Packed.win32.monder.gen

doudou -  
ludsfa Messages postés 1287 Statut Membre -
Bonjour,
j'ai un gros problème, j'ai suivi le conseil de quelqu'un sur le forum pour éviter ce virus mais je ne sais pas à quoi me sert malwarebytes si je ne sais pas comment nettoyer ces virus derrière aidez mois.
197 trojans ca fait beaucoup !!!! je rame
Configuration: Windows XP
Internet Explorer

7 réponses

  1. ludsfa Messages postés 1287 Statut Membre 15
     
    salut doudou

    Télécharge SDFix: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    Guide d'utilisation :http://mickael.barroux.free.fr/securite/sdfix.php

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

    * Redémarre ton ordinateur
    * Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ton compte.

    Déroule la liste des instructions ci-dessous :

    * Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
    * Appuie sur Y pour commencer le processus de nettoyage.
    * Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.
    * Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    * Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    * Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.

    N.B.:
    - Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
    - Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

    après cette opération

    Télécharge puis installe Hijackthis (Trend Micro)
    Poste ensuite un rapport dans ta prochaine réponse.
    AIDE : Comment utiliser Hijackthis v2.0.2: http://www.infos-du-net.com/forum/271838-11-tuto-utiliser-hijackthis
    1
  2. ludsfa Messages postés 1287 Statut Membre 15
     
    bien doudou on continue

    Télécharge VundoFix [:eric_71:8] : http://www.atribune.org/ccount/click.php?id=4

    Double-clique VundoFix.exe pour le lancer
    lorsque il se lance à nouveau , clique sur [Scan for Vundo]
    à la fin du scan , clique sur [Remove Vundo]
    il te demandera si tu veux supprimer les fichiers , clique sur [YES]
    ton Bureau va disparaitre lors de la suppression des fichiers
    ensuite , il va t'annoncer que ton PC va s'éteindre , clique [OK]
    Redémarre ton PC

    Copie/colle le rapport ( C:\vundofix.txt )
    et un nouveau rapport HijackThis

    Il est possible que VundoFix ne puisse pas supprimer un fichier ,
    dans ce cas, il se relancera au prochain redémarrage ,
    il suffit de recommencer à partir de clique sur [Scan for Vundo]
    1
    1. booddha
       
      Salut

      Attention, le dernier HJT n'est pas de doudou.
      Doudou n'a pas posté de HJT sur cette file.
      0
  3. problème
     
    moi aussi g le meme problème j'ai suivi les instruction et voila ce que me donne SDFix

    [b]SDFix: Version 1.169 [/b]
    Run by OEM on 12/04/2008 at 11:46

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\OEM\Bureau\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    No Trojan Files Found

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-12 12:17:33
    Windows 5.1.2600 Service Pack 1 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"="C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\program\\fspex.exe:*:enabled:Antivirus Firewall"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"="C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\program\\fspex.exe:*:enabled:Antivirus Firewall"

    [b]Remaining Files [/b]:

    File Backups: - C:\DOCUME~1\OEM\Bureau\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Tue 26 Feb 2008 1,554 ..SH. --- "C:\WINDOWS\system32\tnaskoxg.tmp"
    Thu 19 Jun 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\WAOL.EXE"
    Thu 19 Jun 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
    Thu 19 Jun 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\AOLTRAY.EXE"
    Thu 19 Jun 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Thu 28 Dec 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 19 Jun 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
    Mon 28 Mar 2005 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off2.tmp"
    Sun 24 Feb 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP10\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP10\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sun 24 Feb 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP11\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP11\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sun 24 Feb 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP12\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP12\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sun 24 Feb 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP13\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP13\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sun 24 Feb 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP14\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP14\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sun 24 Feb 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP15\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP15\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sun 24 Feb 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sun 24 Feb 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP17\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP17\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sun 24 Feb 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP18\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP18\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sun 24 Feb 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP19\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP19\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sun 24 Feb 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP23\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP23\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sun 24 Feb 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP24\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP24\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sun 24 Feb 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP25\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP25\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sun 24 Feb 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP26\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP26\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP30\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP30\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP32\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP32\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP33\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP33\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP34\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP34\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP35\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP35\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP36\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP36\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP37\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP37\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP38\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP38\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP39\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP39\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP40\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP40\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP41\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP41\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP42\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP42\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP43\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP43\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP44\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP44\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP45\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP45\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP46\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP46\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Sat 22 Mar 2008 3,670,016 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP47\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Tue 16 Oct 2007 262,144 A..H. --- "C:\System Volume Information\_restore{EDEB2720-CA48-4DF6-BC05-E37890832F3D}\RP47\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1777033250-2230568922-3696462077-1009.bak"
    Fri 17 Aug 2007 444 ...HR --- "C:\Documents and Settings\All Users\Application Data\SecuROM\UserData\securom_v7_01G.bak"
    Thu 19 Jun 2003 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"

    [b]Finished![/b]

    je comprend rien alors expliqué moi SVP
    0
  4. problème
     
    & voici ce que me donne Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:07:47, on 12/04/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
    C:\WINDOWS\System32\PnkBstrA.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
    C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\WINDOWS\System32\ElkCtrl.exe
    C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\Program Files\AOL 8.0\aoltray.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/WGlistemsg
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    O2 - BHO: {dbfc56fa-8400-66fb-2824-31db599893b0} - {0b398995-bd13-4282-bf66-0048af65cfbd} - C:\WINDOWS\System32\myyfhdsl.dll
    O2 - BHO: (no name) - {172A20A8-416B-4F1E-8ED4-D5D474EB9B32} - (no file)
    O2 - BHO: (no name) - {3f69fa7b-f581-4ff5-8dd5-c9c549cb3ae2} - (no file)
    O2 - BHO: (no name) - {4ED3A581-66F3-488C-8F4E-EEFE63407F68} - C:\WINDOWS\System32\ddcyx.dll (file missing)
    O2 - BHO: (no name) - {50B34665-6E60-4F5E-9E6F-65C0BCD5E363} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6b8af8d3-1f30-49f9-a48d-b3c31165539c} - (no file)
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\xxyvwxx.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {774fae75-0a27-4d04-b46f-9f278486c59c} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {813FDD6B-A94A-42A1-829B-351BBC1DCA55} - (no file)
    O2 - BHO: (no name) - {820ADEFC-84F4-4AF1-BA15-F39F31063343} - (no file)
    O2 - BHO: (no name) - {8C23FB0F-8153-4BA4-906E-CC005AE5CA46} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A6F1605F-5B3E-49C6-9C54-BB788553BE49} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {C5E29E67-1162-443A-9C05-0F09F265805F} - (no file)
    O2 - BHO: (no name) - {C8792509-BEEA-44CD-8F23-50FB1795103A} - (no file)
    O2 - BHO: (no name) - {CA937666-9763-4B40-B137-EA5496CEBB92} - (no file)
    O2 - BHO: (no name) - {D076222C-B157-4D45-9EFC-615E91FD0138} - (no file)
    O2 - BHO: (no name) - {e29b7bad-8cd3-443f-96d6-3223d40d7095} - (no file)
    O2 - BHO: (no name) - {FBE4C48E-8FFB-4ED2-9713-8EE8C6E9EB07} - (no file)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB003" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\live phone.exe
    O4 - HKLM\..\Run: [0c5b1ba9] rundll32.exe "C:\WINDOWS\System32\wishwhii.dll",b
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [BM0f682835] Rundll32.exe "C:\WINDOWS\System32\oyhifajq.dll",s
    O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Chinbend] C:\DOCUME~1\OEM\APPLIC~1\bleheach\findidol.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
    O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0\aoltray.exe
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?508d8b4fab464875b4831589158bc124
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?508d8b4fab464875b4831589158bc124
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O20 - Winlogon Notify: xxyvwxx - xxyvwxx.dll (file missing)
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    0
    1. booddha
       
      Tu es multi infecté.

      Toutefois, pour ne pas interférer sur cette file, crée ton propre topic.
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. doudou
     
    eric_71:8
    bonjour, voici les fichiers à problèmes

    C:\windows\system32\llnmp.ini
    C:\windows\system32\llnmp.ini2
    C:\windows\system32\pmnll.dll
    C:\WINDOWS\system32\tuvwxxu.dll

    aide moi suite à vundofix
    0
  7. ludsfa Messages postés 1287 Statut Membre 15
     
    bon c'est bon maintenant je parle à Doudou.

    doudou reviens depuis le départ et fait sdfix comme je t'est indiqué.
    ensuite tu me poste le rapport.


    Probleme ouvre ton propre sujet.
    0