Virus TRES résistant !!!

Voilà le rapport :

Merci beaucoup en tout cas pour le sérieux et la rapidité des réponses : fauleux !

Search Navipromo version 3.5.6 commencé le 10/05/2008 à 15:26:08,66

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Corinne"

Mise à jour le 02.05.2008 à 22h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\users\corinne\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\Corinne\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users\Corinne\AppData\Roaming" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Corinne\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Corinne\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\Corinne\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\Corinne\AppData\Local\Microsoft" :


* Dans "C:\Users\Corinne\AppData\Local\virtualstore\windows\system32" :


* Dans "C:\Users\Corinne\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 10/05/2008 à 15:33:23,81 ***

Re,

J'ai fait ce que vous m'avez edit pour les 2 premiers mais je ne trouve les deux derniers :-(
Je pense qu'ils ont cachés mas je ne me souviens plus de la manip pour les afficher...

C:\Users\Corinne\AppData\Local\Temp\pfcflmsp.dll
C:\Users\Corinne\AppData\Local\Temp\sksrovlp.dll

Voici le rapport pou des deux premiers :

Fichier wsqmcons.exe reçu le 2008.05.05 10:34:36 (CET)
Situation actuelle: terminé

Résultat: 0/31 (0.00%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.3.0 2008.05.02 -
AntiVir 7.8.0.11 2008.05.02 -
Authentium 4.93.8 2008.05.05 -
Avast 4.8.1169.0 2008.05.04 -
AVG 7.5.0.516 2008.05.05 -
BitDefender 7.2 2008.05.05 -
CAT-QuickHeal 9.50 2008.05.03 -
ClamAV 0.92.1 2008.05.05 -
DrWeb 4.44.0.09170 2008.05.04 -
eSafe 7.0.15.0 2008.04.28 -
eTrust-Vet 31.3.5755 2008.05.03 -
Ewido 4.0 2008.05.04 -
F-Prot 4.4.2.54 2008.05.04 -
F-Secure 6.70.13260.0 2008.05.05 -
Fortinet 3.14.0.0 2008.05.04 -
Ikarus T3.1.1.26 2008.05.05 -
Kaspersky 7.0.0.125 2008.05.05 -
McAfee 5287 2008.05.02 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3073 2008.05.05 -
Norman 5.80.02 2008.05.02 -
Panda 9.0.0.4 2008.05.04 -
Prevx1 V2 2008.05.05 -
Rising 20.43.00.00 2008.05.05 -
Sophos 4.29.0 2008.05.05 -
Sunbelt 3.0.1097.0 2008.05.03 -
Symantec 10 2008.05.05 -
TheHacker 6.2.92.300 2008.05.03 -
VBA32 3.12.6.5 2008.05.05 -
VirusBuster 4.3.26:9 2008.05.04 -
Webwasher-Gateway 6.6.2 2008.05.04 -
Information additionnelle
Tamano archivo: 192000 bytes
MD5...: e8b0a9ecb76aaa0c3519e16f34a49858
SHA1..: aac2e1a1f031696c5328b19b4f7b88c77d7a2064
SHA256: 9632e2c589d915a601bf8a6cb9cdd90c64c097cf5b8a99127d1112af9d27bff5
SHA512: b21cd4af18b6f8eae7258d56cbaa7b6d1a7607f7fecf6f589094d92754ec336f
c4efc36072283f4e615d351164c0f63d529e568f684725c77d0c47084a15b93f
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1010cc8
timedatestamp.....: 0x47918ca3 (Sat Jan 19 05:37:39 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x25d04 0x25e00 6.43 83e9a9ece7759dc5c3a422a76fd49739
.data 0x27000 0x650 0x200 2.03 5fe926937b6ee3cf8b6c7f18131608ac
.rsrc 0x28000 0x5d18 0x5e00 5.11 a9fa4dd621d919d91d21582afe4b7d68
.reloc 0x2e000 0x2af6 0x2c00 5.77 cd3179b985033f39f9acf6f7d3af214d

( 16 imports )
> ADVAPI32.dll: TraceMessage, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCloseKey, RegDeleteValueW, RegEnumValueW, RegQueryInfoKeyW, RegOpenKeyExW, IsValidSid, GetLengthSid, GetTokenInformation, UpdateTraceW, ControlTraceW, StopTraceW, EnableTraceEx, RegEnumKeyExW, StartTraceW, RegQueryValueExW, QueryTraceW, RegFlushKey, CloseTrace, ProcessTrace, OpenTraceW, ConvertSidToStringSidW, DeregisterEventSource, ReportEventW, RegisterEventSourceW, RegSetValueExW, RegCreateKeyExW, CloseServiceHandle, QueryServiceStatus, OpenServiceW, OpenSCManagerW, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW, SetNamedSecurityInfoW, GetSecurityDescriptorOwner, GetSecurityDescriptorDacl, RevertToSelf, ImpersonateLoggedOnUser, TraceEvent
> KERNEL32.dll: GetProductInfo, GetVersionExW, CompareFileTime, WriteFile, CreateFileW, GetLocalTime, GetModuleHandleW, GetTickCount, SetThreadPriority, GetCurrentThread, CreateMutexW, GetCommandLineW, HeapSetInformation, GetLogicalProcessorInformation, LocalFree, FreeLibrary, GetProcAddress, LoadLibraryW, GetUserDefaultLCID, GetSystemDefaultUILanguage, GlobalFree, GetUserGeoID, GetSystemInfo, OpenMutexW, ReleaseMutex, GetThreadPriority, FileTimeToSystemTime, FileTimeToDosDateTime, GetTempFileNameW, WaitForMultipleObjects, GetTempPathW, GetLongPathNameW, SetLastError, WideCharToMultiByte, CreateDirectoryW, GetFileAttributesW, GetFileSizeEx, SetFilePointerEx, OpenFileMappingW, CreateFileMappingW, MapViewOfFile, VirtualAlloc, UnmapViewOfFile, VirtualFree, ResetEvent, CreateThread, FreeLibraryAndExitThread, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, CreateEventW, GetFileSize, ReadFile, DuplicateHandle, SetEvent, EnterCriticalSection, LeaveCriticalSection, RaiseException, GetEnvironmentVariableW, GetModuleFileNameW, LocalAlloc, CreateProcessW, WaitForSingleObject, GetExitCodeProcess, DeleteFileW, GetFileAttributesExW, FindNextFileW, CloseHandle, FindFirstFileW, FindClose, MoveFileExW, GetSystemTime, SystemTimeToFileTime, GetLastError, GlobalMemoryStatusEx, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, CheckElevationEnabled, InterlockedExchange, Sleep, InterlockedCompareExchange, GetStartupInfoA, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime
> USER32.dll: EnumDisplayMonitors, GetSystemMetrics, GetMonitorInfoW, GetMessageW, TranslateMessage, DispatchMessageW, RegisterClassExW, CreateWindowExW, SystemParametersInfoW, LoadIconW, LoadStringW, DefWindowProcW, GetCursorPos, LoadMenuW, PeekMessageW, MsgWaitForMultipleObjects, PostMessageW, DestroyMenu, TrackPopupMenuEx, SetForegroundWindow, SetMenuDefaultItem, GetSubMenu
> msvcrt.dll: _lock, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _callnewh, malloc, _CxxThrowException, free, __0exception@@QAE@ABV0@@Z, __1exception@@UAE@XZ, memcpy, __0exception@@QAE@XZ, wcschr, towupper, __CxxFrameHandler3, memset, _vsnwprintf, _onexit, __1type_info@@UAE@XZ, _terminate@@YAXXZ, _except_handler4_common, _controlfp, memmove, realloc, ceil, _ftol2, _vsnprintf, _purecall, __set_app_type, _unlock, _what@exception@@UBEPBDXZ, __dllonexit, __p__commode, __p__fmode
> SHLWAPI.dll: StrToIntExW, PathFindFileNameW, PathCombineW, PathAppendW, -, PathFileExistsW, StrToInt64ExW, PathRemoveExtensionW, StrStrIW
> ntdll.dll: WinSqmEventWrite
> tdh.dll: TdhGetPropertySize, TdhGetProperty
> ole32.dll: CoCreateGuid, StringFromGUID2
> SHELL32.dll: CommandLineToArgvW, Shell_NotifyIconW, SHGetFolderPathW, SHGetFolderPathAndSubDirW
> WINHTTP.dll: WinHttpCrackUrl, WinHttpWriteData, WinHttpReceiveResponse, WinHttpSetCredentials, WinHttpCloseHandle, WinHttpGetDefaultProxyConfiguration, WinHttpGetProxyForUrl, WinHttpSetOption, WinHttpQueryHeaders, WinHttpOpen, WinHttpConnect, WinHttpOpenRequest, WinHttpAddRequestHeaders, WinHttpSetStatusCallback, WinHttpTimeFromSystemTime, WinHttpGetIEProxyConfigForCurrentUser, WinHttpSendRequest
> WINBRAND.dll: BrandingFormatString
> wevtapi.dll: EvtRender, EvtNext, EvtQuery, EvtCreateRenderContext, EvtClose
> WTSAPI32.dll: WTSFreeMemory, WTSEnumerateSessionsW, WTSQueryUserToken
> wer.dll: WerReportSubmit, WerReportCreate, WerReportSetParameter, WerReportCloseHandle
> POWRPROF.dll: PowerDeterminePlatformRole
> OLEAUT32.dll: -, -, -, -

( 0 exports )








Fichier PCMMediaSharing.exe reçu le 2008.05.10 15:49:04 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 0/31 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: ___.
L'heure estimée de démarrage est entre ___ et ___ .
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.10.0 2008.05.10 -
AntiVir 7.8.0.17 2008.05.09 -
Authentium 4.93.8 2008.05.10 -
Avast 4.8.1169.0 2008.05.10 -
AVG 7.5.0.516 2008.05.10 -
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.10 -
ClamAV 0.92.1 2008.05.10 -
DrWeb 4.44.0.09170 2008.05.10 -
eSafe 7.0.15.0 2008.05.09 -
eTrust-Vet 31.4.5771 2008.05.08 -
Ewido 4.0 2008.05.10 -
F-Prot 4.4.2.54 2008.05.10 -
F-Secure 6.70.13260.0 2008.05.09 -
Fortinet 3.14.0.0 2008.05.10 -
Ikarus T3.1.1.26.0 2008.05.10 -
Kaspersky 7.0.0.125 2008.05.10 -
McAfee 5292 2008.05.10 -
Microsoft 1.3408 2008.05.10 -
NOD32v2 3090 2008.05.09 -
Norman 5.80.02 2008.05.09 -
Panda 9.0.0.4 2008.05.10 -
Prevx1 V2 2008.05.10 -
Rising 20.43.52.00 2008.05.10 -
Sophos 4.29.0 2008.05.10 -
Sunbelt 3.0.1097.0 2008.05.07 -
Symantec 10 2008.05.10 -
TheHacker 6.2.92.305 2008.05.08 -
VBA32 3.12.6.5 2008.05.10 -
VirusBuster 4.3.26:9 2008.05.09 -
Webwasher-Gateway 6.6.2 2008.05.09 -
Information additionnelle
File size: 204908 bytes
MD5...: 37728f6db0a8d31b0a1c49a7228e1d34
SHA1..: 11acbe552bdfb9475dd61b78e81b581460a4490f
SHA256: 6f545df31523e41ca90c4277b544be7a132d0ccaafb5f621916e7fc4083d47a9
SHA512: 84b2399e683b5c03d566046c3dee897745ab358145a713b337548ab9f909137f
d9fb7c2f3d4413471a5698fa9830d78d68abbc673183eedbb51e3af64f58885d
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4127c6
timedatestamp.....: 0x4663e046 (Mon Jun 04 09:49:58 2007)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x20595 0x21000 5.67 b1bc97f303f1ac785c28d8f3adaca277
.rdata 0x22000 0x23a4 0x3000 2.91 c60d73810e360d931e31ec026c2b4da6
.data 0x25000 0x9e11 0x8000 2.82 94090f2b638668f7660c6803b95913bd
.idata 0x2f000 0x122d 0x2000 2.98 475a23ddfc32cb1741af1bb8a533ab33
.rsrc 0x31000 0xe60 0x1000 1.99 e095ce7270b314a0917b6866b5d567dd
.reloc 0x32000 0x1de4 0x2000 5.84 27d71ab2310197e4591060eb2bb29a63

( 6 imports )
> KERNEL32.dll: InterlockedDecrement, GetModuleFileNameW, GetModuleFileNameA, GetPrivateProfileStringA, ResumeThread, CreateThread, SystemTimeToFileTime, GetSystemTime, FindClose, FindNextFileW, CompareFileTime, GetLastError, FindFirstFileW, GetPrivateProfileStringW, EnterCriticalSection, OutputDebugStringA, InitializeCriticalSection, FreeLibrary, CreateDirectoryW, LoadLibraryW, DeleteCriticalSection, LeaveCriticalSection, SetEndOfFile, SetConsoleCtrlHandler, LoadLibraryA, CreateFileW, GetStringTypeW, InterlockedIncrement, CreateFileA, ReadFile, SetStdHandle, SetEnvironmentVariableA, GetOEMCP, GetACP, CompareStringW, CompareStringA, GetCPInfo, LCMapStringW, LCMapStringA, SetFilePointer, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, GetFileAttributesW, MultiByteToWideChar, lstrlenW, OutputDebugStringW, WideCharToMultiByte, Process32NextW, LoadLibraryExW, GetProcAddress, Sleep, FreeEnvironmentStringsA, UnhandledExceptionFilter, WriteFile, FlushFileBuffers, HeapSize, IsBadWritePtr, CreateToolhelp32Snapshot, Process32FirstW, CloseHandle, GetStringTypeA, RtlUnwind, HeapAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, DeleteFileA, GetTimeZoneInformation, GetLocalTime, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, HeapFree, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, RaiseException
> USER32.dll: EndDialog, BeginPaint, GetClientRect, DrawTextW, PostQuitMessage, DefWindowProcW, DialogBoxParamW, ShowWindow, UpdateWindow, EndPaint, LoadCursorW, RegisterClassExW, LoadStringW, LoadAcceleratorsW, GetMessageW, TranslateAcceleratorW, TranslateMessage, DispatchMessageW, wvsprintfW, wvsprintfA, wsprintfW, CreateWindowExW, GetDesktopWindow, IsWindow, DestroyWindow, LoadIconW
> ADVAPI32.dll: RegSetValueExA, RegQueryValueExW, RegOpenKeyExW, RegOpenKeyA, RegDeleteKeyW, RegQueryValueExA, RegCreateKeyA, RegCloseKey
> SHELL32.dll: SHGetFolderPathW
> OLEAUT32.dll: -, -, -
> ATL.DLL: -, -, -

( 0 exports )

re,

Il y avait pas mal de trojans que j'ai supprimé mais le pb est tjs le même : De plus spybot, que j'ai installé avant de vous contacter me demande si je dois autoriser ou non des modifications de registre. Que doi-je répondre ?
Merci d'avance en tout cas.


Malwarebytes' Anti-Malware 1.12
Version de la base de données: 737

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 150121
Temps écoulé: 25 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 23

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Users\Corinne\AppData\Local\Temp\iIBsrOGv.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e8569adf (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMeb65a943 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Corinne\AppData\Local\Temp\khfDwwuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\iIBsrOGv.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Corinne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EO18S6UR\kriv[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\ollowcxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp00007fb9 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp00008323 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp00008361 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp00008aa2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp00009eed (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp0000c4a5 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp0000d9f9 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp0000da28 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp0000ee25 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp0000f778 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp0000ff83 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp000103a8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp00014ae4 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp0001f44c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\tmp0006ad6e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\urqnKAqO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\yayWNeEW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Corinne\AppData\Local\Temp\pfcflmsp.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Corinne\AppData\Local\Temp\sksrovlp.dll (Trojan.Agent) -> Delete on reboot.

Ca a l'air d'aller mieux mais j'ai un message d'erreur au démarrage de rundll. Est-ce grave ?

Merci pour votre efficacité en tout cas. Je ne m'en serais jamais débarassé toute seule !

Oui :

Erreur de chargement de
C:\Users\Corinne\AppData\Local\Temp\sksrovlp.dll


Erreur de chargemet de
C:\Users\Corinne\AppData\Local\Temp\iIBsrOGv.dll

Ainsi que des messages de Spybot concernant une autorisation de modification de registre provenant du logiciel Malwarebytes.

Mais à part ça, le problème a l'air d'être résolu ;-)

Merci d'avance

re,

Cette fois la modification du registre est pour skytel, j'ai refusé, trop peur que ce soit encore un virus...

Voici le rapport.

Merci d'avance


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:48, on 10/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Corinne\AppData\Local\Temp\iIBsrOGv.dll,c
O4 - HKCU\..\Run: [BMeb65a943] Rundll32.exe "C:\Users\Corinne\AppData\Local\Temp\sksrovlp.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Non, à part qqs détails mais par rapport à ce que c'était !

En tout cas merci mille fois.

Super forum !