Sujet Précédent Sujet Suivant

Multi infections

Sura -  
 sura -
Bonjour,

Mon ordinateur est infecté. les symptômes sont les suivants :

- processus "windows" prenant 100% UC apparaissant de temps à autres
- internet lent, impossibilté d'ouvrir un dossier sur le bureau
- popup permanents
- ancien problème : winologon.exe = 100% uc, mais n'apparaît plus depuis un moment
- spybot releve en permanence des infections virtuamonde

Voici le rapport hijacthis

Logfile of HijackThis v1.99.1
Scan saved at 17:48:20, on 26/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
H:\Program Files\Google\Google Updater\GoogleUpdater.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=H:\WINDOWS\System32\ddabc.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [a0cbf2bf] rundll32.exe "H:\WINDOWS\System32\wxekfele.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Holdem Genius Auto Attacher.lnk = H:\Program Files\Holdem Genius\HG_Watcher.exe
O4 - Global Startup: B4Playing Smart Tool.lnk = H:\Program Files\B4Playing\B4PlayingSmartTool\B4PClient.exe
O4 - Global Startup: Google Updater.lnk = H:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - H:\WINDOWS\System32\windows
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe

Devoir formater me pose beaucoup de problème pour sauvegarder mes données, et je vous serai très reconnaissant si vous parveniez à m'éviter ca.

Je suis à votre entière disposition dans le cas ou vous voudriez bien me répondre.

Sura
A voir également:

27 réponses

  • 1
  • 2
Réponse 1 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Moi je veux bien te désinfecter tout ca.
Mais si c'est pour repartir dans la nature sans antivirus, ca m'interresse pas.

Télécharge Combofix sUBs :http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.
2
Réponse 2 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
ok

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

H:\WINDOWS\system32\sys32time.dll
H:\WINDOWS\c3VyYQ
H:\WINDOWS\System32\oljpwrfv.dll
H:\Program Files\kernel
H:\WINDOWS\System32\ddabc.exe
H:\Program Files\?asks
H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\winvsnet.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
1
Réponse 3 / 27
Sura
 
je rajoute que mon disque C apparaît comme marqué d'une croix rouge sur le poste de travail (j'ai 2 disques, windows est sur H)
et que C et H se trouvent encombrés par des centaines de fichies . tmp, certains "in use" et qui reviennent systématiquement une fois supprimés
0
Réponse 4 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Pourquoi n'y a t il pas d'antivirus?

A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 27
Sura
 
je n'en utilise généralement que quand j'ai des probleme, la il n'y a que spybot
0
Réponse 6 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Spybot est un anti-spyware, pas un antivirus.

Que penses tu de commencer par la base, c'est a dire l'installation d'un antivirus ? :)
0
Réponse 7 / 27
Sura
 
j'ai déja essayé sans succès avec avg et www.secuser.com

J'aurai besoin d'une aide un peu plus personnalisée :)
0
Réponse 8 / 27
Sura
 
Je te remercie beaucon de ton aide et serai plus prudent à l'avenir. Voici le rapport que tu m'as demandé, je l'ai uploadé sur rapidshare, ne parvenant pas à le copier ici dans son intégralité. J'espère que ça t'ira

Sura

http://rapidshare.com/files/86903442/rapport.txt.html
0
Réponse 9 / 27
Sura
 
mon ordinateur va beaucoup mieux, a part la croix rouge sur le disque c toujours présente tout va bien
0
Réponse 10 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Yo, j'arrive pas a l'obtenir
Heberge le plutot sur c joint:
https://www.cjoint.com/

A+
0
Réponse 11 / 27
Sura
 
https://www.cjoint.com/?bCkBTLGzH6

uploadé ici
0
^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Salut

Copie/colle le résultat ici, cela sera nettement plus facile pour Régis
A+
0
Réponse 12 / 27
SchneiderBZH Messages postés 761 Statut Membre 28
 
Sura,je te conseillerais d'installé le SP2 pour ton Windows XP et de passer d'Internet Explorer 6 au 7 ou bien tout siplement d'installer Firefox!
0
Réponse 13 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
OK

Y'a une grosse infection de type Vundo.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

A+
0
Réponse 14 / 27
Sura
 
Merci pour tes instructions si clairement détaillées

Vundo fix :

H:\WINDOWS\system32\ddabc.exe

Hijack this

Logfile of HijackThis v1.99.1
Scan saved at 02:01:06, on 29/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Google\Google Updater\GoogleUpdater.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Holdem Genius Auto Attacher.lnk = H:\Program Files\Holdem Genius\HG_Watcher.exe
O4 - Global Startup: B4Playing Smart Tool.lnk = H:\Program Files\B4Playing\B4PlayingSmartTool\B4PClient.exe
O4 - Global Startup: Google Updater.lnk = H:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - H:\WINDOWS\System32\windows (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
0
Réponse 15 / 27
Sura
 
je te signale également que j'ai l'impression (depuis un bon moment) que mes processus occupent trop de mémoire quand j'accede au gestionnaire des tâches, surtout iexporer.exe. D'autre part ce processus peut être actif plusieurs fois alors qu'une seule fenêtre internet est ouverte.

Merci encore pour ton aide
0
Réponse 16 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Ok. C'est mieux.

Installe un antivirus, je te conseille Antivir (clique sur antivir pour avoir le lien de téléchargement).
Une fois installé, remet un rapport combofix.

A+
0
Réponse 17 / 27
sura
 
Je t'envoie ici le rapport de Antivir après scannage du disque. Je redémarre, le rapport combofix arrive dans 2 minutes

AntiVir PersonalEdition Classic
Report file date: jeudi 31 janvier 2008 01:18

Scanning for 1085232 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: SYSTEM
Computer name: SURA-17ENM42UUK

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 13:42:53
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 13:42:53
ANTIVIR3.VDF : 7.0.2.71 203264 Bytes 30/01/2008 13:42:53
AVEWIN32.DLL : 7.6.0.59 3232256 Bytes 30/01/2008 13:42:53
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 30/01/2008 13:42:53
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: h:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 31 janvier 2008 01:18

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'IGZones.exe' - '1' Module(s) have been scanned
Scan process 'casino.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] No virus was found!

Starting to scan the registry.
H:\WINDOWS\system32\CTFMON.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '47e7061e.qua'!
H:\WINDOWS\system32\CTFMON.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DVD

The registry was scanned ( '22' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Bureau\mickael\JEUX\AOC\crack_aok_2.0a.zip
[0] Archive type: ZIP
--> empires2.exe
[DETECTION] Is the Trojan horse TR/Small.971264
[INFO] The file was moved to '4802088d.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temp\dm_0030.exe
[DETECTION] Is the Trojan horse TR/Dialer.TS
[INFO] The file was moved to '480008f9.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\4ZUVEFSB\gepj[1]
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '48110919.qua'!
C:\Program Files\eMule\Incoming\poker tracker 2.16.03d + keygen.rar
[0] Archive type: RAR
--> Keygen\keygen.exe
[DETECTION] Contains detection pattern of the dropper DR/Shark.AU
[INFO] The file was moved to '480c09f8.qua'!
C:\System Volume Information\_restore{2D30742B-7C2B-4F51-9FB6-BB723D9C758A}\RP93\A0032860.exe
[DETECTION] Is the Trojan horse TR/Dialer.TS
[INFO] The file was moved to '47d10a61.qua'!
C:\WINDOWS\lsas32.exe
[DETECTION] Is the Trojan horse TR/Dialer.TS
[INFO] The file was moved to '48020b05.qua'!
C:\WINDOWS\syss.dll
[DETECTION] Is the Trojan horse TR/Spy.Agent.adi
[INFO] The file was moved to '48140b0d.qua'!
C:\WINDOWS\system32\rsvpsp61.dll
[DETECTION] Is the Trojan horse TR/Hijacker.Gen
[INFO] The file was moved to '48170ba2.qua'!
C:\WINDOWS\system32\sstqp.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48150ba7.qua'!
C:\WINDOWS\system32\udtyrpdq.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '48150b9a.qua'!
C:\WINDOWS\Temp\dm_0030.exe
[DETECTION] Is the Trojan horse TR/Dialer.TS
[INFO] The file was moved to '48000bee.qua'!
Begin scan in 'H:\' <DATA>
H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.RB0
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '48020e3b.qua'!
H:\QooBox\Quarantine\H\Program Files\ComPlus Applications\fsodyvav.html.vir
[DETECTION] Is the Trojan horse TR/Click.HTML.IFrame.DN
[INFO] The file was moved to '48100fa8.qua'!
H:\QooBox\Quarantine\H\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '48130f9a.qua'!
H:\QooBox\Quarantine\H\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '47ea0f82.qua'!
H:\QooBox\Quarantine\H\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '47ea0f83.qua'!
H:\QooBox\Quarantine\H\Program Files\Java\jre1.6.0_03\bin\jusched.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '48140fab.qua'!
H:\QooBox\Quarantine\H\Program Files\MSN Messenger\MsnMsgr .Exe.vir
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '480f0faa.qua'!
H:\QooBox\Quarantine\H\Program Files\MSN Messenger\MsnMsgr.Exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '499fb5d3.qua'!
H:\QooBox\Quarantine\H\Program Files\Spybot - Search & Destroy\TeaTimer.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '48020f9d.qua'!
H:\QooBox\Quarantine\H\WINDOWS\b122.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.haq.1
[INFO] The file was moved to '47d30f6a.qua'!
H:\QooBox\Quarantine\H\WINDOWS\Downloaded Program Files\xpreload.ocx.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.cdq
[INFO] The file was moved to '48130fa9.qua'!
H:\QooBox\Quarantine\H\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '47e40f8c.qua'!
H:\QooBox\Quarantine\H\WINDOWS\system32\ahtwyycv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48150fa2.qua'!
H:\QooBox\Quarantine\H\WINDOWS\system32\anhrfwkl.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '48090fa8.qua'!
H:\QooBox\Quarantine\H\WINDOWS\system32\bodjxtim.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48050faa.qua'!
H:\QooBox\Quarantine\H\WINDOWS\system32\dsyugqrm.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.dvc.6
[INFO] The file was moved to '481a0fae.qua'!
H:\QooBox\Quarantine\H\WINDOWS\system32\ejvldjbr.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.dvc.6
[INFO] The file was moved to '48170fa5.qua'!
H:\QooBox\Quarantine\H\WINDOWS\system32\hxpedkag.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was moved to '48110fb4.qua'!
H:\QooBox\Quarantine\H\WINDOWS\system32\lebncpnn.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '48030fa1.qua'!
H:\QooBox\Quarantine\H\WINDOWS\system32\oljpwrfv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was moved to '480b0fa8.qua'!
H:\QooBox\Quarantine\H\WINDOWS\system32\oyupvrxv.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '48160fb5.qua'!
H:\QooBox\Quarantine\H\WINDOWS\system32\RCXFB.tmp.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '47f90f80.qua'!
H:\QooBox\Quarantine\H\WINDOWS\system32\windows.vir
[DETECTION] Is the Trojan horse TR/Zapchast.DT.1
[INFO] The file was moved to '480f0fa6.qua'!
H:\RECYCLER\S-1-5-21-484763869-1004336348-725345543-1003\Dh4.zip
[0] Archive type: ZIP
--> ddabc.dll
[DETECTION] Is the Trojan horse TR/Vundo.DVD
--> grffnhtf.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '47d50fa7.qua'!
H:\System Volume Information\_restore{2D30742B-7C2B-4F51-9FB6-BB723D9C758A}\RP93\A0032789.exe
[DETECTION] Is the Trojan horse TR/Spy.Banbra.df.199
[INFO] The file was moved to '47d10f70.qua'!
H:\System Volume Information\_restore{2D30742B-7C2B-4F51-9FB6-BB723D9C758A}\RP93\A0032859.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '465fa019.qua'!
H:\VundoFix Backups\ddabc.exe.bad
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '48020fa5.qua'!
H:\WINDOWS\system32\RCX147.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '47f9104f.qua'!
H:\WINDOWS\system32\RCX182.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '4674b9b0.qua'!
H:\WINDOWS\system32\RCX1F2C.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '47f91050.qua'!
H:\WINDOWS\system32\RCX3CD.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '4674b9b1.qua'!
H:\WINDOWS\system32\sys32time.dll
[DETECTION] Is the Trojan horse TR/Spy.Banker.hrm
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
H:\WINDOWS\system32\ugwdgtal.dll_old
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '4818108f.qua'!
H:\WINDOWS\system32\windows_old
[DETECTION] Is the Trojan horse TR/Zapchast.DT.1
[INFO] The file was moved to '480f1094.qua'!
H:\WINDOWS\system32\ardCo01\ardCo011065.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.ccs
[INFO] The file was moved to '480510a0.qua'!

End of the scan: jeudi 31 janvier 2008 02:03
Used time: 45:18 min

The scan has been done completely.

6201 Scanning directories
297173 Files were scanned
48 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
46 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
297125 Files not concerned
3068 Archives were scanned
0
Réponse 18 / 27
sura
 
Combofix

ComboFix 08-01-23.1C - Propri‚taire 2008-01-31 2:07:09.3 - NTFSx86
Endroit: H:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))))))))
.

2008-01-30 07:24 . 2008-01-30 07:24 <REP> d-------- H:\Program Files\Avira
2008-01-29 22:27 . 2008-01-29 22:27 230,454 --a------ H:\WINDOWS\GOM_Wallpaper.bmp
2008-01-29 01:51 . 2008-01-31 01:58 <REP> d-------- H:\VundoFix Backups
2008-01-27 01:02 . 2000-08-31 08:00 51,200 --a------ H:\WINDOWS\Nircmd.exe
2008-01-26 17:23 . 2003-12-12 16:06 1,693,696 --a------ H:\WINDOWS\system32\ltclr13n.dll
2008-01-26 17:23 . 2003-11-04 15:11 155,648 --a------ H:\WINDOWS\system32\lftif13n.dll
2008-01-26 17:23 . 2003-11-04 15:10 98,304 --a------ H:\WINDOWS\system32\lffax13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 462,848 --a------ H:\WINDOWS\system32\ltkrn13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 450,560 --a------ H:\WINDOWS\system32\ltimg13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 401,408 --a------ H:\WINDOWS\system32\lfcmp13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 299,008 --a------ H:\WINDOWS\system32\ltdis13n.dll
2008-01-26 17:18 . 2004-01-12 02:09 206,336 --a------ H:\WINDOWS\system32\ltefx13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 163,840 --a------ H:\WINDOWS\system32\ltfil13n.dll
2008-01-26 17:18 . 2003-11-04 15:10 69,632 --a------ H:\WINDOWS\system32\lfgif13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 57,344 --a------ H:\WINDOWS\system32\lfbmp13n.dll
2008-01-26 15:58 . 2008-01-26 15:58 <REP> d-------- H:\WINDOWS\AU_Temp
2008-01-26 15:09 . 2008-01-26 15:09 <REP> d-------- H:\WINDOWS\report
2008-01-26 15:09 . 2008-01-26 15:29 <REP> d-------- H:\WINDOWS\AU_Backup
2008-01-26 15:09 . 2008-01-26 15:09 1,916,766 --a------ H:\WINDOWS\tsc.ptn
2008-01-26 15:09 . 2008-01-26 15:58 1,163,344 --a------ H:\WINDOWS\vsapi32.dll
2008-01-26 15:09 . 2008-01-26 15:09 267,845 --a------ H:\WINDOWS\tsc.exe
2008-01-26 15:09 . 2008-01-26 15:58 86,094 --a------ H:\WINDOWS\BPMNT.dll
2008-01-26 15:09 . 2008-01-26 15:09 71,749 --a------ H:\WINDOWS\hcextoutput.dll
2008-01-26 15:09 . 2008-01-26 15:58 823 --a------ H:\WINDOWS\tsc.ini
2008-01-26 15:08 . 2008-01-26 15:09 35,262,033 --a------ H:\WINDOWS\VPTNFILE.963
2008-01-26 15:08 . 2008-01-26 15:09 35,262,033 --a------ H:\WINDOWS\LPT$VPN.963
2008-01-26 15:06 . 2008-01-26 15:06 <REP> d-------- H:\WINDOWS\AU_Log
2008-01-26 15:06 . 2008-01-26 15:06 507,904 --a------ H:\WINDOWS\TMUPDATE.DLL
2008-01-26 15:06 . 2008-01-26 15:06 286,720 --a------ H:\WINDOWS\PATCH.EXE
2008-01-26 15:06 . 2008-01-26 15:06 69,689 --a------ H:\WINDOWS\UNZIP.DLL
2008-01-26 15:06 . 2008-01-26 15:58 170 --a------ H:\WINDOWS\GetServer.ini
2008-01-26 03:17 . 2008-01-26 03:18 <REP> d-------- H:\Program Files\TexasCalculatem
2008-01-26 03:12 . 2008-01-26 03:15 <REP> d-------- H:\Program Files\Holdem Genius
2008-01-26 03:08 . 2008-01-26 03:08 <REP> d-------- H:\Program Files\B4Playing
2008-01-23 15:08 . 2008-01-23 15:08 <REP> d-------- H:\Poker
2008-01-22 14:38 . 2008-01-22 14:38 <REP> d-------- H:\WINDOWS\Sun
2008-01-22 14:37 . 2008-01-22 14:37 <REP> d-------- H:\Program Files\Java
2008-01-22 14:37 . 2007-09-24 23:31 69,632 --a------ H:\WINDOWS\system32\javacpl.cpl
2008-01-22 14:36 . 2008-01-22 14:36 <REP> d-------- H:\Program Files\Fichiers communs\Java
2008-01-20 22:00 . 2008-01-20 22:00 <REP> d-------- H:\Program Files\aMSN
2008-01-16 16:47 . 2008-01-16 16:47 <REP> d-------- H:\Program Files\PokerAce Hud
2008-01-08 18:44 . 2008-01-26 14:46 1,938 --a------ H:\WINDOWS\wininit.ini
2008-01-04 21:52 . 2008-01-31 02:01 69 --a------ H:\WINDOWS\NeroDigital.ini
2008-01-04 21:35 . 2008-01-04 21:35 <REP> d-------- H:\Program Files\Nero
2008-01-04 21:35 . 2008-01-04 21:37 <REP> d-------- H:\Program Files\Fichiers communs\Nero
2008-01-01 01:36 . 2008-01-31 02:02 <REP> d-------- H:\WINDOWS\system32\ardCo01
2008-01-01 01:36 . 2008-01-30 14:17 <REP> d--hs---- H:\WINDOWS\c3VyYQ
2007-12-31 18:51 . 2007-12-31 18:51 43,520 --a------ H:\WINDOWS\system32\CmdLineExt03.dll
2007-12-31 11:29 . 2008-01-20 14:48 <REP> d-------- H:\Program Files\IGZones
2007-12-13 19:09 . 2007-12-13 19:09 972,072 --a------ H:\WINDOWS\UNNeroMediaHome.exe
2007-12-12 01:35 . 2008-01-30 20:58 <REP> d-------- H:\Program Files\bwin
2007-12-04 00:05 . 2007-12-04 00:05 59 --a------ H:\WINDOWS\pp.enc
2007-12-03 23:52 . 2007-12-03 23:52 <REP> d-------- H:\Microgaming
2007-12-03 18:04 . 2007-12-03 18:04 95,600 --a------ H:\WINDOWS\system32\NeroCo.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 23:08 --------- d-----w H:\Program Files\MSN Messenger
2007-10-30 23:41 133,632 --s-a-w H:\WINDOWS\system32\sys32time.dll
2005-08-02 14:46 187,904 --sha-r H:\WINDOWS\c3VyYQ\asappsrv.dll
2005-07-29 14:24 472 --sha-r H:\WINDOWS\c3VyYQ\wapVsk.vbs
.
[code]<pre>
----a-w 2,321,600 2008-01-08 15:44:52 H:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater .exe
----a-w 68,856 2008-01-15 10:54:08 H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
</pre>[/code]

((((((((((((((((((((((((((((( snapshot@2008-01-27_ 1.15.20.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 15:54:37 593,920 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-01-27 12:29:01 593,920 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-01-26 15:54:37 12,288 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-01-27 12:29:01 12,288 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-01-26 15:54:37 86,016 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-01-27 12:29:01 86,016 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-01-26 15:54:37 135,168 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-01-27 12:29:01 135,168 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-01-26 15:54:37 11,264 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-01-27 12:29:01 11,264 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-01-26 15:54:37 27,136 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-01-27 12:29:01 27,136 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-01-26 15:54:37 4,096 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-01-27 12:29:01 4,096 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-01-26 15:54:37 794,624 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-01-27 12:29:01 794,624 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-01-26 15:54:37 249,856 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-01-27 12:29:01 249,856 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-01-26 15:54:37 61,440 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-01-27 12:29:01 61,440 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-01-26 15:54:37 23,040 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-01-27 12:29:01 23,040 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-01-26 15:54:37 286,720 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-01-27 12:29:01 286,720 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-01-26 15:54:37 409,600 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-01-27 12:29:01 409,600 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-01-26 23:10:00 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-30 11:35:29 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-26 23:10:00 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-30 11:35:29 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-26 23:10:00 98,304 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-30 11:35:29 98,304 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-26 23:02:52 1,449,984 ----a-w H:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-01-31 00:07:07 1,449,984 ----a-w H:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-08-09 11:04:11 40,768 ----a-w H:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 12:22:19 21,312 ----a-w H:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-01-30 13:42:53 61,632 ----a-w H:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:36 28,352 ----a-w H:\WINDOWS\system32\drivers\ssmdrv.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"SpybotSD TeaTimer"="H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="H:\WINDOWS\System32\NvCpl.dll" [2006-07-12 06:19 7626752]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"avgnt"="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-30 15:42 249896]

H:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Holdem Genius Auto Attacher.lnk - H:\Program Files\Holdem Genius\HG_Watcher.exe [2008-01-26 03:12:18 1286144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a0cbf2bf]
H:\WINDOWS\System32\oljpwrfv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
H:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 10:43 69632 H:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernel]
H:\Program Files\kernel\kernel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
H:\WINDOWS\System32\ddabc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
H:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mvrzptni]
H:\Program Files\?asks\??oolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGA6P_0001_N122M2210]
H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\winvsnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-07-12 06:19 7626752 H:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-07-12 06:19 86016 H:\WINDOWS\System32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-12 06:19 1519616 H:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-06-01 08:48 16208384 H:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
H:\WINDOWS\mrofinu572.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 10:04 2879488 H:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tacc]
H:\DOCUME~1\PROPRI~1\MESDOC~1\ICROSO~1.NET\winlogon.exe

R0 avgntmgr;avgntmgr;H:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;H:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
S3 MSControlService;Microsoft cache control;H:\WINDOWS\System32\windows []

*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - SSMDRV
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 02:08:19
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: H:\WINDOWS\explorer.exe [6.00.2800.1106]
-> h:\windows\system32\sys32time.dll
.
Temps d'accomplissement: 2008-01-31 2:08:52
ComboFix-quarantined-files.txt 2008-01-31 00:08:50
ComboFix2.txt 2008-01-26 23:15:47
0
Réponse 19 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Fais gaffe a ce que tu télécharges sur emule!!!

Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
H:\WINDOWS\c3VyYQ\asappsrv.dll
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799

a+
0
Réponse 20 / 27
sura
 
Je ne trouve aucun dossier c3vyYQ
0

Discussions similaires

Recherche multi exp dans pokémon heart gold
tom -
Estebalignon -

6 réponses
Pokémon SoulSilver multi exp
Randy62 -
rieulebg -

8 réponses
2eme multi exp?
sohanejeff30 -
missing you -

1 réponse
ovh multisite
Chris -
Chris -

4 réponses
Multi Exp dans Pokemon Diamant
Tomoko -
lol -

63 réponses