Impossible d'ouvrir un dossier
welbior
Messages postés
111
Statut
Membre
-
nardino Messages postés 1634 Statut Membre -
nardino Messages postés 1634 Statut Membre -
Bonjour,
Salut il m'est impossible d'ouvrir un dossier, répertoire et meme mon disque dur. A chaque fois tout s'efface a part l'image de fond et ca reviens tout nickel. Je poste un log Hijackthis.
Merci d'avance pour celui qui pourrat m'aider.
PS : Antivir me detecte Vundo.gen j'attends la fin du scan Antivir pour passer le VundoFix
Logfile of HijackThis v1.99.1
Scan saved at 21:46:14, on 18/02/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Users\Yohann\Desktop\VundoFix.exe
C:\Windows\system32\werfault.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Users\Yohann\Desktop\test.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rlz=1T4GZHZ_frFR225FR228&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {8675eb16-b08c-5d39-1b24-a34ec2fa2ae4} - {4ea2af2c-e43a-42b1-93d5-c80b61be5768} - C:\Windows\system32\wybaovgq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5F94612C-97E0-4A88-BAC1-FCDC1D0C3876} - C:\Windows\system32\ddaba.dll
O2 - BHO: (no name) - {74D27AF8-F392-45F7-A518-422F6E5AABD4} - C:\Windows\system32\ddaba.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mllmj.dll,#1
O4 - HKLM\..\Run: [c08cf962] rundll32.exe "C:\Windows\system32\vwquaeto.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://titeclaire76.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-fr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - Unknown owner - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files\PostgreSQL\8.3\data\ (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - D:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Salut il m'est impossible d'ouvrir un dossier, répertoire et meme mon disque dur. A chaque fois tout s'efface a part l'image de fond et ca reviens tout nickel. Je poste un log Hijackthis.
Merci d'avance pour celui qui pourrat m'aider.
PS : Antivir me detecte Vundo.gen j'attends la fin du scan Antivir pour passer le VundoFix
Logfile of HijackThis v1.99.1
Scan saved at 21:46:14, on 18/02/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Users\Yohann\Desktop\VundoFix.exe
C:\Windows\system32\werfault.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Users\Yohann\Desktop\test.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rlz=1T4GZHZ_frFR225FR228&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {8675eb16-b08c-5d39-1b24-a34ec2fa2ae4} - {4ea2af2c-e43a-42b1-93d5-c80b61be5768} - C:\Windows\system32\wybaovgq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5F94612C-97E0-4A88-BAC1-FCDC1D0C3876} - C:\Windows\system32\ddaba.dll
O2 - BHO: (no name) - {74D27AF8-F392-45F7-A518-422F6E5AABD4} - C:\Windows\system32\ddaba.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mllmj.dll,#1
O4 - HKLM\..\Run: [c08cf962] rundll32.exe "C:\Windows\system32\vwquaeto.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://titeclaire76.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-fr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - Unknown owner - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files\PostgreSQL\8.3\data\ (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - D:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
A voir également:
- Impossible d'ouvrir un dossier
- Comment ouvrir un fichier epub ? - Guide
- Comment ouvrir un fichier bin ? - Guide
- Dossier appdata - Guide
- Impossible de supprimer un dossier - Guide
- Ouvrir un fichier .dat - Guide
10 réponses
Bonsoir,
Première chose tu remplaces ta version Hijackthis:
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download
HijackThis™ 2.0 .2
Tu nous postes ensuite le rapport Antivir.
Et tu passes Vundofix:
Télécharge :
[b]VundoFix[/b] de Atribune: http://www.atribune.org/ccount/click.php?id=4
[b]VirtumondoBegone[/b] : http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clic sur Vundofix.exe.
Coche la case [b]Run VundoFix as a task[/b]
Répond OK au popup qui s'ouvre.
Il va se refermer et réouvrir au bout d'une minute environ.
Quand il est rouvert, clique sur [b]Scan for Vundo[/b]
Quand le scan est terminé, clique sur [b]Remove Vundo[/b]
Réponds [b]Yes[/b] à la demande de suppression des fichiers.
Il te sera demandé de redémarrer ton ordinateur, accepte bien sûr.
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse
Première chose tu remplaces ta version Hijackthis:
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download
HijackThis™ 2.0 .2
Tu nous postes ensuite le rapport Antivir.
Et tu passes Vundofix:
Télécharge :
[b]VundoFix[/b] de Atribune: http://www.atribune.org/ccount/click.php?id=4
[b]VirtumondoBegone[/b] : http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clic sur Vundofix.exe.
Coche la case [b]Run VundoFix as a task[/b]
Répond OK au popup qui s'ouvre.
Il va se refermer et réouvrir au bout d'une minute environ.
Quand il est rouvert, clique sur [b]Scan for Vundo[/b]
Quand le scan est terminé, clique sur [b]Remove Vundo[/b]
Réponds [b]Yes[/b] à la demande de suppression des fichiers.
Il te sera demandé de redémarrer ton ordinateur, accepte bien sûr.
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse
Dans la bataille j'ai perdu le fichier vwquaeto.ddl sait tu ou je pourrais le retrouver ou pourrait tu me l'envoyer par mail ?
Voici le rapport antivir :
AntiVir PersonalEdition Classic
Report file date: lundi 18 février 2008 20:23
Scanning for 1116118 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: WELBIOR
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:18:48
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 19:18:48
ANTIVIR3.VDF : 7.0.2.155 274944 Bytes 18/02/2008 19:18:48
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 18/02/2008 19:18:48
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 18/02/2008 19:18:48
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 18 février 2008 20:23
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'sdclt.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'hqtray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'vmnetdhcp.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'winvnc4.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'vmnat.exe' - '1' Module(s) have been scanned
Scan process 'vmount2.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'vmware-authd.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'pg_ctl.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
83 processes with 83 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
C:\Windows\System32\mllmj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\Windows\System32\mllmj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
C:\Windows\System32\vwquaeto.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\Windows\System32\vwquaeto.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
The registry was scanned ( '18' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Navilog1\Backupnavi\ibpcfalfsu.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] The file was ignored!
C:\Program Files\Navilog1\Backupnavi\uiprfmc.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] The file was ignored!
C:\Users\Yohann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LHU90Z0\ptch[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481ceba7.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp0000a41f
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ebe2.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp0000b71b
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ebea.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp0000c505
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ebf7.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp0000c93b
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ebff.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp0000cc87
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ec07.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp00012ab4
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4ab30fa8.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp00015b98
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ec09.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp0001603b
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ec08.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp000165e9
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4ab30fa9.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp0002a00e
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ec0a.qua'!
C:\Windows\System32\ddaba.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\Windows\System32\gebcd.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481bf227.qua'!
C:\Windows\System32\jmdwpaab.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '481df233.qua'!
C:\Windows\System32\mllmj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\Windows\System32\sstqp.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482df25c.qua'!
C:\Windows\System32\tnarsubw.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481af25b.qua'!
C:\Windows\System32\tuvklfnn.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482ff263.qua'!
C:\Windows\System32\urqrqrq.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482af261.qua'!
C:\Windows\System32\vwquaeto.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\Windows\System32\wybaovgq.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481bf274.qua'!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Donnée>
End of the scan: lundi 18 février 2008 22:57
Used time: 2:33:35 min
The scan has been done completely.
13883 Scanning directories
587717 Files were scanned
25 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
18 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
587692 Files not concerned
3554 Archives were scanned
9 Warnings
6 Notes
Voici le rapport antivir :
AntiVir PersonalEdition Classic
Report file date: lundi 18 février 2008 20:23
Scanning for 1116118 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: WELBIOR
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:18:48
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 19:18:48
ANTIVIR3.VDF : 7.0.2.155 274944 Bytes 18/02/2008 19:18:48
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 18/02/2008 19:18:48
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 18/02/2008 19:18:48
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 18 février 2008 20:23
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'sdclt.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'hqtray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'vmnetdhcp.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'winvnc4.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'vmnat.exe' - '1' Module(s) have been scanned
Scan process 'vmount2.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'vmware-authd.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'pg_ctl.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
83 processes with 83 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
C:\Windows\System32\mllmj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\Windows\System32\mllmj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
C:\Windows\System32\vwquaeto.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\Windows\System32\vwquaeto.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
The registry was scanned ( '18' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Navilog1\Backupnavi\ibpcfalfsu.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] The file was ignored!
C:\Program Files\Navilog1\Backupnavi\uiprfmc.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] The file was ignored!
C:\Users\Yohann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LHU90Z0\ptch[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481ceba7.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp0000a41f
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ebe2.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp0000b71b
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ebea.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp0000c505
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ebf7.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp0000c93b
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ebff.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp0000cc87
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ec07.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp00012ab4
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4ab30fa8.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp00015b98
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ec09.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp0001603b
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ec08.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp000165e9
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4ab30fa9.qua'!
C:\Users\Yohann\AppData\Local\Temp\tmp0002a00e
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829ec0a.qua'!
C:\Windows\System32\ddaba.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\Windows\System32\gebcd.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481bf227.qua'!
C:\Windows\System32\jmdwpaab.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '481df233.qua'!
C:\Windows\System32\mllmj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\Windows\System32\sstqp.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482df25c.qua'!
C:\Windows\System32\tnarsubw.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481af25b.qua'!
C:\Windows\System32\tuvklfnn.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482ff263.qua'!
C:\Windows\System32\urqrqrq.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482af261.qua'!
C:\Windows\System32\vwquaeto.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\Windows\System32\wybaovgq.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481bf274.qua'!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Donnée>
End of the scan: lundi 18 février 2008 22:57
Used time: 2:33:35 min
The scan has been done completely.
13883 Scanning directories
587717 Files were scanned
25 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
18 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
587692 Files not concerned
3554 Archives were scanned
9 Warnings
6 Notes
Voila le rapport Vundofix. Je ne sais pas si c'est normal mais il ne m'a rien demandé au lancement de Vundo.exe et a la fin quand j'ai fait remove il m'a eteint l'ecran pendant 20 seconde et ensuite il a redemarer. J'ai toujours des fichiers infecté par Vundoqui sonne avec antivir (ddaba.dll et geebd.dll) apparement cela n'a rien fait
VundoFix V6.7.8
Checking Java version...
Scan started at 21:28:31 18/02/2008
Listing files found while scanning....
VundoFix V6.7.8
Checking Java version...
Scan started at 23:07:20 18/02/2008
Listing files found while scanning....
C:\Windows\System32\abadd.ini
C:\Windows\System32\abadd.ini2
C:\Windows\System32\ddaba.dll
C:\Windows\System32\jkkji.dll
Beginning removal...
VundoFix V6.7.8
Checking Java version...
Scan started at 01:17:23 19/02/2008
Listing files found while scanning....
C:\windows\System32\abadd.ini
C:\windows\System32\abadd.ini2
C:\windows\System32\ddaba.dll
C:\windows\System32\geedb.dll
Beginning removal...
VundoFix V6.7.8
Checking Java version...
Scan started at 21:28:31 18/02/2008
Listing files found while scanning....
VundoFix V6.7.8
Checking Java version...
Scan started at 23:07:20 18/02/2008
Listing files found while scanning....
C:\Windows\System32\abadd.ini
C:\Windows\System32\abadd.ini2
C:\Windows\System32\ddaba.dll
C:\Windows\System32\jkkji.dll
Beginning removal...
VundoFix V6.7.8
Checking Java version...
Scan started at 01:17:23 19/02/2008
Listing files found while scanning....
C:\windows\System32\abadd.ini
C:\windows\System32\abadd.ini2
C:\windows\System32\ddaba.dll
C:\windows\System32\geedb.dll
Beginning removal...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bon j'ai recommencer la manoeuvre de Vundofix en mode sans echec et la c'est passé :-) Antivir ne sonne plus et apparement d'après le rapport ca m'a supprimer les fichier infecté :
Beginning removal...
VundoFix V6.7.8
Checking Java version...
Scan started at 02:01:04 19/02/2008
Listing files found while scanning....
VundoFix V6.7.8
Checking Java version...
Scan started at 02:07:07 19/02/2008
Listing files found while scanning....
C:\Windows\System32\abadd.ini
C:\Windows\System32\abadd.ini2
C:\Windows\System32\ddaba.dll
C:\Windows\System32\geedb.dll
Beginning removal...
Attempting to delete C:\Windows\System32\abadd.ini
C:\Windows\System32\abadd.ini Has been deleted!
Attempting to delete C:\Windows\System32\abadd.ini2
C:\Windows\System32\abadd.ini2 Has been deleted!
Attempting to delete C:\Windows\System32\ddaba.dll
C:\Windows\System32\ddaba.dll Has been deleted!
Attempting to delete C:\Windows\System32\geedb.dll
C:\Windows\System32\geedb.dll Has been deleted!
Performing Repairs to the registry.
Done!
Par contre il me manque deux fichier au démarrage vwquaeto.ddl et geedb.dll est ce que si tu est sous Vista tu peut les récupérer dans ton dossier c;/Windows/system32 et me les envoyer par mail a l'adresse : yohannbonamy@hotmail.com s'il te plait. Merci d'avance. Précise dans l'objet Fichier DLL manquant s'il te plait merci pour tout.
Beginning removal...
VundoFix V6.7.8
Checking Java version...
Scan started at 02:01:04 19/02/2008
Listing files found while scanning....
VundoFix V6.7.8
Checking Java version...
Scan started at 02:07:07 19/02/2008
Listing files found while scanning....
C:\Windows\System32\abadd.ini
C:\Windows\System32\abadd.ini2
C:\Windows\System32\ddaba.dll
C:\Windows\System32\geedb.dll
Beginning removal...
Attempting to delete C:\Windows\System32\abadd.ini
C:\Windows\System32\abadd.ini Has been deleted!
Attempting to delete C:\Windows\System32\abadd.ini2
C:\Windows\System32\abadd.ini2 Has been deleted!
Attempting to delete C:\Windows\System32\ddaba.dll
C:\Windows\System32\ddaba.dll Has been deleted!
Attempting to delete C:\Windows\System32\geedb.dll
C:\Windows\System32\geedb.dll Has been deleted!
Performing Repairs to the registry.
Done!
Par contre il me manque deux fichier au démarrage vwquaeto.ddl et geedb.dll est ce que si tu est sous Vista tu peut les récupérer dans ton dossier c;/Windows/system32 et me les envoyer par mail a l'adresse : yohannbonamy@hotmail.com s'il te plait. Merci d'avance. Précise dans l'objet Fichier DLL manquant s'il te plait merci pour tout.
Bonjour.
Ces deux dll ont été supprimées et étaient liées à Vundo.
Tu peux supprimer Vundofix et ses rapports.
Envoies-moi un nouveau rapport Hijackthis
Télécharge sur ton bureau [b]OAD[/b] (Outil Aide Diagnostic) de !aur3n7 :
http://sosvirus.changelog.fr/OAD.exe
Clique sur OAD.exe, entre le nom du fichier suivant, puis Entrée.
Dans la fenêtre suivante tape 6 puis entrée et laisse le scan se terminer.
Enregistre la totalité du rapport qui s'ouvre dans le blocnote sous vwquaeto.txt
Puis poste-le dans ta réponse.
vwquaeto
Recommence avec :geedb
Pour l'utilisation sous Vista:
Clique droit sur le fichier OAD.exe et sur Propriétés, dans l'onglet Compatibilité, Cadre "Niveau de privilège" coche
"Exécuter ce programme en tant qu'administrateur".
Un tutoriel : http://perso.orange.fr/rue-du-montceau/tutoriels.html#oad
Ces deux dll ont été supprimées et étaient liées à Vundo.
Tu peux supprimer Vundofix et ses rapports.
Envoies-moi un nouveau rapport Hijackthis
Télécharge sur ton bureau [b]OAD[/b] (Outil Aide Diagnostic) de !aur3n7 :
http://sosvirus.changelog.fr/OAD.exe
Clique sur OAD.exe, entre le nom du fichier suivant, puis Entrée.
Dans la fenêtre suivante tape 6 puis entrée et laisse le scan se terminer.
Enregistre la totalité du rapport qui s'ouvre dans le blocnote sous vwquaeto.txt
Puis poste-le dans ta réponse.
vwquaeto
Recommence avec :geedb
Pour l'utilisation sous Vista:
Clique droit sur le fichier OAD.exe et sur Propriétés, dans l'onglet Compatibilité, Cadre "Niveau de privilège" coche
"Exécuter ce programme en tant qu'administrateur".
Un tutoriel : http://perso.orange.fr/rue-du-montceau/tutoriels.html#oad
Nouveau hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:02:48, on 20/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\conime.exe
C:\Program Files\EasyPHP1-8\EasyPHP.exe
C:\PROGRA~1\EASYPH~1\Apache\apache.exe
C:\PROGRA~1\EASYPH~1\Apache\apache.exe
C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Yohann\Desktop\test.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rlz=1T4GZHZ_frFR225FR228&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {8675eb16-b08c-5d39-1b24-a34ec2fa2ae4} - {4ea2af2c-e43a-42b1-93d5-c80b61be5768} - C:\Windows\system32\wybaovgq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {EAF03FED-3401-467A-B1A7-015F30F71BDF} - C:\Windows\system32\ddaba.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geedb.dll,#1
O4 - HKLM\..\Run: [c08cf962] rundll32.exe "C:\Windows\system32\vwquaeto.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3706787186-467612791-1499316741-1012\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Program Files\RealVNC\VNC4\WinVNC4.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:02:48, on 20/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\conime.exe
C:\Program Files\EasyPHP1-8\EasyPHP.exe
C:\PROGRA~1\EASYPH~1\Apache\apache.exe
C:\PROGRA~1\EASYPH~1\Apache\apache.exe
C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Yohann\Desktop\test.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rlz=1T4GZHZ_frFR225FR228&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {8675eb16-b08c-5d39-1b24-a34ec2fa2ae4} - {4ea2af2c-e43a-42b1-93d5-c80b61be5768} - C:\Windows\system32\wybaovgq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {EAF03FED-3401-467A-B1A7-015F30F71BDF} - C:\Windows\system32\ddaba.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geedb.dll,#1
O4 - HKLM\..\Run: [c08cf962] rundll32.exe "C:\Windows\system32\vwquaeto.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3706787186-467612791-1499316741-1012\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Program Files\RealVNC\VNC4\WinVNC4.exe
Pour vwquaeto
20/02/2008 ---- 3:09:44,25
----------------------------------
§§§§§§ [vwquaeto] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c08cf962"="rundll32.exe \"C:\\Windows\\system32\\vwquaeto.dll\",b"
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
20/02/2008 ---- 3:09:44,25
----------------------------------
§§§§§§ [vwquaeto] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c08cf962"="rundll32.exe \"C:\\Windows\\system32\\vwquaeto.dll\",b"
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
Et voila pour geedb :
20/02/2008 ---- 3:16:07,82
----------------------------------
§§§§§§ [geedb] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07C7156E-D651-4ACC-9AD3-498C916E9651}\InprocServer32]
@="C:\\Windows\\system32\\geedb.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"="rundll32.exe C:\\Windows\\system32\\geedb.dll,#1"
*******************
[Fichier]
*******************
c:\VundoFix Backups\geedb.dll.bad
*********************
[Même date]
*********************
[19/02/2008 ] --- REP ---> C:\Program Files\CCleaner
[19/02/2008 ] --- REP ---> C:\Program Files\Grisoft
[19/02/2008 ] --- REP ---> C:\Program Files\GUILD WARS
[19/02/2008 ] ---> C:\Windows\system32\advpack.dll
[19/02/2008 ] ---> C:\Windows\system32\asferror.dll
[19/02/2008 ] ---> C:\Windows\system32\batt.dll
[19/02/2008 ] ---> C:\Windows\system32\cfgmgr32.dll
[19/02/2008 ] ---> C:\Windows\system32\clfs.sys
[19/02/2008 ] ---> C:\Windows\system32\dispci.dll
[19/02/2008 ] ---> C:\Windows\system32\dpx.dll
[19/02/2008 ] ---> C:\Windows\system32\drivers\atapi.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\ataport.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\AvgAsCln.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\i8042prt.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\intelide.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\kbdclass.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\kbdhid.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\mouclass.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\mouhid.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\mrxdav.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\mrxsmb.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\mrxsmb20.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\netio.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\ntfs.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\nwifi.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\pciidex.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\sermouse.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\srv2.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\srvnet.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\tcpip.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\volsnap.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\Wdf01000.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\WdfLdr.sys
[19/02/2008 ] ---> C:\Windows\system32\drvinst.exe
[19/02/2008 ] ---> C:\Windows\system32\dxtmsft.dll
[19/02/2008 ] ---> C:\Windows\system32\dxtrans.dll
[19/02/2008 ] ---> C:\Windows\system32\f3ahvoas.dll
[19/02/2008 ] ---> C:\Windows\system32\gameux.dll
[19/02/2008 ] ---> C:\Windows\system32\GameUXLegacyGDFs.dll
[19/02/2008 ] ---> C:\Windows\system32\icardie.dll
[19/02/2008 ] ---> C:\Windows\system32\ie4uinit.exe
[19/02/2008 ] ---> C:\Windows\system32\ieapfltr.dll
[19/02/2008 ] ---> C:\Windows\system32\ieframe.dll
[19/02/2008 ] ---> C:\Windows\system32\iernonce.dll
[19/02/2008 ] ---> C:\Windows\system32\iesetup.dll
[19/02/2008 ] ---> C:\Windows\system32\ieui.dll
[19/02/2008 ] ---> C:\Windows\system32\ieUnatt.exe
[19/02/2008 ] ---> C:\Windows\system32\inetcpl.cpl
[19/02/2008 ] ---> C:\Windows\system32\jsproxy.dll
[19/02/2008 ] ---> C:\Windows\system32\kbd106n.dll
[19/02/2008 ] ---> C:\Windows\system32\LAPRXY.DLL
[19/02/2008 ] ---> C:\Windows\system32\loadperf.dll
[19/02/2008 ] ---> C:\Windows\system32\lodctr.exe
[19/02/2008 ] ---> C:\Windows\system32\mshtml.dll
[19/02/2008 ] ---> C:\Windows\system32\mshtml.tlb
[19/02/2008 ] ---> C:\Windows\system32\mshtmled.dll
[19/02/2008 ] ---> C:\Windows\system32\mstime.dll
[19/02/2008 ] ---> C:\Windows\system32\netcfg.exe
[19/02/2008 ] ---> C:\Windows\system32\netiougc.exe
[19/02/2008 ] ---> C:\Windows\system32\nshhttp.dll
[19/02/2008 ] ---> C:\Windows\system32\ntkrnlpa.exe
[19/02/2008 ] ---> C:\Windows\system32\ntoskrnl.exe
[19/02/2008 ] ---> C:\Windows\system32\oleaut32.dll
[19/02/2008 ] ---> C:\Windows\system32\pngfilt.dll
[19/02/2008 ] ---> C:\Windows\system32\prflbmsg.dll
[19/02/2008 ] ---> C:\Windows\system32\quartz.dll
[19/02/2008 ] ---> C:\Windows\system32\sbunattend.exe
[19/02/2008 ] ---> C:\Windows\system32\schedsvc.dll
[19/02/2008 ] ---> C:\Windows\system32\setupapi.dll
[19/02/2008 ] ---> C:\Windows\system32\tcpipcfg.dll
[19/02/2008 ] ---> C:\Windows\system32\tzres.dll
[19/02/2008 ] ---> C:\Windows\system32\umpnpmgr.dll
[19/02/2008 ] ---> C:\Windows\system32\unlodctr.exe
[19/02/2008 ] ---> C:\Windows\system32\urlmon.dll
[19/02/2008 ] ---> C:\Windows\system32\WebClnt.dll
[19/02/2008 ] ---> C:\Windows\system32\wininet.dll
[19/02/2008 ] ---> C:\Windows\system32\winload.exe
[19/02/2008 ] ---> C:\Windows\system32\winresume.exe
[19/02/2008 ] ---> C:\Windows\system32\WMASF.DLL
[19/02/2008 ] ---> C:\Windows\system32\wpd_ci.dll
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
20/02/2008 ---- 3:16:07,82
----------------------------------
§§§§§§ [geedb] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07C7156E-D651-4ACC-9AD3-498C916E9651}\InprocServer32]
@="C:\\Windows\\system32\\geedb.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"="rundll32.exe C:\\Windows\\system32\\geedb.dll,#1"
*******************
[Fichier]
*******************
c:\VundoFix Backups\geedb.dll.bad
*********************
[Même date]
*********************
[19/02/2008 ] --- REP ---> C:\Program Files\CCleaner
[19/02/2008 ] --- REP ---> C:\Program Files\Grisoft
[19/02/2008 ] --- REP ---> C:\Program Files\GUILD WARS
[19/02/2008 ] ---> C:\Windows\system32\advpack.dll
[19/02/2008 ] ---> C:\Windows\system32\asferror.dll
[19/02/2008 ] ---> C:\Windows\system32\batt.dll
[19/02/2008 ] ---> C:\Windows\system32\cfgmgr32.dll
[19/02/2008 ] ---> C:\Windows\system32\clfs.sys
[19/02/2008 ] ---> C:\Windows\system32\dispci.dll
[19/02/2008 ] ---> C:\Windows\system32\dpx.dll
[19/02/2008 ] ---> C:\Windows\system32\drivers\atapi.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\ataport.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\AvgAsCln.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\i8042prt.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\intelide.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\kbdclass.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\kbdhid.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\mouclass.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\mouhid.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\mrxdav.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\mrxsmb.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\mrxsmb20.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\netio.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\ntfs.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\nwifi.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\pciidex.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\sermouse.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\srv2.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\srvnet.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\tcpip.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\volsnap.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\Wdf01000.sys
[19/02/2008 ] ---> C:\Windows\system32\drivers\WdfLdr.sys
[19/02/2008 ] ---> C:\Windows\system32\drvinst.exe
[19/02/2008 ] ---> C:\Windows\system32\dxtmsft.dll
[19/02/2008 ] ---> C:\Windows\system32\dxtrans.dll
[19/02/2008 ] ---> C:\Windows\system32\f3ahvoas.dll
[19/02/2008 ] ---> C:\Windows\system32\gameux.dll
[19/02/2008 ] ---> C:\Windows\system32\GameUXLegacyGDFs.dll
[19/02/2008 ] ---> C:\Windows\system32\icardie.dll
[19/02/2008 ] ---> C:\Windows\system32\ie4uinit.exe
[19/02/2008 ] ---> C:\Windows\system32\ieapfltr.dll
[19/02/2008 ] ---> C:\Windows\system32\ieframe.dll
[19/02/2008 ] ---> C:\Windows\system32\iernonce.dll
[19/02/2008 ] ---> C:\Windows\system32\iesetup.dll
[19/02/2008 ] ---> C:\Windows\system32\ieui.dll
[19/02/2008 ] ---> C:\Windows\system32\ieUnatt.exe
[19/02/2008 ] ---> C:\Windows\system32\inetcpl.cpl
[19/02/2008 ] ---> C:\Windows\system32\jsproxy.dll
[19/02/2008 ] ---> C:\Windows\system32\kbd106n.dll
[19/02/2008 ] ---> C:\Windows\system32\LAPRXY.DLL
[19/02/2008 ] ---> C:\Windows\system32\loadperf.dll
[19/02/2008 ] ---> C:\Windows\system32\lodctr.exe
[19/02/2008 ] ---> C:\Windows\system32\mshtml.dll
[19/02/2008 ] ---> C:\Windows\system32\mshtml.tlb
[19/02/2008 ] ---> C:\Windows\system32\mshtmled.dll
[19/02/2008 ] ---> C:\Windows\system32\mstime.dll
[19/02/2008 ] ---> C:\Windows\system32\netcfg.exe
[19/02/2008 ] ---> C:\Windows\system32\netiougc.exe
[19/02/2008 ] ---> C:\Windows\system32\nshhttp.dll
[19/02/2008 ] ---> C:\Windows\system32\ntkrnlpa.exe
[19/02/2008 ] ---> C:\Windows\system32\ntoskrnl.exe
[19/02/2008 ] ---> C:\Windows\system32\oleaut32.dll
[19/02/2008 ] ---> C:\Windows\system32\pngfilt.dll
[19/02/2008 ] ---> C:\Windows\system32\prflbmsg.dll
[19/02/2008 ] ---> C:\Windows\system32\quartz.dll
[19/02/2008 ] ---> C:\Windows\system32\sbunattend.exe
[19/02/2008 ] ---> C:\Windows\system32\schedsvc.dll
[19/02/2008 ] ---> C:\Windows\system32\setupapi.dll
[19/02/2008 ] ---> C:\Windows\system32\tcpipcfg.dll
[19/02/2008 ] ---> C:\Windows\system32\tzres.dll
[19/02/2008 ] ---> C:\Windows\system32\umpnpmgr.dll
[19/02/2008 ] ---> C:\Windows\system32\unlodctr.exe
[19/02/2008 ] ---> C:\Windows\system32\urlmon.dll
[19/02/2008 ] ---> C:\Windows\system32\WebClnt.dll
[19/02/2008 ] ---> C:\Windows\system32\wininet.dll
[19/02/2008 ] ---> C:\Windows\system32\winload.exe
[19/02/2008 ] ---> C:\Windows\system32\winresume.exe
[19/02/2008 ] ---> C:\Windows\system32\WMASF.DLL
[19/02/2008 ] ---> C:\Windows\system32\wpd_ci.dll
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
Bonjour.
Dans un blocnote ( Tous les programmes-Accessoires) tu copies-colles ce qui suit en Italique.
Dans Format, veille à bien retirer la coche devant Retour à la ligne automatique.
Fais un retour chariot ( Entrée) après la dernière ligne.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07C7156E-D651-4ACC-9AD3-498C916E9651}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c08cf962"=-
"MSServer"=-
Dans Fichier, Enregistrer sous, Tous les fichiers, sur le bureau tu enregistres sous le nom fix.reg
Si le fichier obtenu est appelé fix.reg.txt, tu le renommes en supprimant .txt à la fin
Ensuite tu cliques droit sur ce fichier, tu choisis Fusionner et tu acceptes.
Un message t'avertira de la bonne exécution du fix.
L'icône du fichier : https://i28.servimg.com/u/f28/11/05/93/83/iconer10.jpg
Télécharge ToolsCleaner2 de A. Rothstein sur ton Bureau :*
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
Double clique sur ToolsCleaner2.exe
Clique sur Recherche et la liste des outils va s'afficher.
Clique sur le bouton Suppression.
Quitter.
Un fichier C:\TCleaner.txt sera créé, postes-le
Note : ton bureau va disparaître, c'est normal.
S'il n'apparaît pas à la fin du scan, fais la manip suivante :
CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"
Tape explorer.exe et valide. Cela fera re-apparaître le Bureau
Dans un blocnote ( Tous les programmes-Accessoires) tu copies-colles ce qui suit en Italique.
Dans Format, veille à bien retirer la coche devant Retour à la ligne automatique.
Fais un retour chariot ( Entrée) après la dernière ligne.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07C7156E-D651-4ACC-9AD3-498C916E9651}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c08cf962"=-
"MSServer"=-
Dans Fichier, Enregistrer sous, Tous les fichiers, sur le bureau tu enregistres sous le nom fix.reg
Si le fichier obtenu est appelé fix.reg.txt, tu le renommes en supprimant .txt à la fin
Ensuite tu cliques droit sur ce fichier, tu choisis Fusionner et tu acceptes.
Un message t'avertira de la bonne exécution du fix.
L'icône du fichier : https://i28.servimg.com/u/f28/11/05/93/83/iconer10.jpg
Télécharge ToolsCleaner2 de A. Rothstein sur ton Bureau :*
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
Double clique sur ToolsCleaner2.exe
Clique sur Recherche et la liste des outils va s'afficher.
Clique sur le bouton Suppression.
Quitter.
Un fichier C:\TCleaner.txt sera créé, postes-le
Note : ton bureau va disparaître, c'est normal.
S'il n'apparaît pas à la fin du scan, fais la manip suivante :
CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"
Tape explorer.exe et valide. Cela fera re-apparaître le Bureau
