Pb Virus nombreux

Résolu
atchoum83440 Messages postés 29 Statut Membre -  
sasukedu91 Messages postés 437 Statut Membre -
Bonjour, a tous

J'ai mon cousin qui ma laissé son ordi
j'ai antivir qui n'arrete pas de trouver des virus
Ces virus sont apparus a la suite du virus qui se balader sur msn photo.zip que j'ai déjà réglé mis ceux là je n'y arrive pas

TR/Zapchast.GB.5
TR/CRYPT.XPACK.GEN
TR/PrivacySet.A
TR/Agent.3648.1
PHISH/FraudTool.DrAntispy.BP

J'ai déà fait un rapport de Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:00, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [48c53323] rundll32.exe "C:\WINDOWS\system32\tpixxjtn.dll",b
O4 - HKLM\..\Run: [BM4bf600bf] Rundll32.exe "C:\WINDOWS\system32\nweiilgq.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.stylist4all.com/IE20020716/save/makeover.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE55A1F-0656-4D25-83DA-F68DB0125369}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8945 bytes

et dans quelque mintues je rajouterai celui d'antivir

Merci de votre Aide

La config dee l'ordi est un XP famillial avec Antivir et Spybot Mozilla et IE 7.0
Configuration: Windows XP
Internet Explorer 7.0

20 réponses

  1. sasukedu91 Messages postés 437 Statut Membre 2
     
    suis le guide http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam et poste ton rapport sa peut durer longtemps mais sa en vaut la peine oublie pas de mettre scan municieux
    0
  2. Utilisateur anonyme
     
    bonjour

    - Télécharge MalwareByte's Anti-Malware :
    - Installe le programme puis lance le stp.
    - Fais les mises à jour (clique sur "Mises à jour" puis "Recherche de mises à jour") puis ferme le programme.
    NB : Si tu as besoin : Tuto

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
    1. sasukedu91 Messages postés 437 Statut Membre 2
       
      merci de la repetition ;{
      0
  3. Utilisateur anonyme
     
    fais ca avec antivir:

    reglages pour antivir :

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    aussi clic sur guard puis coche scan archive puis tu decoche les 3 case en dessous puis ok

    puis fais un scan en mode normale et mode sans échec fais un scan et supprime tous se qu'il trouve
    0
  4. atchoum83440 Messages postés 29 Statut Membre
     
    Voila le rapport de Antivir celui de Malwarebytes's arrive dans quelque second

    Avira AntiVir Personal
    Report file date: dimanche 18 mai 2008 16:48

    Scanning for 1276115 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: PINCHAULT

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 24/04/2008 19:40:46
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 24/04/2008 19:40:46
    LUKE.DLL : 8.1.2.9 151809 Bytes 24/04/2008 19:40:46
    LUKERES.DLL : 8.1.2.1 12033 Bytes 24/04/2008 19:40:46
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:08:25
    ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 15:17:11
    ANTIVIR3.VDF : 7.0.4.54 2048 Bytes 17/05/2008 15:17:11
    Engineversion : 8.1.0.46
    AEVDF.DLL : 8.1.0.5 102772 Bytes 24/04/2008 19:40:53
    AESCRIPT.DLL : 8.1.0.33 266618 Bytes 17/05/2008 15:18:22
    AESCN.DLL : 8.1.0.18 119156 Bytes 17/05/2008 15:18:17
    AERDL.DLL : 8.1.0.20 418165 Bytes 27/04/2008 17:31:15
    AEPACK.DLL : 8.1.1.5 364918 Bytes 17/05/2008 15:18:12
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 24/04/2008 19:40:53
    AEHEUR.DLL : 8.1.0.29 1253750 Bytes 17/05/2008 15:18:00
    AEHELP.DLL : 8.1.0.14 115063 Bytes 24/04/2008 19:40:53
    AEGEN.DLL : 8.1.0.21 303477 Bytes 17/05/2008 15:17:25
    AEEMU.DLL : 8.1.0.6 430451 Bytes 07/05/2008 17:09:28
    AECORE.DLL : 8.1.0.29 168311 Bytes 17/05/2008 15:17:16
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 24/04/2008 19:40:46
    AVPREF.DLL : 8.0.0.1 25857 Bytes 24/04/2008 19:40:46
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVREG.DLL : 8.0.0.0 30977 Bytes 24/04/2008 19:40:46
    AVARKT.DLL : 1.0.0.23 307457 Bytes 24/04/2008 19:40:46
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 24/04/2008 19:40:46
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 24/04/2008 19:40:46
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 24/04/2008 19:40:46
    NETNT.DLL : 8.0.0.1 7937 Bytes 24/04/2008 19:40:46
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 24/04/2008 19:40:42
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 24/04/2008 19:40:42

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high

    Start of the scan: dimanche 18 mai 2008 16:48

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'dllhost.exe' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
    Scan process 'ZDWlan.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'MsgPlus.exe' - '1' Module(s) have been scanned
    Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
    Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
    Scan process 'ehSched.exe' - '1' Module(s) have been scanned
    Scan process 'hpztsb07.exe' - '1' Module(s) have been scanned
    Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
    Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    41 processes with 41 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '40' files ).

    Starting the file scan:

    Begin scan in 'C:\' <ACER>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\BOB FAMILY\gbo.MSNFix
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was moved to '489f42c3.qua'!
    C:\Documents and Settings\BOB FAMILY\Local Settings\Temporary Internet Files\Content.IE5\5MDDFSKO\yaypalassamosvala[1]
    [DETECTION] Is the Trojan horse TR/PrivacySet.A
    [NOTE] The file was moved to '48a943f4.qua'!
    C:\Documents and Settings\BOB FAMILY\Local Settings\Temporary Internet Files\Content.IE5\W1WM4872\moorate[1]
    [DETECTION] Is the Trojan horse TR/Agent.3648.1
    [NOTE] The file was moved to '489f4491.qua'!
    C:\Program Files\MalwareAlarm\pv.exe
    [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.DrAntispy.BP
    [NOTE] The file was moved to '485e47ff.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP406\A0054666.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was moved to '486049aa.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP406\A0054689.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was moved to '486049ab.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP406\A0054691.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.gze Backdoor server programs
    [NOTE] The file was moved to '49cbd224.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP406\A0054699.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was moved to '486049ad.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0054989.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '486049c2.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0054990.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '49cbd24b.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0054991.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '486049c4.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0054992.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '486049c3.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0054993.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '49cbd24c.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0054994.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '486049c5.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055000.dll
    [DETECTION] Is the Trojan horse TR/Agent.3648.1
    [NOTE] The file was moved to '49cbd24d.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055001.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '486049c6.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055002.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '49cbd24f.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055003.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '49cbd24e.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055004.dll
    [DETECTION] Is the Trojan horse TR/Vundo.GH
    [NOTE] The file was moved to '486049c7.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055005.dll
    [DETECTION] Is the Trojan horse TR/Agent.3648.1
    [NOTE] The file was moved to '486049d8.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055006.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '49cbd251.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055007.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '486049da.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055959.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '49cbd240.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055960.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '486049c9.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP410\A0058240.dll
    [DETECTION] Is the Trojan horse TR/PCK.Monder.104448
    [NOTE] The file was moved to '486049dd.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP411\A0059242.dll
    [DETECTION] Is the Trojan horse TR/PCK.Monder.96256.1
    [NOTE] The file was moved to '486049e2.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP415\A0059626.dll
    [DETECTION] Is the Trojan horse TR/Monder.106560
    [NOTE] The file was moved to '486049f6.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP415\A0059647.dll
    [DETECTION] Is the Trojan horse TR/Monder.96832
    [NOTE] The file was moved to '486049f7.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP417\A0059890.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '48604a06.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP417\A0060866.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '48604a07.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP418\A0060914.dll
    [DETECTION] Is the Trojan horse TR/Monder.DJ
    [NOTE] The file was moved to '48604a0d.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP419\A0060958.dll
    [DETECTION] Is the Trojan horse TR/Monder.DO
    [NOTE] The file was moved to '48604a14.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP420\A0061005.dll
    [DETECTION] Is the Trojan horse TR/Monder.EO
    [NOTE] The file was moved to '48604a1b.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP423\A0062098.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was moved to '48604a2e.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP423\A0062141.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '48604a31.qua'!
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP425\A0062272.exe
    [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.DrAntispy.BP
    [NOTE] The file was moved to '48604a3e.qua'!
    C:\WINDOWS\xpupdate.exe
    [DETECTION] Is the Trojan horse TR/Peed.A.280
    [NOTE] The file was moved to '48a54a9d.qua'!
    C:\WINDOWS\system32\cibvxohs.exe
    [DETECTION] Is the Trojan horse TR/PrivacySet.A
    [NOTE] The file was moved to '48924fdc.qua'!
    C:\WINDOWS\system32\hggdayvw.dll
    [DETECTION] Is the Trojan horse TR/Zapchast.GB.5
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    C:\WINDOWS\system32\hggdedee.dll
    [DETECTION] Is the Trojan horse TR/Vundo.GL.1
    [NOTE] The file was moved to '48975048.qua'!
    C:\WINDOWS\system32\hicekmst.exe
    [DETECTION] Is the Trojan horse TR/PrivacySet.A
    [NOTE] The file was moved to '4893504a.qua'!
    C:\WINDOWS\system32\ihjthgea.exe
    [DETECTION] Is the Trojan horse TR/PrivacySet.A
    [NOTE] The file was moved to '489a504f.qua'!
    C:\WINDOWS\system32\jcbvojjc.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '48925051.qua'!
    C:\WINDOWS\system32\kkwxblkk.exe
    [DETECTION] Is the Trojan horse TR/PrivacySet.A
    [NOTE] The file was moved to '48a75062.qua'!
    C:\WINDOWS\system32\ljdlvddx.dll
    [DETECTION] Is the Trojan horse TR/Agent.3648.1
    [NOTE] The file was moved to '48945067.qua'!
    C:\WINDOWS\system32\mroqhwlg.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was moved to '489f5084.qua'!
    C:\WINDOWS\system32\mvwnksil.dll
    [DETECTION] Is the Trojan horse TR/Agent.3648.1
    [NOTE] The file was moved to '48a75095.qua'!
    C:\WINDOWS\system32\mxydnimo.dll
    [DETECTION] Is the Trojan horse TR/PCK.Monder.96320.1
    [NOTE] The file was moved to '48a95097.qua'!
    C:\WINDOWS\system32\ngggnfvi.dll
    [DETECTION] Is the Trojan horse TR/Monder.EO
    [NOTE] The file was moved to '4897508a.qua'!
    C:\WINDOWS\system32\shikspfi.exe
    [DETECTION] Is the Trojan horse TR/PrivacySet.A
    [NOTE] The file was moved to '489950c9.qua'!
    C:\WINDOWS\system32\smeykwkf.exe
    [DETECTION] Is the Trojan horse TR/PrivacySet.A
    [NOTE] The file was moved to '489550d0.qua'!
    Begin scan in 'D:\' <ACERDATA>

    End of the scan: dimanche 18 mai 2008 17:53
    Used time: 1:05:50 min

    The scan has been done completely.

    6173 Scanning directories
    405182 Files were scanned
    51 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    50 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    405131 Files not concerned
    8423 Archives were scanned
    7 Warnings
    50 Notes
    0
    1. sasukedu91 Messages postés 437 Statut Membre 2
       
      supprime moi cette ville de virus!!!!!!!!!!
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. atchoum83440 Messages postés 29 Statut Membre
     
    C'est fait mais il revienne en permanence
    0
  7. Utilisateur anonyme
     
    oui tu supprime tous se qui est dans la quarantaine d'antivir!
    0
  8. atchoum83440 Messages postés 29 Statut Membre
     
    fais aussi même en si général je choisi direct de del
    0
  9. sasukedu91 Messages postés 437 Statut Membre 2
     
    suis le guide http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam et poste ton rapport sa peut durer longtemps mais sa en vaut la peine oublie pas de mettre scan municieux
    0
  10. Utilisateur anonyme
     
    alors le rapport de malwarebytes?
    0
  11. Utilisateur anonyme
     
    autrement fais ca:

    * Télécharger Combifix (by Subs) sur cette page :
    * http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Enregistrez le sur le bureau
    * Déconnectez vous d'internet et fermez toutes tes applications et programmes
    * Double-cliquez sur combo-fix.exe
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée sous la racine: C:\Combofix.txt

    Remarque : combo se charge de supprimer un certain nombre de fichiers infectés liés à bagle.
    Il est impératif de télécharger combo par le lien donné précédemment ( version renommée ) ou alors de renommer vous même combo ( clic droit sur le fichier < renommer ), car sinon Combo sera totalement inefficace face à Bagle !
    (vous pouver renomer combofix en n'importe quoi comme killer ou tuer etc...)

    vous me poster le rapport
    0
    1. sasukedu91 Messages postés 437 Statut Membre 2
       
      sa c'est apres ou pendant mais le plus imortant c malwerbytes
      0
  12. atchoum83440 Messages postés 29 Statut Membre
     
    Voila le rapport de Malwarebytes'

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 762

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 128082
    Temps écoulé: 24 minute(s), 46 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 13
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 37

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\hggdayvw.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{447c8d02-7f35-42f7-8da5-c4d0a8c876b7} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{447c8d02-7f35-42f7-8da5-c4d0a8c876b7} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{5e87b2e0-66d7-4256-a14f-10a21af45b2a} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e87b2e0-66d7-4256-a14f-10a21af45b2a} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5e87b2e0-66d7-4256-a14f-10a21af45b2a} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM4bf600bf (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggdayvw -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggdayvw -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Documents and Settings\BOB FAMILY\Local Settings\Temp\NI.UGA6PV_0001_N122M1202 (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\djjowpdr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rdpwojjd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hggdayvw.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\wvyadggh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvyadggh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nfdgevyr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ryvegdfn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xhwynplu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ulpnywhx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\BOB FAMILY\Local Settings\Temp\prfjtjfa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\BOB FAMILY\Local Settings\Temporary Internet Files\Content.IE5\F2T6F01A\query[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\MalwareAlarm0.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\MalwareAlarm1.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\MalwareAlarm3.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP410\A0058243.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP410\A0058244.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP410\A0058245.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065353.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065386.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065395.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065396.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jxrchprh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\KCMDNIns.exe (Trojan.Inject) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nfqpolie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\scbsicuo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\MalwareAlarm0.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\mfc71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\msvcp71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\msvcr71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gebyvts.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbxvusq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ljjklki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vtusrpm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yaywuts.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    Je dois redemarrermon ordi et je re
    0
    1. sasukedu91 Messages postés 437 Statut Membre 2
       
      supprime moi tout c'est virus
      0
  13. Utilisateur anonyme
     
    ok reposte moi un log hijackthis
    0
  14. Utilisateur anonyme
     
    il les a supprimer !!

    Quarantined and deleted successfully.

    veut dire il les a mis en quarantaine et il les a supprimer avec succer!!
    0
    1. sasukedu91 Messages postés 437 Statut Membre 2
       
      ok (je l'avai pas vue XD) esque le probleme percsiste
      0
  15. atchoum83440 Messages postés 29 Statut Membre
     
    Voila le rapport de ComboFix

    ComboFix 08-05-15.3 - BOB FAMILY 2008-05-18 18:22:26.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.597 [GMT 2:00]
    Endroit: C:\Documents and Settings\BOB FAMILY\Bureau\killer.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\anilhkbd.ini
    C:\WINDOWS\system32\ckwkregg.dll
    C:\WINDOWS\system32\csxxgkpl.dll
    C:\WINDOWS\system32\esqiusgi.ini
    C:\WINDOWS\system32\ffqnqutq.dll
    C:\WINDOWS\system32\gnihmgfs.ini
    C:\WINDOWS\system32\hakbapet.dll
    C:\WINDOWS\system32\hggdayvw.dll
    C:\WINDOWS\system32\jkxnakak.ini
    C:\WINDOWS\system32\lfdeqcsf.dll
    C:\WINDOWS\system32\mjfvxkhn.dll
    C:\WINDOWS\system32\nfbducjk.ini
    C:\WINDOWS\system32\njwgtmqx.dll
    C:\WINDOWS\system32\nkuybyoc.dll
    C:\WINDOWS\system32\ntjxxipt.ini
    C:\WINDOWS\system32\outeqddk.dll
    C:\WINDOWS\system32\pfbxdvyu.ini
    C:\WINDOWS\system32\prodpxtl.ini
    C:\WINDOWS\system32\qnnncmof.dll
    C:\WINDOWS\system32\qnpblatk.dll
    C:\WINDOWS\system32\qprkjpmr.ini
    C:\WINDOWS\system32\rrqss.ini
    C:\WINDOWS\system32\rrqss.ini2
    C:\WINDOWS\system32\uxhmbpqc.ini
    C:\WINDOWS\system32\vvjyqidt.dll
    C:\WINDOWS\system32\vxkqbjae.dll
    C:\WINDOWS\system32\wexsossi.dll
    C:\WINDOWS\system32\wvyadggh.ini
    C:\WINDOWS\system32\wvyadggh.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-18 17:51 . 2008-05-18 17:52 3,240 --a------ C:\WINDOWS\system32\spupdsvc.inf
    2008-05-18 17:45 . 2008-05-18 17:45 <REP> d-------- C:\WINDOWS\system32\fr
    2008-05-18 17:45 . 2008-05-18 17:45 <REP> d-------- C:\WINDOWS\system32\bits
    2008-05-18 17:45 . 2008-05-18 17:45 <REP> d-------- C:\WINDOWS\l2schemas
    2008-05-18 17:42 . 2008-05-18 17:46 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-05-18 17:25 . 2008-05-18 17:25 <REP> d-------- C:\Documents and Settings\BOB FAMILY\Application Data\Malwarebytes
    2008-05-18 17:24 . 2008-05-18 17:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-18 17:24 . 2008-05-18 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-18 17:24 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-18 17:24 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-18 17:04 . 2008-05-18 17:04 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-18 16:51 . 2008-05-18 16:51 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
    2008-05-18 16:50 . 2008-05-18 16:50 <REP> d-------- C:\Program Files\Hercules
    2008-05-18 16:50 . 2006-03-09 11:33 366,080 --a------ C:\WINDOWS\system32\drivers\rt61.sys
    2008-05-18 16:50 . 2006-03-09 11:33 365,440 --a------ C:\WINDOWS\system32\drivers\RT619x.sys
    2008-05-18 16:50 . 2006-01-12 19:47 255,616 --a------ C:\WINDOWS\system32\drivers\rt73u98.sys
    2008-05-18 16:50 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\drivers\rt73.sys
    2008-05-18 16:50 . 2005-10-17 19:50 247,808 --a------ C:\WINDOWS\system32\drivers\rt25u98.sys
    2008-05-18 16:50 . 2005-10-17 19:50 245,376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.sys
    2008-05-18 16:50 . 2005-10-20 15:00 244,608 --a------ C:\WINDOWS\system32\drivers\rt25009x.sys
    2008-05-18 16:50 . 2005-10-20 15:00 243,328 --a------ C:\WINDOWS\system32\drivers\rt2500.sys
    2008-05-18 16:49 . 2008-05-18 16:49 <REP> d-------- C:\Documents and Settings\BOB FAMILY\Application Data\InstallShield
    2008-05-06 19:46 . 2008-04-14 04:33 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
    2008-05-06 19:45 . 2008-04-14 04:33 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
    2008-05-01 19:11 . 2008-05-01 19:11 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
    2008-04-27 19:32 . 2008-04-27 19:32 0 --a------ C:\WINDOWS\BM4bf600bf.xml

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-18 14:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-14 14:05 --------- d-----w C:\Program Files\Avira
    2008-04-14 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-14 14:00 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-04-14 13:41 --------- d-----w C:\Program Files\PowerArchiver
    2008-04-14 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ConeXware
    2008-04-14 02:34 70,656 ----a-w C:\WINDOWS\notepad.exe
    2008-04-14 02:34 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
    2008-04-14 02:34 32,866 ------w C:\WINDOWS\slrundll.exe
    2008-04-14 02:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe
    2008-04-14 02:34 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
    2008-04-14 02:34 153,088 ----a-w C:\WINDOWS\regedit.exe
    2008-04-14 02:34 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
    2008-04-14 02:34 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
    2008-04-14 02:34 10,752 ----a-w C:\WINDOWS\hh.exe
    2008-04-14 02:34 1,037,824 ----a-w C:\WINDOWS\explorer.exe
    2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
    2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
    2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
    2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
    2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
    2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
    2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
    2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
    2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
    2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
    2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
    2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
    2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
    2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
    2008-04-14 01:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
    2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
    2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
    2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys
    2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
    2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
    2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
    2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
    2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
    2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
    2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
    2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
    2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
    2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
    2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
    2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
    2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
    2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
    2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
    2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
    2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
    2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
    2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
    2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
    2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
    2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
    2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
    2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
    2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
    2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
    2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
    2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
    2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
    2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
    2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
    2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
    2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
    2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
    2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
    2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
    2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
    2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
    2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
    2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
    2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
    2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
    2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
    2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
    2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
    2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
    2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
    2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
    2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
    2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
    2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
    2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
    2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
    2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
    2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
    2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
    2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
    2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
    2008-04-13 18:39 5,504 ----a-w C:\WINDOWS\system32\drivers\mstee.sys
    2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-11-15 22:02 190024]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 20:52 68856]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 00:19 7626752]
    "ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 22:00 208952]
    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 22:00 44032]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 22:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 22:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 22:00 455168]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 00:19 86016]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 06:30 188416]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-11-15 22:02 190024]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-24 21:40 262401]
    "48c53323"="C:\WINDOWS\system32\tpixxjtn.dll" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsqrp]
    awtsqrp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuuuuv]
    byxuuuuv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgfeb]
    iifgfeb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "vidc.yv12"= yv12vfw.dll
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "msacm.imc"= imc32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_SZ msv1_0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\48c53323]
    C:\WINDOWS\system32\igsuiqse.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a------ 2005-05-03 04:43 69632 C:\WINDOWS\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM4bf600bf]
    C:\WINDOWS\system32\pxydeilr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2008-04-14 04:34 1695232 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-09 18:53 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-07-12 00:19 1519616 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2006-06-01 02:48 16208384 C:\WINDOWS\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    --a------ 2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
    C:\Windows\xpupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7561:TCP"= 7561:TCP:emule tcp
    "7571:UDP"= 7571:UDP:emule udp

    R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
    R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
    S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys []
    S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys []
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    *Newly Created Service* - EHRECVR
    *Newly Created Service* - EHSCHED
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-16 15:18:07 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-18 18:27:49
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    C:\WINDOWS\system32\spupdwxp.log 90 bytes

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 1

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehmsas.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-18 18:33:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-18 16:33:01

    Pre-Run: 102,861,774,848 octets libres
    Post-Run: 102,836,424,704 octets libres

    317 --- E O F --- 2008-05-16 17:05:56

    Je relance antivir
    0
    1. sasukedu91 Messages postés 437 Statut Membre 2
       
      oui relance antivir
      0
  16. Utilisateur anonyme
     
    oui tu relance antivir

    d'après combofix il a supprimer beaucoup de chose!!
    tu peut me remettre un log hijackthis stp
    0
    1. sasukedu91 Messages postés 437 Statut Membre 2
       
      ouai
      0
      1. atchoum83440 Messages postés 29 Statut Membre > sasukedu91 Messages postés 437 Statut Membre
         
        Re a tout le monde
        jai eu quelque souci hier soir avec internet enfin me revoila donc voici le rapport de antivir




        Avira AntiVir Personal
        Report file date: lundi 19 mai 2008 16:12

        Scanning for 1276115 virus strains and unwanted programs.

        Licensed to: Avira AntiVir PersonalEdition Classic
        Serial number: 0000149996-ADJIE-0001
        Platform: Windows XP
        Windows version: (Service Pack 3) [5.1.2600]
        Boot mode: Normally booted
        Username: SYSTEM
        Computer name: PINCHAULT

        Version information:
        BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
        AVSCAN.EXE : 8.1.2.12 311553 Bytes 24/04/2008 19:40:46
        AVSCAN.DLL : 8.1.1.0 53505 Bytes 24/04/2008 19:40:46
        LUKE.DLL : 8.1.2.9 151809 Bytes 24/04/2008 19:40:46
        LUKERES.DLL : 8.1.2.1 12033 Bytes 24/04/2008 19:40:46
        ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
        ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:08:25
        ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 15:17:11
        ANTIVIR3.VDF : 7.0.4.54 2048 Bytes 17/05/2008 15:17:11
        Engineversion : 8.1.0.46
        AEVDF.DLL : 8.1.0.5 102772 Bytes 24/04/2008 19:40:53
        AESCRIPT.DLL : 8.1.0.33 266618 Bytes 17/05/2008 15:18:22
        AESCN.DLL : 8.1.0.18 119156 Bytes 17/05/2008 15:18:17
        AERDL.DLL : 8.1.0.20 418165 Bytes 27/04/2008 17:31:15
        AEPACK.DLL : 8.1.1.5 364918 Bytes 17/05/2008 15:18:12
        AEOFFICE.DLL : 8.1.0.18 192890 Bytes 24/04/2008 19:40:53
        AEHEUR.DLL : 8.1.0.29 1253750 Bytes 17/05/2008 15:18:00
        AEHELP.DLL : 8.1.0.14 115063 Bytes 24/04/2008 19:40:53
        AEGEN.DLL : 8.1.0.21 303477 Bytes 17/05/2008 15:17:25
        AEEMU.DLL : 8.1.0.6 430451 Bytes 07/05/2008 17:09:28
        AECORE.DLL : 8.1.0.29 168311 Bytes 17/05/2008 15:17:16
        AVWINLL.DLL : 1.0.0.7 14593 Bytes 24/04/2008 19:40:46
        AVPREF.DLL : 8.0.0.1 25857 Bytes 24/04/2008 19:40:46
        AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
        AVREG.DLL : 8.0.0.0 30977 Bytes 24/04/2008 19:40:46
        AVARKT.DLL : 1.0.0.23 307457 Bytes 24/04/2008 19:40:46
        AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 24/04/2008 19:40:46
        SQLITE3.DLL : 3.3.17.1 339968 Bytes 24/04/2008 19:40:46
        SMTPLIB.DLL : 1.2.0.19 28929 Bytes 24/04/2008 19:40:46
        NETNT.DLL : 8.0.0.1 7937 Bytes 24/04/2008 19:40:46
        RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 24/04/2008 19:40:42
        RCTEXT.DLL : 8.0.32.0 86273 Bytes 24/04/2008 19:40:42

        Configuration settings for the scan:
        Jobname..........................: Complete system scan
        Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
        Logging..........................: low
        Primary action...................: interactive
        Secondary action.................: ignore
        Scan master boot sector..........: on
        Scan boot sector.................: on
        Boot sectors.....................: C:, D:,
        Scan memory......................: on
        Process scan.....................: on
        Scan registry....................: on
        Search for rootkits..............: on
        Scan all files...................: All files
        Scan archives....................: on
        Recursion depth..................: 20
        Smart extensions.................: on
        Macro heuristic..................: on
        File heuristic...................: high

        Start of the scan: lundi 19 mai 2008 16:12

        Starting search for hidden objects.
        '66530' objects were checked, '0' hidden objects were found.

        The scan of running processes will be started
        Scan process 'avconfig.exe' - '1' Module(s) have been scanned
        Scan process 'avcenter.exe' - '1' Module(s) have been scanned
        Scan process 'avscan.exe' - '1' Module(s) have been scanned
        Scan process 'iexplore.exe' - '1' Module(s) have been scanned
        Scan process 'dllhost.exe' - '1' Module(s) have been scanned
        Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
        Scan process 'WiFiStation.exe' - '1' Module(s) have been scanned
        Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
        Scan process 'alg.exe' - '1' Module(s) have been scanned
        Scan process 'ZDWlan.exe' - '1' Module(s) have been scanned
        Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
        Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
        Scan process 'avgnt.exe' - '1' Module(s) have been scanned
        Scan process 'MsgPlus.exe' - '1' Module(s) have been scanned
        Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
        Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
        Scan process 'hpztsb07.exe' - '1' Module(s) have been scanned
        Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
        Scan process 'ehtray.exe' - '1' Module(s) have been scanned
        Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
        Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
        Scan process 'ehSched.exe' - '1' Module(s) have been scanned
        Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
        Scan process 'sched.exe' - '1' Module(s) have been scanned
        Scan process 'explorer.exe' - '1' Module(s) have been scanned
        Scan process 'avguard.exe' - '1' Module(s) have been scanned
        Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'lsass.exe' - '1' Module(s) have been scanned
        Scan process 'services.exe' - '1' Module(s) have been scanned
        Scan process 'winlogon.exe' - '1' Module(s) have been scanned
        Scan process 'csrss.exe' - '1' Module(s) have been scanned
        Scan process 'smss.exe' - '1' Module(s) have been scanned
        40 processes with 40 modules were scanned

        Starting master boot sector scan:
        Master boot sector HD0
        [INFO] No virus was found!
        Master boot sector HD1
        [INFO] No virus was found!
        [WARNING] Le périphérique n'est pas prêt.
        Master boot sector HD2
        [INFO] No virus was found!
        [WARNING] Le périphérique n'est pas prêt.
        Master boot sector HD3
        [INFO] No virus was found!
        [WARNING] Le périphérique n'est pas prêt.
        Master boot sector HD4
        [INFO] No virus was found!
        [WARNING] Le périphérique n'est pas prêt.

        Start scanning boot sectors:
        Boot sector 'C:\'
        [INFO] No virus was found!
        Boot sector 'D:\'
        [INFO] No virus was found!

        Starting to scan the registry.
        The registry was scanned ( '42' files ).


        Starting the file scan:

        Begin scan in 'C:\' <ACER>
        C:\hiberfil.sys
        [WARNING] The file could not be opened!
        C:\pagefile.sys
        [WARNING] The file could not be opened!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0062424.exe
        [DETECTION] Is the Trojan horse TR/Peed.A.280
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065284.exe
        [DETECTION] Is the Trojan horse TR/PrivacySet.A
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065315.dll
        [DETECTION] Is the Trojan horse TR/Vundo.GL.1
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065316.exe
        [DETECTION] Is the Trojan horse TR/PrivacySet.A
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065317.exe
        [DETECTION] Is the Trojan horse TR/PrivacySet.A
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065328.dll
        [DETECTION] Is the Trojan horse TR/Vundo.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065344.exe
        [DETECTION] Is the Trojan horse TR/PrivacySet.A
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065399.dll
        [DETECTION] Is the Trojan horse TR/Monder.EO
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065422.exe
        [DETECTION] Is the Trojan horse TR/PrivacySet.A
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065423.exe
        [DETECTION] Is the Trojan horse TR/PrivacySet.A
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065447.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065449.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065451.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065455.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065456.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065457.exe
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065458.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065459.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065461.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065462.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065463.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065464.exe
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065465.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065466.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065467.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065468.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065469.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP427\A0065507.dll
        [DETECTION] Is the Trojan horse TR/Trash.Gen
        [NOTE] The file was deleted!
        C:\WINDOWS\system32\drivers\atapi.sys
        [WARNING] The file could not be opened!
        Begin scan in 'D:\' <ACERDATA>


        End of the scan: lundi 19 mai 2008 16:59
        Used time: 46:44 min

        The scan has been done completely.

        6108 Scanning directories
        416613 Files were scanned
        28 viruses and/or unwanted programs were found
        0 Files were classified as suspicious:
        28 files were deleted
        0 files were repaired
        0 files were moved to quarantine
        0 files were renamed
        3 Files cannot be scanned
        416585 Files not concerned
        8490 Archives were scanned
        7 Warnings
        28 Notes
        66530 Objects were scanned with rootkit scan
        0 Hidden objects were found



        et celui de HijackThis




        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 17:16:35, on 19/05/2008
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        C:\WINDOWS\eHome\ehRecvr.exe
        C:\WINDOWS\eHome\ehSched.exe
        c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\ehome\ehtray.exe
        C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
        C:\WINDOWS\system32\LVCOMSX.EXE
        C:\Program Files\Logitech\Video\LogiTray.exe
        C:\Program Files\MessengerPlus! 3\MsgPlus.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
        C:\WINDOWS\eHome\ehmsas.exe
        C:\Program Files\Hercules\WiFi Station\WifiStation.exe
        C:\Program Files\Logitech\Video\FxSvr2.exe
        C:\WINDOWS\system32\dllhost.exe
        C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
        O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
        O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
        O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
        O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
        O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
        O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
        O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
        O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
        O4 - HKLM\..\Run: [48c53323] rundll32.exe "C:\WINDOWS\system32\tpixxjtn.dll",b
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
        O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
        O4 - Global Startup: WiFi Station.lnk = ?
        O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.stylist4all.com/IE20020716/save/makeover.cab
        O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE55A1F-0656-4D25-83DA-F68DB0125369}: NameServer = 192.168.1.1
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O20 - Winlogon Notify: awtsqrp - awtsqrp.dll (file missing)
        O20 - Winlogon Notify: byxuuuuv - byxuuuuv.dll (file missing)
        O20 - Winlogon Notify: iifgfeb - iifgfeb.dll (file missing)
        O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
        O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        0
  17. Utilisateur anonyme
     
    coche la case :

    O4 - HKLM\..\Run: [48c53323] rundll32.exe "C:\WINDOWS\system32\tpixxjtn.dll",b

    et clic sur fixcheked
    0
    1. atchoum83440 Messages postés 29 Statut Membre
       
      voila et le nouvo rapport du coup


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:26:08, on 19/05/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\MessengerPlus! 3\MsgPlus.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\Hercules\WiFi Station\WifiStation.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
      O4 - Global Startup: WiFi Station.lnk = ?
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.stylist4all.com/IE20020716/save/makeover.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE55A1F-0656-4D25-83DA-F68DB0125369}: NameServer = 192.168.1.1
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O20 - Winlogon Notify: awtsqrp - awtsqrp.dll (file missing)
      O20 - Winlogon Notify: byxuuuuv - byxuuuuv.dll (file missing)
      O20 - Winlogon Notify: iifgfeb - iifgfeb.dll (file missing)
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      0
  18. atchoum83440 Messages postés 29 Statut Membre
     
    et voici le dernier rapport de Malwarebyte's

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 767

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 122857
    Temps écoulé: 54 minute(s), 3 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  19. Utilisateur anonyme
     
    tous est clean
    0
    1. sasukedu91 Messages postés 437 Statut Membre 2
       
      ouai
      0