Aide pour multiples virus

Question

Bonjour,
suite à un fichiers .exe qui n'était pas ce qu'il paraissait, je suis malaaaade
j'ai lancé ccleaner
avg
bitdefender online 
et hijack this

voici les logs:

avg:

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	13:05:17 18/03/2008

 + Résultat de l'analyse:	



C:\WINDOWS\system32\cmdow.exe -> Downloader.Delf.ain : Nettoyé.
D:\WINDOWS\system32\cmdow.exe -> Downloader.Delf.ain : Nettoyé.
:mozilla.400:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.479:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.520:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.59:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.60:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.63:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.64:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.658:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.65:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.66:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.67:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.68:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.69:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.70:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.71:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.73:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.74:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.75:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.76:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.77:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.78:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.79:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.80:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.81:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.82:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.83:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.532:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.533:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.536:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.913:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.545:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Adengage : Nettoyé.
:mozilla.546:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Adengage : Nettoyé.
:mozilla.547:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Adengage : Nettoyé.
:mozilla.646:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Adnet : Nettoyé.
:mozilla.647:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Adnet : Nettoyé.
:mozilla.254:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.42:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.86:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.233:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.235:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.237:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.571:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Cqcounter : Nettoyé.
:mozilla.575:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Cqcounter : Nettoyé.
:mozilla.139:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.514:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.515:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.741:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.742:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.743:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.431:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.432:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.441:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.442:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.455:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.958:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.953:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.954:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.941:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Ivwbox : Nettoyé.
:mozilla.718:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Masterstats : Nettoyé.
:mozilla.805:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.806:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.140:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.660:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Planetactive : Nettoyé.
:mozilla.62:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.84:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.85:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.87:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.88:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.89:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.91:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.92:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.93:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.94:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.144:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.145:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.146:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.147:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.148:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.149:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.151:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.940:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.209:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.210:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.211:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.212:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.23:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.24:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.25:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.26:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.27:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.28:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.29:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.673:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.258:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.259:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.260:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.261:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.410:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.174:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.175:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.176:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.177:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.178:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.179:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.182:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.183:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1job20yd.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.

log bitdefender:
Time
	

00:45:56

Files
	

212149

Folders
	

5725

Boot Sectors
	

3

Archives
	

1564

Packed Files
	

6869
	

 
	

 

Results

Identified Viruses
	

10

Infected Files
	

11

Suspect Files
	

0

Warnings
	

0

Disinfected
	

0

Deleted Files
	

11
	

 
	

 

Engines Info

Virus Definitions
	

1008156

Engine build
	

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
	

16

Archive plugins
	

41

Unpack plugins
	

7

E-mail plugins
	

6

System plugins
	

5
	

 
	

 

Scan Settings

First Action
	

Disinfect

Second Action
	

Delete

Heuristics
	

Yes

Enable Warnings
	

Yes

Scanned Extensions
	

*;

Exclude Extensions
	

 

Scan Emails
	

Yes

Scan Archives
	

Yes

Scan Packed
	

Yes

Scan Files
	

Yes

Scan Boot
	

Yes
	

 
	

 
 

Scanned File
	

 Status

C:\QooBox\Quarantine\G\AUTORUN.INF.vir
	

Infected with: Trojan.Autorun.EU

C:\QooBox\Quarantine\G\AUTORUN.INF.vir
	

Deleted

C:\VundoFix Backups\ihhkj.ini.bad
	

Infected with: Trojan.Vundo.DVS

C:\VundoFix Backups\ihhkj.ini.bad
	

Disinfection failed

C:\VundoFix Backups\ihhkj.ini.bad
	

Deleted

C:\VundoFix Backups\ihhkj.ini2.bad
	

Infected with: Trojan.Vundo.DVS

C:\VundoFix Backups\ihhkj.ini2.bad
	

Disinfection failed

C:\VundoFix Backups\ihhkj.ini2.bad
	

Deleted

C:\VundoFix Backups\jkhhi.dll.bad
	

Infected with: Trojan.Vundo.EAJ

C:\VundoFix Backups\jkhhi.dll.bad
	

Disinfection failed

C:\VundoFix Backups\jkhhi.dll.bad
	

Deleted

C:\VundoFix Backups\yayaywv.dll.bad
	

Infected with: Trojan.Vundo.DZT

C:\VundoFix Backups\yayaywv.dll.bad
	

Disinfection failed

C:\VundoFix Backups\yayaywv.dll.bad
	

Deleted

C:\WINDOWS\system32	xp\keygen.exe=>(RAR Sfx o)=>winlogon.exe
	

Detected with: Application.Generic.6285

C:\WINDOWS\system32	xp\keygen.exe=>(RAR Sfx o)=>winlogon.exe
	

Disinfection failed

C:\WINDOWS\system32	xp\keygen.exe=>(RAR Sfx o)=>winlogon.exe
	

Deleted

C:\WINDOWS\system32	xp\keygen.exe=>(RAR Sfx o)
	

Update failed

C:\WINDOWS\system32	xp\keygen.exe=>(RAR Sfx o)=>Mssvc.exe
	

Detected with: Application.Servu.Daemon.CE

C:\WINDOWS\system32	xp\keygen.exe=>(RAR Sfx o)=>Mssvc.exe
	

Disinfection failed

C:\WINDOWS\system32	xp\keygen.exe=>(RAR Sfx o)=>Mssvc.exe
	

Deleted

C:\WINDOWS\system32	xp\keygen.exe=>(RAR Sfx o)
	

Update failed

C:\WINDOWS\system32	xp\keygen.exe=>(RAR Sfx o)=>TzoLibr.dll
	

Infected with: Backdoor.RBot.BZO

C:\WINDOWS\system32	xp\keygen.exe=>(RAR Sfx o)=>TzoLibr.dll
	

Deleted

C:\WINDOWS\system32	xp\keygen.exe=>(RAR Sfx o)
	

Update failed

D:\System Volume Information\_restore{AB275CB4-F6C6-4645-A286-07B7FE387F13}\RP2\A0002183.exe=>(RAR Sfx o)=>keygen.exe=>(RAR Sfx o)=>winlogon.exe
	

Detected with: Application.Generic.6285

D:\System Volume Information\_restore{AB275CB4-F6C6-4645-A286-07B7FE387F13}\RP2\A0002183.exe=>(RAR Sfx o)=>keygen.exe=>(RAR Sfx o)=>winlogon.exe
	

Disinfection failed

D:\System Volume Information\_restore{AB275CB4-F6C6-4645-A286-07B7FE387F13}\RP2\A0002183.exe=>(RAR Sfx o)=>keygen.exe=>(RAR Sfx o)=>winlogon.exe
	

Deleted

D:\System Volume Information\_restore{AB275CB4-F6C6-4645-A286-07B7FE387F13}\RP2\A0002183.exe=>(RAR Sfx o)=>keygen.exe=>(RAR Sfx o)
	

Update failed

D:\System Volume Information\_restore{AB275CB4-F6C6-4645-A286-07B7FE387F13}\RP2\A0002183.exe=>(RAR Sfx o)=>keygen.exe=>(RAR Sfx o)=>Mssvc.exe
	

Detected with: Application.Servu.Daemon.CE

D:\System Volume Information\_restore{AB275CB4-F6C6-4645-A286-07B7FE387F13}\RP2\A0002183.exe=>(RAR Sfx o)=>keygen.exe=>(RAR Sfx o)=>Mssvc.exe
	

Disinfection failed

D:\System Volume Information\_restore{AB275CB4-F6C6-4645-A286-07B7FE387F13}\RP2\A0002183.exe=>(RAR Sfx o)=>keygen.exe=>(RAR Sfx o)=>Mssvc.exe
	

Deleted

D:\System Volume Information\_restore{AB275CB4-F6C6-4645-A286-07B7FE387F13}\RP2\A0002183.exe=>(RAR Sfx o)=>keygen.exe=>(RAR Sfx o)
	

Update failed

D:\System Volume Information\_restore{AB275CB4-F6C6-4645-A286-07B7FE387F13}\RP2\A0002183.exe=>(RAR Sfx o)=>keygen.exe=>(RAR Sfx o)=>TzoLibr.dll
	

Infected with: Backdoor.RBot.BZO

D:\System Volume Information\_restore{AB275CB4-F6C6-4645-A286-07B7FE387F13}\RP2\A0002183.exe=>(RAR Sfx o)=>keygen.exe=>(RAR Sfx o)=>TzoLibr.dll
	

Deleted

D:\System Volume Information\_restore{AB275CB4-F6C6-4645-A286-07B7FE387F13}\RP2\A0002183.exe=>(RAR Sfx o)=>keygen.exe=>(RAR Sfx o)
	

Update failed

log hijack:

Scan saved at 14:04:06, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {C0076390-8BCF-41A3-9275-906D44094CFC} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe  /start
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Startup: Ubisoft register.lnk = C:\Program Files\UBISOFT\Register\schedule.exe
O4 - Global Startup: RAID Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F2291A3-BCA9-4AEF-ADBD-819DD76E0DB1}: NameServer = 192.168.1.1
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe


merci d'avance;

jlpjlp · Answer

slt,

Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus

# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!
___________________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

___________________

vire ce qui est dans les dossiers quarantine et vundofix backups en allant dans poste de travail puis c

C:\QooBox\Quarantine

C:\VundoFix Backups
______________________

si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
------------------

colle un rapport antivir

a plus

citrouille · Answer

résultat RAV: ordi sain

citrouille · Answer

log combofix:

ComboFix 08-03-17.1 - Admin 2008-03-18 14:57:15.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.451 [GMT 1:00]
Endroit: C:\Documents and Settings\Admin\Bureau\killer-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))))))))
.

2008-03-18 13:07 . 2008-03-18 13:07 <REP> d-------- C:\WINDOWS\LastGood
2008-03-18 13:07 . 2008-03-18 13:59 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-18 12:20 . 2008-03-18 12:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-18 12:20 . 2008-03-18 12:20 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Grisoft
2008-03-18 12:20 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-18 10:56 . 2008-03-18 10:56 <REP> d-------- C:\Documents and Settings\Admin\Application Data\TuneUp Software
2008-03-18 10:56 . 2008-03-18 10:56 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-18 10:56 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-18 10:55 . 2008-03-18 10:57 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-18 10:55 . 2008-03-18 10:55 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-18 10:55 . 2008-03-18 10:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-17 09:50 . 2008-03-17 09:50 <REP> d-------- C:\Program Files\L'Amerzone
2008-03-15 10:59 . 2005-07-26 14:01 578,048 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-03-15 10:57 . 2008-03-15 10:57 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-11 11:47 . 2008-03-11 11:47 <REP> d-------- C:\Program Files\Eidos Interactive
2008-03-11 10:54 . 2008-03-11 10:54 <REP> d-------- C:\Program Files\Maxis
2008-03-10 11:49 . 2008-03-10 11:49 <REP> d-------- C:\Program Files\MindArk
2008-03-09 13:42 . 2008-03-09 13:42 <REP> d-------- C:\Program Files\Exact Audio Copy
2008-03-09 13:42 . 2008-03-09 13:42 <REP> d-------- C:\Documents and Settings\Admin\Application Data\AD ON Multimedia
2008-03-09 13:42 . 2008-03-09 13:42 <REP> d-------- C:\Documents and Settings\Admin\Application Data\AccurateRip
2008-03-04 14:03 . 2008-03-04 14:04 <REP> d-------- C:\Program Files\Winamp
2008-03-04 14:03 . 2008-03-17 14:27 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Winamp
2008-03-04 08:30 . 2008-03-15 11:23 <REP> d-------- C:\SDFix
2008-03-04 08:26 . 2008-03-04 08:26 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
2008-03-02 18:10 . 2008-03-02 18:10 <REP> d-------- C:\Program Files\CodeStuff
2008-03-02 16:20 . 2008-03-02 16:23 <REP> d-------- C:\ComboFix(2)
2008-03-02 09:01 . 2008-03-17 12:11 12,587 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-01 21:47 . 2008-03-01 21:47 <REP> d-------- C:\Program Files\Avira
2008-03-01 21:47 . 2008-03-01 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-01 21:44 . 2008-03-01 21:44 <REP> d-------- C:\Program Files\Sunbelt Software
2008-03-01 21:11 . 2008-03-18 13:43 <REP> d-------- C:\VundoFix Backups
2008-03-01 21:00 . 2008-03-01 21:00 <REP> d-------- C:\Program Files\Trend Micro
2008-03-01 20:10 . 2008-03-01 20:10 <REP> d-------- C:\WINDOWS\system32\txp
2008-03-01 20:10 . 2008-03-01 20:10 <REP> d-------- C:\WINDOWS\Driver
2008-02-18 21:11 . 2008-02-18 21:11 <REP> d-------- C:\Program Files\LocalCooling

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 12:06 --------- d-----w C:\Program Files\PeerGuardian2
2008-03-18 10:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-18 10:39 --------- d-----w C:\Program Files\eMule
2008-03-17 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-17 06:55 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-15 14:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 17:22 --------- d-----w C:\Program Files\Google
2008-03-08 18:18 --------- d-----w C:\Program Files\PeerTV
2008-03-08 18:17 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-03-08 18:17 --------- d-----w C:\Program Files\FLStudio4
2008-03-04 13:00 --------- d-----w C:\Program Files\MediaMonkey
2008-02-20 13:27 --------- d-----w C:\Program Files\MOG-O-MATIC
2008-02-20 13:27 --------- d-----w C:\Program Files\johnsadventures.com
2008-02-20 13:27 --------- d-----w C:\Documents and Settings\Admin\Application Data\johnsadventures.com
2008-02-20 13:26 --------- d-----w C:\Program Files\DivX
2008-02-11 23:09 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-02-11 23:09 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-02-11 23:09 --------- d-----w C:\Program Files\OpenAL
2008-02-04 08:39 --------- d-----w C:\Documents and Settings\Admin\Application Data\Megaupload
2008-02-04 08:34 --------- d-----w C:\Program Files\Megaupload
2008-02-04 08:34 --------- d-----w C:\Documents and Settings\Admin\Application Data\InstallShield
2008-02-03 13:21 --------- d-----w C:\Program Files\WinISO
2008-02-03 09:09 --------- d-----w C:\Program Files\Microsoft Games
2008-01-27 11:56 --------- d-----w C:\Documents and Settings\Admin\Application Data\My Games
2008-01-21 09:28 --------- d-----w C:\Documents and Settings\Admin\Application Data\Eltima Software
2008-01-21 09:26 --------- d-----w C:\Program Files\Easiestutils
2008-01-21 08:59 --------- d-----w C:\Program Files\URUSoft
2008-01-18 19:24 --------- d-----w C:\Program Files\EA GAMES
2008-01-18 16:10 --------- d-----w C:\Program Files\Gpotato
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-02 14:33 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-27 15:04 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

------- Sigcheck -------

2005-07-26 14:01 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll
2005-07-26 14:01 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\dllcache\user32.dll

2005-12-14 12:12 662528 e41e8fdf62cf20f2e2b16d800d96eb51 C:\WINDOWS\system32\wininet.dll

2005-09-18 11:29 359936 0df628756fb71111955be60bac216a70 C:\WINDOWS\system32\drivers\tcpip.sys

2005-10-12 09:33 2017280 50b3a210b6fa8d3089a36a32e7d8b21f C:\WINDOWS\system32\ntkrnlpa.exe

2005-07-26 14:01 2137600 e75f7aa5a33479f29c636fd0890f5762 C:\WINDOWS\system32\ntoskrnl.exe

2005-07-26 14:01 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0076390-8BCF-41A3-9275-906D44094CFC}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe" [2005-03-24 17:28 983040]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 07:18 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-12 00:34 6729728]
"nwiz"="nwiz.exe" [2005-05-12 00:34 1519616 C:\WINDOWS\system32\nwiz.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2005-04-28 13:49 3630080]
"ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 15:07 617984]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 15:27 1065288]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 15:00 155648]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-12 00:34 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-01 22:37 249896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 10:24 341]
"nlsf"="cmd.exe" [2004-08-19 15:09 400896 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 14:52 44544]

C:\Documents and Settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
Ubisoft register.lnk - C:\Program Files\UBISOFT\Register\schedule.exe [2007-12-09 12:59:58 28672]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2007-09-10 10:34:55 724992]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5911:TCP"= 5911:TCP:Worms4
"80:TCP"= 80:TCP:Worms4
"28900:TCP"= 28900:TCP:Worms4
"29900:TCP"= 29900:TCP:Worms4
"29901:TCP"= 29901:TCP:Worms4
"5911:UDP"= 5911:UDP:Worms4
"6500:UDP"= 6500:UDP:Worms4
"13139:UDP"= 13139:UDP:Worms4
"27900:UDP"= 27900:UDP:Worms4
"13795:TCP"= 13795:TCP:NortonAV
"18597:TCP"= 18597:TCP:NortonAV
"14839:TCP"= 14839:TCP:NortonAV
"14772:TCP"= 14772:TCP:NortonAV
"17875:TCP"= 17875:TCP:NortonAV
"14711:TCP"= 14711:TCP:NortonAV
"13187:TCP"= 13187:TCP:NortonAV

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2005-03-17 15:00]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2007-12-31 16:55]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2007-12-31 16:55]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 19:56]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 18:56]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-18 10:56]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - PGFILTER
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At1.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At2.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
"2008-03-01 19:32:54 C:\WINDOWS\Tasks\At3.job"
- C:\Documents and Settings\Admin\Application Data\wunauclt.exe
"2008-03-18 14:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 15:01:46
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-18 15:03:46
ComboFix-quarantined-files.txt 2008-03-03 09:18:45
ComboFix2.txt 2008-03-03 09:18:55
ComboFix3.txt 2008-03-02 19:39:18
ComboFix4.txt 2008-03-02 08:12:00

jlpjlp · Answer

ok fais le reste

citrouille · Answer

log avira:

Version information:
BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2     5447168 Bytes  07/03/2008 15:19:43
ANTIVIR2.VDF : 7.0.3.3        2048 Bytes  07/03/2008 15:19:43
ANTIVIR3.VDF : 7.0.3.47     294400 Bytes  18/03/2008 14:43:17
AVEWIN32.DLL : 7.6.0.73    3334656 Bytes  01/03/2008 21:37:06
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3      360488 Bytes  01/03/2008 21:37:06
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 18 mars 2008  18:13

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RaidMgr.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'pg2.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SDTrayApp.exe' - '1' Module(s) have been scanned
Scan process 'AsusProb.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'swdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svcntaux.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'D:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\system32	xp\keygen.exe
  [0] Archive type: RAR SFX (self extracting)
  --> winlogon.exe
      [DETECTION] Is the Trojan horse TR/Iroffer.I
  --> Mssvc.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Servu.4004.E.10 Backdoor server programs
  --> TzoLibr.dll
      [DETECTION] Contains detection pattern of the worm WORM/Rbot.495616
      [INFO]      The file was moved to '4858feca.qua'!
Begin scan in 'D:\'


End of the scan: mardi 18 mars 2008  18:44
Used time: 30:53 min

The scan has been done completely.

   5641 Scanning directories
 214442 Files were scanned
      3 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      3 Files cannot be scanned
 214439 Files not concerned
   1537 Archives were scanned
      3 Warnings
      0 Notes

jlpjlp · Answer

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. 
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici : 
• Redémarre ton ordinateur 
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde). 
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître. 
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée". 
• Choisis ton compte. 
Déroule la liste des instructions ci-dessous : 
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. 
• Appuie sur Y pour commencer le processus de nettoyage. 
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
• Appuie sur une touche pour redémarrer le PC. 
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

-------------------------------------

vire ce qui est en quarantaine dans antivir et recolle un rapport et dis tes soucis actuels

citrouille · Answer

ok je fais ça, merci de ton aide; je te poste les rapports vendredi (là je dois partir)

jlpjlp · Answer

ok

Aide pour multiples virus

8 réponses

Votre réponse

Discussions similaires

Newsletters