] The file was moved to '46a4092f.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010042.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DNL
    [INFO] The file was moved to '47ca5e00.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010043.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DWL.1
    [INFO] The file was moved to '46a40931.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010044.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
    [INFO] The file was moved to '47ca5e02.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010045.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DNL
    [INFO] The file was moved to '46a40912.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010046.dll
    [DETECTION] Is the Trojan horse TR/Vundo.dvo.22
    [INFO] The file was moved to '47ca5e23.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010047.dll
    [DETECTION] Is the Trojan horse TR/Vundo.dvo.22
    [INFO] The file was moved to '46a40914.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010048.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DNL
    [INFO] The file was moved to '47ca5e25.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010049.dll
    [DETECTION] Is the Trojan horse TR/Vundo.dvo.22
    [INFO] The file was moved to '47ca5e20.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010050.dll
    [DETECTION] Is the Trojan horse TR/Vundo.dvo.22
    [INFO] The file was moved to '46a40911.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010061.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a40916.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010063.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e27.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010064.EXE
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a40918.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010065.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e22.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010066.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a40913.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010067.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e29.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010068.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a4091a.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010069.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e2b.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010075.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e24.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010094.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e26.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010095.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478cf.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010096.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478c0.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010097.EXE
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478c2.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010098.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478c4.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010099.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e28.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010101.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478c1.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010102.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e2a.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010103.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e2d.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010115.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e2c.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010123.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
    [INFO] The file was moved to '46a478c6.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010181.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e2f.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010182.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478d8.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010183.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e30.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010184.EXE
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478d9.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010185.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e32.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010186.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e31.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010187.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478da.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010188.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e33.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010189.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478db.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010192.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.8
    [INFO] The file was moved to '47ca5e34.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010202.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478dc.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010222.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e36.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010224.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478df.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010225.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e08.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010226.EXE
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e37.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010227.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478d0.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010228.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e39.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010229.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e38.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010230.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478d1.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010231.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478d2.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010232.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
    [INFO] The file was moved to '47ca5e3b.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010243.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e3a.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010299.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hva
    [INFO] The file was moved to '46a478d4.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010304.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e3c.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010305.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478d5.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010340.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e3d.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP126\A0010374.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hva
    [INFO] The file was moved to '47ca5e3f.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP126\A0010404.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47ca5e45.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010408.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47ca5e46.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010409.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47ca5e47.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010410.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '46a478a0.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010411.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47ca5e49.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010412.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '46a478a2.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010413.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47ca5e48.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010414.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '46a478a1.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010415.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47ca5e4a.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010416.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hva
    [INFO] The file was moved to '46a478a3.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010417.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47ca5e4b.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010418.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '46a478a4.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010419.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47ca5e4d.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010420.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
    [INFO] The file was moved to '46a478a6.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010421.EXE
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e4c.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010422.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478a5.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010423.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e4e.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010424.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e4f.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010425.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '46a478b8.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP129\A0010488.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47ca5e50.qua'!
    C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP129\A0010532.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DWK
    [INFO] The file was moved to '47ca5e51.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!

    End of the scan: vendredi 25 janvier 2008 23:19
    Used time: 1:33:28 min

    The scan has been done completely.

    5310 Scanning directories
    314788 Files were scanned
    98 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    98 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    314690 Files not concerned
    1903 Archives were scanned
    3 Warnings
    0 Notes
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut v1n3ss0,

    fais ceci :

    A.V.G :

    -> Télécharger AVG Anti-Spyware (ewido)

    http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

    -> L´installer.

    -> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...

    p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

    http://downloads.ewido.net/avgas-signatures-full-current.exe

    -> Sur la page "analyse":

    choisir d´abord l'onglet "paramètres".

    sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

    -> Lancer le scan, (c´est long...).

    -> A la fin du scan copier Et coller le rapport ici.

    -> Une aide en image au cas ou :

    Tutoriel d´installation et de parametrages :

    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    note ; a la fin du scan tu supprime bien tous ce qu´il a trouvé.

    @+
    0