URGENT TROJAN

Anthony02P -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,
Je pense que j'ai un virus dans mon ordinateur je m'explique
je l'ai nettoyé avec avast puis adware mais aprés avec spyware doctor et il m'affiche
TROJAN.VIRTUMONDE rique élevé
Aidé moi car je ram a fond et des que je fais un truc il m'afiche un msg d'erreur
merci a tous
Configuration: Windows XP
Firefox 2.0.0.11

59 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une inquiétude porte sur une éventuelle infection après des nettoyages avec Avast et Adware, alors Spyware Doctor affiche TROJAN.VIRTUMONDE avec un risque élevé sur Windows XP.
Plusieurs réponses recommandent d'utiliser des outils de désinfection comme HijackThis, VundoFix, SDFix ou ComboFix en mode sans échec, puis de générer des rapports et de suivre les étapes de nettoyage.
Des conseils complémentaires orientent vers des scripts et des nettoyages de répertoires système, des scans répétés et des redémarrages pour éliminer les composants malveillants et stabiliser le système.
En complément, l’environnement mémoire modeste et l’ancienneté de Windows XP invitent à privilégier des outils compatibles et des passes multiples.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    Télécharge ceci :

    Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

    Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

    ++
    0
  2. Anthony02P
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:56:31, on 01/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
    C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\68.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - C:\WINDOWS\system32\xxyxxxx.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SBA.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKLM\..\Run: [NvGraphicsInterface] C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\68.exe
    O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "C:\Documents and Settings\Anthony PECCAVET\Mes documents\install_fr.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ckomjdq] c:\documents and settings\anthony peccavet\local settings\application data\ckomjdq.exe ckomjdq
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3172A58E-1082-4F39-B7BC-CB1D8EF5E1FA}: NameServer = 194.2.0.20,194.2.0.50
    O20 - Winlogon Notify: xxyxxxx - C:\WINDOWS\SYSTEM32\xxyxxxx.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

    * Double-cliquer sur VundoFix.exe afin de le lancer.
    * Cliquer sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
    * Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
    * Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
    * Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

    ++
    0
  4. Anthony02P
     
    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.2
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 14:01:29 01/02/2008

    Listing files found while scanning....

    C:\windows\system32\gebyy.dll
    C:\WINDOWS\system32\jkhhg.dll
    C:\WINDOWS\system32\mljgf.dll
    C:\WINDOWS\system32\ssqpp.dll
    C:\WINDOWS\system32\xxyxxxx.dll
    C:\windows\system32\yybeg.ini
    C:\windows\system32\yybeg.ini2

    Beginning removal...

    Attempting to delete C:\windows\system32\gebyy.dll
    C:\windows\system32\gebyy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkhhg.dll
    C:\WINDOWS\system32\jkhhg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljgf.dll
    C:\WINDOWS\system32\mljgf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqpp.dll
    C:\WINDOWS\system32\ssqpp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyxxxx.dll
    C:\WINDOWS\system32\xxyxxxx.dll Could not be deleted.

    Attempting to delete C:\windows\system32\yybeg.ini
    C:\windows\system32\yybeg.ini Has been deleted!

    Attempting to delete C:\windows\system32\yybeg.ini2
    C:\windows\system32\yybeg.ini2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\xxyxxxx.dll
    C:\WINDOWS\system32\xxyxxxx.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarrer en mode sans echec
    * Double cliquer combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt, poste le stp

    ++
    0
  7. Anthony02P
     
    c'est quoi que je démare en mode sans échec? et coment on fait?
    0
  8. Anthony02P
     
    ComboFix 08-02.01.6 - Anthony PECCAVET 2008-02-01 15:05:27.1 - NTFSx86 MINIMAL
    Endroit: C:\Documents and Settings\Anthony PECCAVET\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\Anthony PECCAVET\Local Settings\Application Data\ckomjdq.dat
    C:\Documents and Settings\Anthony PECCAVET\Local Settings\Application Data\ckomjdq_nav.dat
    c:\Documents and Settings\Anthony PECCAVET\Local Settings\Application Data\ckomjdq_navps.dat
    C:\WINDOWS\system32\efhkj.ini2
    C:\WINDOWS\system32\opqss.ini
    C:\WINDOWS\system32\opqss.ini2
    C:\WINDOWS\system32\skcycfk.dat
    C:\WINDOWS\system32\skcycfk_nav.dat
    C:\WINDOWS\system32\skcycfk_navps.dat
    C:\WINDOWS\system32\ssqpo.dll
    C:\WINDOWS\system32\xxyxxxx.dll

    ----- BITS: Possible sites infect‚s -----

    hxxp://au.download.windowsupdate.com
    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-01 to 2008-02-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-01 14:01 . 2008-02-01 14:25 <REP> d-------- C:\VundoFix Backups
    2008-02-01 13:54 . 2008-02-01 13:54 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-01 13:18 . 2008-02-01 13:18 <REP> d-------- C:\Documents and Settings\Anthony PECCAVET\Application Data\PC Tools
    2008-02-01 13:18 . 2008-02-01 14:50 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-02-01 13:18 . 2008-02-01 14:50 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-02-01 13:18 . 2008-02-01 13:26 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-02-01 13:18 . 2008-02-01 13:26 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-02-01 13:17 . 2008-02-01 14:53 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-02-01 11:23 . 2008-02-01 11:23 <REP> d-------- C:\Program Files\AxBx
    2008-01-31 19:55 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-31 19:55 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-01-30 16:33 . 2001-08-23 17:46 252,032 --a------ C:\WINDOWS\system32\dllcache\sis300iv.dll
    2008-01-30 16:33 . 2001-08-23 17:47 238,592 --a------ C:\WINDOWS\system32\dllcache\sisgrv.dll
    2008-01-30 16:33 . 2001-08-23 17:46 150,144 --a------ C:\WINDOWS\system32\dllcache\sis6306v.dll
    2008-01-30 16:33 . 2001-08-17 20:50 104,064 --a------ C:\WINDOWS\system32\dllcache\sisgrp.sys
    2008-01-30 16:33 . 2001-08-17 20:50 101,760 --a------ C:\WINDOWS\system32\dllcache\sis300ip.sys
    2008-01-30 16:33 . 2001-08-17 20:50 68,608 --a------ C:\WINDOWS\system32\dllcache\sis6306p.sys
    2008-01-30 16:33 . 2004-08-03 23:07 41,088 --a------ C:\WINDOWS\system32\dllcache\sisagp.sys
    2008-01-30 16:33 . 2004-08-03 22:31 32,768 --a------ C:\WINDOWS\system32\dllcache\sisnic.sys
    2008-01-30 16:33 . 2004-08-05 14:00 18,944 --a------ C:\WINDOWS\system32\dllcache\simptcp.dll
    2008-01-30 16:33 . 2004-08-04 00:54 3,901 --a------ C:\WINDOWS\system32\dllcache\siint5.dll
    2008-01-30 16:26 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-01-30 16:25 . 2004-08-04 00:54 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
    2008-01-30 16:24 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
    2008-01-30 16:23 . 2004-08-05 14:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
    2008-01-30 16:22 . 2004-08-04 00:53 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
    2008-01-30 16:21 . 2004-08-04 00:54 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
    2008-01-30 16:20 . 2004-08-04 00:47 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
    2008-01-30 16:19 . 2004-08-04 00:54 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll
    2008-01-30 16:18 . 2004-08-05 14:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
    2008-01-30 16:17 . 2001-08-23 17:03 320,384 --a------ C:\WINDOWS\system32\dllcache\mgaum.sys
    2008-01-30 16:16 . 2001-08-17 21:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
    2008-01-30 16:15 . 2004-08-05 14:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
    2008-01-30 16:14 . 2004-08-05 14:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
    2008-01-30 16:13 . 2004-08-05 14:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-01-30 16:12 . 2001-08-17 21:28 542,879 --a------ C:\WINDOWS\system32\dllcache\hsf_msft.sys
    2008-01-30 16:11 . 2001-08-23 17:46 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
    2008-01-30 16:10 . 2004-08-05 14:00 563,712 --a------ C:\WINDOWS\system32\dllcache\fxsst.dll
    2008-01-30 16:09 . 2001-08-23 17:16 630,016 --a------ C:\WINDOWS\system32\dllcache\eqn.sys
    2008-01-30 16:08 . 2001-08-17 20:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
    2008-01-30 16:07 . 2001-08-23 17:47 622,621 --a------ C:\WINDOWS\system32\dllcache\digiview.exe
    2008-01-30 16:06 . 2004-08-05 14:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
    2008-01-30 16:05 . 2001-08-17 21:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
    2008-01-30 16:04 . 2004-08-04 00:54 870,784 --a------ C:\WINDOWS\system32\dllcache\ati3d1ag.dll
    2008-01-30 16:03 . 2001-08-17 21:28 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys
    2008-01-30 16:02 . 2004-05-13 00:39 876,653 --a------ C:\WINDOWS\system32\dllcache\fp4awel.dll
    2008-01-30 15:07 . 2008-01-30 15:07 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-30 15:07 . 2008-01-30 15:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-21 22:19 . 2008-01-21 22:19 <REP> d-------- C:\Documents and Settings\Anthony PECCAVET\Application Data\TVU networks
    2008-01-21 22:19 . 2008-01-21 22:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
    2008-01-21 08:41 . 2008-01-21 08:41 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-01-17 13:11 . 2008-01-30 19:17 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2008-01-16 18:10 . 2008-01-16 18:29 <REP> d-------- C:\Program Files\Atari
    2008-01-15 12:51 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
    2008-01-15 12:51 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
    2008-01-15 12:50 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
    2008-01-15 12:50 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2008-01-15 12:50 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
    2008-01-15 12:50 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
    2008-01-15 12:50 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
    2008-01-15 12:50 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
    2008-01-15 12:49 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
    2008-01-15 12:49 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
    2008-01-14 09:47 . 2004-08-12 11:06 188,416 --a------ C:\WINDOWS\system32\eax.dll
    2008-01-14 09:31 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
    2008-01-11 10:56 . 2008-01-11 10:56 <REP> d--h----- C:\WINDOWS\PIF
    2008-01-09 17:19 . 2008-01-09 17:19 <REP> d-------- C:\Program Files\EA GAMES
    2008-01-09 11:33 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
    2008-01-09 11:33 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
    2008-01-09 11:33 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
    2008-01-09 11:33 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
    2008-01-09 11:33 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
    2008-01-09 11:33 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
    2008-01-09 11:33 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
    2008-01-08 17:48 . 2008-02-01 10:24 <REP> d-------- C:\WINDOWS\UbiSoft
    2008-01-08 16:28 . 2008-01-08 16:33 <REP> d-------- C:\Documents and Settings\Anthony PECCAVET\Application Data\GlarySoft
    2008-01-08 16:19 . 2008-01-08 16:19 <REP> d-------- C:\Program Files\Glary Utilities
    2008-01-04 14:57 . 2008-01-04 14:57 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-01-04 14:57 . 2008-01-04 14:57 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-01 09:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-01 09:24 --------- d-----w C:\Program Files\eMule
    2008-02-01 09:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-01 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-30 17:17 5,420 ----a-w C:\Documents and Settings\Anthony PECCAVET\Application Data\wklnhst.dat
    2008-01-30 14:52 --------- d-----w C:\Program Files\Microsoft Works
    2008-01-30 14:05 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-21 07:41 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-01-16 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-11 14:54 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
    2008-01-11 09:55 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-01-09 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\hpqwmi
    2008-01-09 13:34 --------- d-----w C:\Documents and Settings\Anthony PECCAVET\Application Data\Azureus
    2008-01-08 15:42 --------- d-----w C:\Program Files\MTA San Andreas
    2008-01-08 15:42 --------- d-----w C:\Documents and Settings\Anthony PECCAVET\Application Data\LimeWire
    2008-01-08 15:31 --------- d-----w C:\Program Files\DesignPro
    2007-12-29 16:26 --------- d-----w C:\Program Files\VirtualDJ
    2007-12-21 21:59 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-21 17:05 --------- d-----w C:\Program Files\Rockstar Games
    2007-12-09 19:59 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
    2007-12-09 18:57 --------- d-----w C:\Program Files\Logitech
    2007-12-08 12:13 --------- d-----w C:\Program Files\Google
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-13 06:34 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
    2007-11-13 06:34 290,816 ------w C:\WINDOWS\Setup1.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73C8ADB8-0ED8-4949-B8CB-5CBA73CC5EC0}]
    C:\WINDOWS\system32\gebyy.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-12 10:29 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 20:05 339968]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 14:21 794624]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24 290816]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 12:54 253952]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 13:01 233534]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 11:58 213936]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-05-16 11:58 86960]
    "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-05-16 11:58 213936]
    "NI.UGA6PV_0001_N122M2910"="C:\Documents and Settings\Anthony PECCAVET\Mes documents\install_fr.exe" [ ]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-02-01 14:21 1065800]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 09:00 160768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24ffd752-cd98-11db-88c7-806d6172696f}]
    \Shell\AutoRun\command - E:\autorun.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-01 15:28:13
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-01 15:38:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-01 14:38:45
    .
    2008-01-31 05:57:38 --- E O F ---

    Maintenant je fais quoi ??
    0
  9. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    très bien :

    Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :

    File::

    C:\WINDOWS\system32\gebyy.dll

    registry::

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73C8ADB8-0ED8-4949-B8CB-5CBA73CC5EC0}]


    ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    Dans la fenêtre qui suit, choisie l'option 1 puis valide
    Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
    A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )

    ++

    0
  10. Anthony02P
     
    j'ai fait un nouveaux document texte comme demander j'ai fait le copierr coller
    mais je comprend pas la suite
    ?????????
    0
  11. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    oups l'animation est morte ! :(

    une seconde ...
    0
  12. Anthony02P
     
    a tu trouver car la sa beugue trop merci
    tient moi au courant
    0
  13. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    voilà : ici l'animation fonctionne :

    http://img.bleepingcomputer.com/combofix/usage/rc.gif

    ++
    0
  14. Anthony02P
     
    ComboFix 08-02.01.6 - Anthony PECCAVET 2008-02-01 17:44:16.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.113 [GMT 1:00]
    Endroit: C:\Documents and Settings\Anthony PECCAVET\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Anthony PECCAVET\Bureau\CFScript.txt.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE
    C:\WINDOWS\system32\gebyy.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

    ----- BITS: Possible sites infectés -----

    hxxp://au.download.windowsupdate.com
    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-01 to 2008-02-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-01 14:01 . 2008-02-01 14:25 <REP> d-------- C:\VundoFix Backups
    2008-02-01 13:54 . 2008-02-01 13:54 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-01 13:18 . 2008-02-01 13:18 <REP> d-------- C:\Documents and Settings\Anthony PECCAVET\Application Data\PC Tools
    2008-02-01 13:18 . 2008-02-01 14:50 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-02-01 13:18 . 2008-02-01 14:50 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-02-01 13:18 . 2008-02-01 13:26 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-02-01 13:18 . 2008-02-01 13:26 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-02-01 13:17 . 2008-02-01 14:53 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-02-01 11:23 . 2008-02-01 11:23 <REP> d-------- C:\Program Files\AxBx
    2008-01-31 19:55 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-31 19:55 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-01-30 16:33 . 2001-08-23 17:46 252,032 --a------ C:\WINDOWS\system32\dllcache\sis300iv.dll
    2008-01-30 16:33 . 2001-08-23 17:47 238,592 --a------ C:\WINDOWS\system32\dllcache\sisgrv.dll
    2008-01-30 16:33 . 2001-08-23 17:46 150,144 --a------ C:\WINDOWS\system32\dllcache\sis6306v.dll
    2008-01-30 16:33 . 2001-08-17 20:50 104,064 --a------ C:\WINDOWS\system32\dllcache\sisgrp.sys
    2008-01-30 16:33 . 2001-08-17 20:50 101,760 --a------ C:\WINDOWS\system32\dllcache\sis300ip.sys
    2008-01-30 16:33 . 2001-08-17 20:50 68,608 --a------ C:\WINDOWS\system32\dllcache\sis6306p.sys
    2008-01-30 16:33 . 2004-08-03 23:07 41,088 --a------ C:\WINDOWS\system32\dllcache\sisagp.sys
    2008-01-30 16:33 . 2004-08-03 22:31 32,768 --a------ C:\WINDOWS\system32\dllcache\sisnic.sys
    2008-01-30 16:33 . 2004-08-05 14:00 18,944 --a------ C:\WINDOWS\system32\dllcache\simptcp.dll
    2008-01-30 16:33 . 2004-08-04 00:54 3,901 --a------ C:\WINDOWS\system32\dllcache\siint5.dll
    2008-01-30 16:26 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-01-30 16:25 . 2004-08-04 00:54 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
    2008-01-30 16:24 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
    2008-01-30 16:23 . 2004-08-05 14:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
    2008-01-30 16:22 . 2004-08-04 00:53 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
    2008-01-30 16:21 . 2004-08-04 00:54 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
    2008-01-30 16:20 . 2004-08-04 00:47 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
    2008-01-30 16:19 . 2004-08-04 00:54 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll
    2008-01-30 16:18 . 2004-08-05 14:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
    2008-01-30 16:17 . 2001-08-23 17:03 320,384 --a------ C:\WINDOWS\system32\dllcache\mgaum.sys
    2008-01-30 16:16 . 2001-08-17 21:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
    2008-01-30 16:15 . 2004-08-05 14:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
    2008-01-30 16:14 . 2004-08-05 14:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
    2008-01-30 16:13 . 2004-08-05 14:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-01-30 16:12 . 2001-08-17 21:28 542,879 --a------ C:\WINDOWS\system32\dllcache\hsf_msft.sys
    2008-01-30 16:11 . 2001-08-23 17:46 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
    2008-01-30 16:10 . 2004-08-05 14:00 563,712 --a------ C:\WINDOWS\system32\dllcache\fxsst.dll
    2008-01-30 16:09 . 2001-08-23 17:16 630,016 --a------ C:\WINDOWS\system32\dllcache\eqn.sys
    2008-01-30 16:08 . 2001-08-17 20:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
    2008-01-30 16:07 . 2001-08-23 17:47 622,621 --a------ C:\WINDOWS\system32\dllcache\digiview.exe
    2008-01-30 16:06 . 2004-08-05 14:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
    2008-01-30 16:05 . 2001-08-17 21:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
    2008-01-30 16:04 . 2004-08-04 00:54 870,784 --a------ C:\WINDOWS\system32\dllcache\ati3d1ag.dll
    2008-01-30 16:03 . 2001-08-17 21:28 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys
    2008-01-30 16:02 . 2004-05-13 00:39 876,653 --a------ C:\WINDOWS\system32\dllcache\fp4awel.dll
    2008-01-30 15:07 . 2008-01-30 15:07 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-30 15:07 . 2008-01-30 15:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-21 22:19 . 2008-01-21 22:19 <REP> d-------- C:\Documents and Settings\Anthony PECCAVET\Application Data\TVU networks
    2008-01-21 22:19 . 2008-01-21 22:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
    2008-01-21 08:41 . 2008-01-21 08:41 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-01-17 13:11 . 2008-01-30 19:17 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2008-01-16 18:10 . 2008-01-16 18:29 <REP> d-------- C:\Program Files\Atari
    2008-01-15 12:51 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
    2008-01-15 12:51 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
    2008-01-15 12:50 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
    2008-01-15 12:50 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2008-01-15 12:50 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
    2008-01-15 12:50 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
    2008-01-15 12:50 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
    2008-01-15 12:50 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
    2008-01-15 12:49 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
    2008-01-15 12:49 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
    2008-01-14 09:47 . 2004-08-12 11:06 188,416 --a------ C:\WINDOWS\system32\eax.dll
    2008-01-14 09:31 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
    2008-01-11 10:56 . 2008-01-11 10:56 <REP> d--h----- C:\WINDOWS\PIF
    2008-01-09 17:19 . 2008-01-09 17:19 <REP> d-------- C:\Program Files\EA GAMES
    2008-01-09 11:33 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
    2008-01-09 11:33 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
    2008-01-09 11:33 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
    2008-01-09 11:33 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
    2008-01-09 11:33 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
    2008-01-09 11:33 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
    2008-01-09 11:33 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
    2008-01-08 17:48 . 2008-02-01 10:24 <REP> d-------- C:\WINDOWS\UbiSoft
    2008-01-08 16:28 . 2008-01-08 16:33 <REP> d-------- C:\Documents and Settings\Anthony PECCAVET\Application Data\GlarySoft
    2008-01-08 16:19 . 2008-01-08 16:19 <REP> d-------- C:\Program Files\Glary Utilities
    2008-01-04 14:57 . 2008-01-04 14:57 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-01-04 14:57 . 2008-01-04 14:57 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-01 14:41 5,420 ----a-w C:\Documents and Settings\Anthony PECCAVET\Application Data\wklnhst.dat
    2008-02-01 09:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-01 09:24 --------- d-----w C:\Program Files\eMule
    2008-02-01 09:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-01 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-30 14:52 --------- d-----w C:\Program Files\Microsoft Works
    2008-01-30 14:05 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-21 07:41 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-01-16 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-11 14:54 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
    2008-01-11 09:55 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-01-09 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\hpqwmi
    2008-01-09 13:34 --------- d-----w C:\Documents and Settings\Anthony PECCAVET\Application Data\Azureus
    2008-01-08 15:42 --------- d-----w C:\Program Files\MTA San Andreas
    2008-01-08 15:42 --------- d-----w C:\Documents and Settings\Anthony PECCAVET\Application Data\LimeWire
    2008-01-08 15:31 --------- d-----w C:\Program Files\DesignPro
    2007-12-29 16:26 --------- d-----w C:\Program Files\VirtualDJ
    2007-12-21 21:59 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-21 17:05 --------- d-----w C:\Program Files\Rockstar Games
    2007-12-19 14:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-09 19:59 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
    2007-12-09 18:57 --------- d-----w C:\Program Files\Logitech
    2007-12-09 17:18 4,132 ----a-w C:\WINDOWS\system32\tmp.reg
    2007-12-08 16:39 4,661 ----a-w C:\WINDOWS\system32\fpupnb.dat.ren
    2007-12-08 12:13 --------- d-----w C:\Program Files\Google
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    2007-12-02 16:11 347,410 ----a-w C:\WINDOWS\system32\fpupnb_nav.dat.ren
    2007-11-29 07:52 287,232 ----a-w C:\WINDOWS\system32\fpupnb.exe.ren
    2007-11-13 06:34 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
    2007-11-13 06:34 290,816 ------w C:\WINDOWS\Setup1.exe
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-12 10:29 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 20:05 339968]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 14:21 794624]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24 290816]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 12:54 253952]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 13:01 233534]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 11:58 213936]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-05-16 11:58 86960]
    "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-05-16 11:58 213936]
    "NI.UGA6PV_0001_N122M2910"="C:\Documents and Settings\Anthony PECCAVET\Mes documents\install_fr.exe" [ ]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-02-01 14:21 1065800]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    OFFICE One Clock v6.5.lnk - C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe [2007-03-08 18:20:38 257536]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-29 08:46:47 126136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 15:39]
    S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
    S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2003-04-01 10:23]
    S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
    S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
    S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
    S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
    S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
    S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
    S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24ffd752-cd98-11db-88c7-806d6172696f}]
    \Shell\AutoRun\command - E:\autorun.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-01 17:47:42
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?3?8?6??????? ???B?????????????hLC? ??????

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-01 17:48:44
    ComboFix-quarantined-files.txt 2008-02-01 16:48:39
    ComboFix2.txt 2008-02-01 14:38:57
    .
    2008-01-31 05:57:38 --- E O F ---

    Ensuite ????
    0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ça arrive ! :)

    fais ce qui est indiqué ici stp :

    http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

    ++
    0
  16. Anthony02P
     
    Voila j'ai fait déja une analyse rapide avec AVG
    voici le rapor

    C:\Documents and Settings\Anthony PECCAVET\Cookies\anthony_peccavet@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.10:C:\Documents and Settings\Anthony PECCAVET\Application Data\Mozilla\Firefox\Profiles\xibx0fji.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.11:C:\Documents and Settings\Anthony PECCAVET\Application Data\Mozilla\Firefox\Profiles\xibx0fji.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.12:C:\Documents and Settings\Anthony PECCAVET\Application Data\Mozilla\Firefox\Profiles\xibx0fji.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.9:C:\Documents and Settings\Anthony PECCAVET\Application Data\Mozilla\Firefox\Profiles\xibx0fji.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\Anthony PECCAVET\Cookies\anthony_peccavet@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
    :mozilla.20:C:\Documents and Settings\Anthony PECCAVET\Application Data\Mozilla\Firefox\Profiles\xibx0fji.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\Anthony PECCAVET\Cookies\anthony_peccavet@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    :mozilla.21:C:\Documents and Settings\Anthony PECCAVET\Application Data\Mozilla\Firefox\Profiles\xibx0fji.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
    :mozilla.7:C:\Documents and Settings\Anthony PECCAVET\Application Data\Mozilla\Firefox\Profiles\xibx0fji.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
    C:\Documents and Settings\Anthony PECCAVET\Cookies\anthony_peccavet@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.

    Fin du rapport

    la suite arrive bientot
    0
  17. Anthony02P
     
    voila le rapport BITDEFENDER

    Scan path: C:\;D:\;

    Statistics

    Time

    01:28:40

    Files

    255676

    Folders

    6076

    Boot Sectors

    2

    Archives

    8073

    Packed Files

    11050

    Results

    Identified Viruses

    6

    Infected Files

    22

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    22

    Engines Info

    Virus Definitions

    978586

    Engine build

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins

    16

    Archive plugins

    41

    Unpack plugins

    7

    E-mail plugins

    6

    System plugins

    5

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\QooBox\Quarantine\C\WINDOWS\system32\opqss.ini.vir

    Infected with: Trojan.Vundo.DVS

    C:\QooBox\Quarantine\C\WINDOWS\system32\opqss.ini.vir

    Disinfection failed

    C:\QooBox\Quarantine\C\WINDOWS\system32\opqss.ini.vir

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\opqss.ini2.vir

    Infected with: Trojan.Vundo.DVS

    C:\QooBox\Quarantine\C\WINDOWS\system32\opqss.ini2.vir

    Disinfection failed

    C:\QooBox\Quarantine\C\WINDOWS\system32\opqss.ini2.vir

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\xxyxxxx.dll.vir

    Infected with: Trojan.Vundo.DXE

    C:\QooBox\Quarantine\C\WINDOWS\system32\xxyxxxx.dll.vir

    Deleted

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP58\A0014852.exe=>(NSIS 2o)=>lzma_solid_nsis0006

    Detected with: Adware.Navipromo.BZN

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP58\A0014852.exe=>(NSIS 2o)=>lzma_solid_nsis0006

    Disinfection failed

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP58\A0014852.exe=>(NSIS 2o)=>lzma_solid_nsis0006

    Deleted

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP58\A0014852.exe=>(NSIS 2o)

    Update failed

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP58\A0014852.exe=>(NSIS 2o)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002

    Detected with: Adware.Navipromo.BZN

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP58\A0014852.exe=>(NSIS 2o)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002

    Disinfection failed

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP58\A0014852.exe=>(NSIS 2o)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002

    Deleted

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP58\A0014852.exe=>(NSIS 2o)=>lzma_solid_nsis0014=>(NSIS g)

    Update failed

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP60\A0014925.exe=>(NSIS 2o)=>lzma_solid_nsis0006

    Detected with: Adware.Navipromo.BZN

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP60\A0014925.exe=>(NSIS 2o)=>lzma_solid_nsis0006

    Disinfection failed

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP60\A0014925.exe=>(NSIS 2o)=>lzma_solid_nsis0006

    Deleted

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP60\A0014925.exe=>(NSIS 2o)

    Update failed

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP60\A0014925.exe=>(NSIS 2o)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002

    Detected with: Adware.Navipromo.BZN

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP60\A0014925.exe=>(NSIS 2o)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002

    Disinfection failed

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP60\A0014925.exe=>(NSIS 2o)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002

    Deleted

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP60\A0014925.exe=>(NSIS 2o)=>lzma_solid_nsis0014=>(NSIS g)

    Update failed

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP67\A0016205.ini

    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP67\A0016205.ini

    Disinfection failed

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP67\A0016205.ini

    Deleted

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP67\A0016636.ini

    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP67\A0016636.ini

    Disinfection failed

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP67\A0016636.ini

    Deleted

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP68\A0016641.ini

    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP68\A0016641.ini

    Disinfection failed

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP68\A0016641.ini

    Deleted

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP68\A0016674.ini

    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP68\A0016674.ini

    Disinfection failed

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP68\A0016674.ini

    Deleted

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP69\A0019799.dll

    Infected with: Trojan.Vundo.DXO

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP69\A0019799.dll

    Deleted

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP69\A0019848.dll

    Infected with: Trojan.Vundo.DXO

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP69\A0019848.dll

    Deleted

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP69\A0019900.ini

    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP69\A0019900.ini

    Disinfection failed

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP69\A0019900.ini

    Deleted

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP69\A0019941.dll

    Infected with: Trojan.Vundo.DXE

    C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP69\A0019941.dll

    Deleted

    C:\VundoFix Backups\mljgf.dll.bad

    Infected with: Trojan.Vundo.DXO

    C:\VundoFix Backups\mljgf.dll.bad

    Deleted

    C:\VundoFix Backups\xxyxxxx.dll.bad

    Infected with: Trojan.Vundo.DXE

    C:\VundoFix Backups\xxyxxxx.dll.bad

    Deleted

    C:\VundoFix Backups\yybeg.ini.bad

    Infected with: Trojan.Vundo.DVS

    C:\VundoFix Backups\yybeg.ini.bad

    Disinfection failed

    C:\VundoFix Backups\yybeg.ini.bad

    Deleted

    C:\VundoFix Backups\yybeg.ini2.bad

    Infected with: Trojan.Vundo.DVS

    C:\VundoFix Backups\yybeg.ini2.bad

    Disinfection failed

    C:\VundoFix Backups\yybeg.ini2.bad

    Deleted

    C:\WINDOWS\PACK.EPK.ren=>(NSIS 2g)=>lzma_solid_nsis0005

    Detected with: Adware.NaviPromo.BYC

    C:\WINDOWS\PACK.EPK.ren=>(NSIS 2g)=>lzma_solid_nsis0005

    Disinfection failed

    C:\WINDOWS\PACK.EPK.ren=>(NSIS 2g)=>lzma_solid_nsis0005

    Deleted

    C:\WINDOWS\PACK.EPK.ren=>(NSIS 2g)

    Update failed

    C:\WINDOWS\PACK.EPK.ren=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002

    Detected with: Adware.NaviPromo.BYC

    C:\WINDOWS\PACK.EPK.ren=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002

    Disinfection failed

    C:\WINDOWS\PACK.EPK.ren=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002

    Deleted

    C:\WINDOWS\PACK.EPK.ren=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)

    Update failed

    C:\WINDOWS\system32\fpupnb.exe.ren

    Detected with: Adware.Navipromo.BZC

    C:\WINDOWS\system32\fpupnb.exe.ren

    Disinfection failed

    C:\WINDOWS\system32\fpupnb.exe.ren

    Deleted

    VOILA EN GROS LE RAPPORT EN MOIN DéTAILLé

    Scan Info

    Scanned Files

    262091

    Infected Files

    22

    Virus Detected

    Trojan.Vundo.DXE

    3

    Adware.Navipromo.BZC

    1

    Trojan.Vundo.DXO

    3

    Adware.NaviPromo.BYC

    2

    Adware.Navipromo.BZN

    4

    Trojan.Vundo.DVS

    9

    Bon je poste bientot le dernier scan
    0
  18. Anthony02P
     
    Voila le dernier rapport de hijacthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:29:39, on 01/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3172A58E-1082-4F39-B7BC-CB1D8EF5E1FA}: NameServer = 194.2.0.20,194.2.0.50
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    0
  19. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    très bien, où en sont tes soucis ??

    ++
    0
  20. Anthony02P
     
    Bas quand je fais spyware doctor il me trouve moins de trojan mais il m'en reste un trojan risque haut que tout a leur j'avais 10 trojan risques élevé
    tu en penses quoi de tout sa ????
    0
  • 1
  • 2
  • 3