TR/Monder.45056.17 .... comment l'enlever
Résolu/Fermé
Tsume
Messages postés
43
Date d'inscription
dimanche 28 décembre 2003
Statut
Membre
Dernière intervention
10 octobre 2009
-
22 mai 2008 à 08:36
Yalba - 18 juin 2008 à 16:24
Yalba - 18 juin 2008 à 16:24
A voir également:
- TR/Monder.45056.17 .... comment l'enlever
- Comment enlever une page sur word - Guide
- Enlever pub youtube - Accueil - Streaming
- Comment enlever le mode sécurisé - Guide
- Enlever liste déroulante excel - Guide
- Comment enlever les cookies - Guide
5 réponses
salut!
en allant a l'emplacement du fichier, tu peux pas le supprimer toi même?
si il te met un message disant "impossible de le supprimer, arrêter toutes les ressources susceptibles d'utiliser ce programme", tu fais ctrl+alt+suppr, tu va dans le gestionnaire de tache, tu vas dans les processus et tu les arrête tous sans exception!(sauf l'antivuirus)
et là, tu réessaye de le supprimer manuellement ou avec l'antivirus.
je sais pas si ca peut marcher, j'ai jamais eu ce problème mais ca coute rien d'essayer!
en allant a l'emplacement du fichier, tu peux pas le supprimer toi même?
si il te met un message disant "impossible de le supprimer, arrêter toutes les ressources susceptibles d'utiliser ce programme", tu fais ctrl+alt+suppr, tu va dans le gestionnaire de tache, tu vas dans les processus et tu les arrête tous sans exception!(sauf l'antivuirus)
et là, tu réessaye de le supprimer manuellement ou avec l'antivirus.
je sais pas si ca peut marcher, j'ai jamais eu ce problème mais ca coute rien d'essayer!
Tsume
Messages postés
43
Date d'inscription
dimanche 28 décembre 2003
Statut
Membre
Dernière intervention
10 octobre 2009
2
23 mai 2008 à 11:13
23 mai 2008 à 11:13
voici le rapport :
Avira AntiVir Personal
Report file date: jeudi 22 mai 2008 08:13
Scanning for 1282061 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: EZ3KIEL-C4585D4
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 25/04/2008 13:35:16
AVSCAN.DLL : 8.1.1.0 53505 Bytes 25/04/2008 13:35:16
LUKE.DLL : 8.1.2.9 151809 Bytes 25/04/2008 13:35:16
LUKERES.DLL : 8.1.2.1 12033 Bytes 25/04/2008 13:35:16
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:36:52
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 23:06:53
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 14:09:02
ANTIVIR3.VDF : 7.0.4.75 101376 Bytes 21/05/2008 14:05:04
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/04/2008 13:35:17
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 16/05/2008 14:07:10
AESCN.DLL : 8.1.0.18 119156 Bytes 16/05/2008 14:07:09
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 13:35:17
AEPACK.DLL : 8.1.1.5 364918 Bytes 16/05/2008 14:07:08
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 25/04/2008 13:35:17
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 16/05/2008 14:07:06
AEHELP.DLL : 8.1.0.14 115063 Bytes 25/04/2008 13:35:17
AEGEN.DLL : 8.1.0.21 303477 Bytes 16/05/2008 14:06:54
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 14:05:52
AECORE.DLL : 8.1.0.29 168311 Bytes 16/05/2008 14:06:51
AVWINLL.DLL : 1.0.0.7 14593 Bytes 25/04/2008 13:35:16
AVPREF.DLL : 8.0.0.1 25857 Bytes 25/04/2008 13:35:15
AVREP.DLL : 7.0.0.1 155688 Bytes 21/04/2007 14:45:31
AVREG.DLL : 8.0.0.0 30977 Bytes 25/04/2008 13:35:15
AVARKT.DLL : 1.0.0.23 307457 Bytes 25/04/2008 13:35:15
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 25/04/2008 13:35:15
SQLITE3.DLL : 3.3.17.1 339968 Bytes 25/04/2008 13:35:16
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 25/04/2008 13:35:16
NETNT.DLL : 8.0.0.1 7937 Bytes 25/04/2008 13:35:16
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 25/04/2008 13:35:10
RCTEXT.DLL : 8.0.32.0 86273 Bytes 25/04/2008 13:35:10
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, E:, F:, G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 22 mai 2008 08:13
The scan of running processes will be started
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'QuickTimeInstaller.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'sndvol32.exe' - '1' Module(s) have been scanned
Scan process 'iTunes.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'WLAN_Service.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WLanCfgG.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WlanUtility.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\cbXRHaby.dll
[DETECTION] Is the Trojan horse TR/Monder.45056.17
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{A88B9574-72FF-4FA5-B07E-DA9D764A1277}\RP775\A0266415.exe
[0] Archive type: RAR SFX (self extracting)
--> crack.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.iwh
--> serial.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[DETECTION] Contains detection pattern of the dropper DR/Monder.157007
[NOTE] The file was moved to '486749e7.qua'!
C:\System Volume Information\_restore{A88B9574-72FF-4FA5-B07E-DA9D764A1277}\RP775\A0266416.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.iwh
[NOTE] The file was moved to '486749ea.qua'!
C:\System Volume Information\_restore{A88B9574-72FF-4FA5-B07E-DA9D764A1277}\RP775\A0266417.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '486749ec.qua'!
C:\WINDOWS\system32\cbXRHaby.dll
[DETECTION] Is the Trojan horse TR/Monder.45056.17
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\ActiveScan\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[NOTE] The file was moved to '48a0bf83.qua'!
Begin scan in 'E:\'
Begin scan in 'F:\' <Jeux>
Begin scan in 'G:\' <conneries>
End of the scan: jeudi 22 mai 2008 21:57
Used time: 13:43:41 min
The scan has been done completely.
12360 Scanning directories
386831 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
386822 Files not concerned
1655 Archives were scanned
3 Warnings
4 Notes
est ce que çà dit quelque chose à quelqu'un ???
Avira AntiVir Personal
Report file date: jeudi 22 mai 2008 08:13
Scanning for 1282061 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: EZ3KIEL-C4585D4
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 25/04/2008 13:35:16
AVSCAN.DLL : 8.1.1.0 53505 Bytes 25/04/2008 13:35:16
LUKE.DLL : 8.1.2.9 151809 Bytes 25/04/2008 13:35:16
LUKERES.DLL : 8.1.2.1 12033 Bytes 25/04/2008 13:35:16
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:36:52
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 23:06:53
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 14:09:02
ANTIVIR3.VDF : 7.0.4.75 101376 Bytes 21/05/2008 14:05:04
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/04/2008 13:35:17
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 16/05/2008 14:07:10
AESCN.DLL : 8.1.0.18 119156 Bytes 16/05/2008 14:07:09
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 13:35:17
AEPACK.DLL : 8.1.1.5 364918 Bytes 16/05/2008 14:07:08
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 25/04/2008 13:35:17
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 16/05/2008 14:07:06
AEHELP.DLL : 8.1.0.14 115063 Bytes 25/04/2008 13:35:17
AEGEN.DLL : 8.1.0.21 303477 Bytes 16/05/2008 14:06:54
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 14:05:52
AECORE.DLL : 8.1.0.29 168311 Bytes 16/05/2008 14:06:51
AVWINLL.DLL : 1.0.0.7 14593 Bytes 25/04/2008 13:35:16
AVPREF.DLL : 8.0.0.1 25857 Bytes 25/04/2008 13:35:15
AVREP.DLL : 7.0.0.1 155688 Bytes 21/04/2007 14:45:31
AVREG.DLL : 8.0.0.0 30977 Bytes 25/04/2008 13:35:15
AVARKT.DLL : 1.0.0.23 307457 Bytes 25/04/2008 13:35:15
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 25/04/2008 13:35:15
SQLITE3.DLL : 3.3.17.1 339968 Bytes 25/04/2008 13:35:16
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 25/04/2008 13:35:16
NETNT.DLL : 8.0.0.1 7937 Bytes 25/04/2008 13:35:16
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 25/04/2008 13:35:10
RCTEXT.DLL : 8.0.32.0 86273 Bytes 25/04/2008 13:35:10
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, E:, F:, G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 22 mai 2008 08:13
The scan of running processes will be started
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'QuickTimeInstaller.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'sndvol32.exe' - '1' Module(s) have been scanned
Scan process 'iTunes.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'WLAN_Service.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WLanCfgG.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WlanUtility.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\cbXRHaby.dll
[DETECTION] Is the Trojan horse TR/Monder.45056.17
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{A88B9574-72FF-4FA5-B07E-DA9D764A1277}\RP775\A0266415.exe
[0] Archive type: RAR SFX (self extracting)
--> crack.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.iwh
--> serial.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[DETECTION] Contains detection pattern of the dropper DR/Monder.157007
[NOTE] The file was moved to '486749e7.qua'!
C:\System Volume Information\_restore{A88B9574-72FF-4FA5-B07E-DA9D764A1277}\RP775\A0266416.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.iwh
[NOTE] The file was moved to '486749ea.qua'!
C:\System Volume Information\_restore{A88B9574-72FF-4FA5-B07E-DA9D764A1277}\RP775\A0266417.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '486749ec.qua'!
C:\WINDOWS\system32\cbXRHaby.dll
[DETECTION] Is the Trojan horse TR/Monder.45056.17
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\ActiveScan\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[NOTE] The file was moved to '48a0bf83.qua'!
Begin scan in 'E:\'
Begin scan in 'F:\' <Jeux>
Begin scan in 'G:\' <conneries>
End of the scan: jeudi 22 mai 2008 21:57
Used time: 13:43:41 min
The scan has been done completely.
12360 Scanning directories
386831 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
386822 Files not concerned
1655 Archives were scanned
3 Warnings
4 Notes
est ce que çà dit quelque chose à quelqu'un ???
Tsume
Messages postés
43
Date d'inscription
dimanche 28 décembre 2003
Statut
Membre
Dernière intervention
10 octobre 2009
2
23 mai 2008 à 11:23
23 mai 2008 à 11:23
voici le scan hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:57, on 23/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\sndvol32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FA8BE6D5-40E0-48B8-B317-18A4A590918A} - C:\WINDOWS\system32\cbXRHaby.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\system32\pmxinit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1161628436\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jiogihirr.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4973/mcfscan.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: cbXRHaby - C:\WINDOWS\SYSTEM32\cbXRHaby.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - http://farm2.static.flickr.com/1264/583840813_0e8553e2bb_m.jpg
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:57, on 23/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\sndvol32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FA8BE6D5-40E0-48B8-B317-18A4A590918A} - C:\WINDOWS\system32\cbXRHaby.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\system32\pmxinit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1161628436\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jiogihirr.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4973/mcfscan.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: cbXRHaby - C:\WINDOWS\SYSTEM32\cbXRHaby.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - http://farm2.static.flickr.com/1264/583840813_0e8553e2bb_m.jpg
Tsume
Messages postés
43
Date d'inscription
dimanche 28 décembre 2003
Statut
Membre
Dernière intervention
10 octobre 2009
2
24 mai 2008 à 17:17
24 mai 2008 à 17:17
est ce que quelqu'un pourrait m'aider ????? c'est plutôt urgent !!!!!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour,
Tu télépcharge un iso de ubuntu et tu le graves. Puis tu "boot" dessus. Une fois sur le bureau tu cherche ton disque dur dans l'explorateur de Ubuntu.
Puis tu cherche la liste des fichiers qui se trouve dans le scan que tu as fait, cf ci-dessous, et tu les supprimes.
C:\System Volume Information\_restore{A88B9574-72FF-4FA5-B07E-DA9D764A1277}\RP775\A0266415.exe
[0] Archive type: RAR SFX (self extracting)
--> crack.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.iwh
--> serial.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[DETECTION] Contains detection pattern of the dropper DR/Monder.157007
[NOTE] The file was moved to '486749e7.qua'!
C:\System Volume Information\_restore{A88B9574-72FF-4FA5-B07E-DA9D764A1277}\RP775\A0266416.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.iwh
[NOTE] The file was moved to '486749ea.qua'!
C:\System Volume Information\_restore{A88B9574-72FF-4FA5-B07E-DA9D764A1277}\RP775\A0266417.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '486749ec.qua'!
C:\WINDOWS\system32\cbXRHaby.dll
[DETECTION] Is the Trojan horse TR/Monder.45056.17
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\ActiveScan\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[NOTE] The file was moved to '48a0bf83.qua'!
tu re-démarres ton pc et tu appuis sur la touche F8 pour choisir "démarrage en mode sans echec"
tu choisis l'utilisateur administrateur
une fois sur le bureau, après avoir valider le message "attention mode sans echec", tu lance ton antivirus et tu fais un scan complet pour détriure les deniers virus ou malware.
Ensuite tu re-démarre windows et tu lance une session normale. Et là tout devrait être clean.
cordialement,
yalba
Tu télépcharge un iso de ubuntu et tu le graves. Puis tu "boot" dessus. Une fois sur le bureau tu cherche ton disque dur dans l'explorateur de Ubuntu.
Puis tu cherche la liste des fichiers qui se trouve dans le scan que tu as fait, cf ci-dessous, et tu les supprimes.
C:\System Volume Information\_restore{A88B9574-72FF-4FA5-B07E-DA9D764A1277}\RP775\A0266415.exe
[0] Archive type: RAR SFX (self extracting)
--> crack.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.iwh
--> serial.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[DETECTION] Contains detection pattern of the dropper DR/Monder.157007
[NOTE] The file was moved to '486749e7.qua'!
C:\System Volume Information\_restore{A88B9574-72FF-4FA5-B07E-DA9D764A1277}\RP775\A0266416.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.iwh
[NOTE] The file was moved to '486749ea.qua'!
C:\System Volume Information\_restore{A88B9574-72FF-4FA5-B07E-DA9D764A1277}\RP775\A0266417.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '486749ec.qua'!
C:\WINDOWS\system32\cbXRHaby.dll
[DETECTION] Is the Trojan horse TR/Monder.45056.17
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\ActiveScan\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[NOTE] The file was moved to '48a0bf83.qua'!
tu re-démarres ton pc et tu appuis sur la touche F8 pour choisir "démarrage en mode sans echec"
tu choisis l'utilisateur administrateur
une fois sur le bureau, après avoir valider le message "attention mode sans echec", tu lance ton antivirus et tu fais un scan complet pour détriure les deniers virus ou malware.
Ensuite tu re-démarre windows et tu lance une session normale. Et là tout devrait être clean.
cordialement,
yalba
23 mai 2008 à 11:15
je ne m'y connais pas suffisamment pour tenter l'expérience.....