Victime de Antivirus xp 2008 de l'aide svp
Résolu/Fermé
DeeAmo
-
12 juil. 2008 à 22:44
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 14 juil. 2008 à 22:32
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 14 juil. 2008 à 22:32
A voir également:
- Victime de Antivirus xp 2008 de l'aide svp
- Cle windows xp - Guide
- Comodo antivirus - Télécharger - Sécurité
- Telecharger windows xp - Télécharger - Systèmes d'exploitation
- Panda antivirus - Télécharger - Antivirus & Antimalwares
- Desactiver antivirus windows 10 - Guide
21 réponses
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
14 juil. 2008 à 12:00
14 juil. 2008 à 12:00
Option 2 - Nettoyage :
Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage).
Double cliquer sur smitfraudfix
Sélectionner 2 pour supprimer les fichiers responsables de l'infection.
A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.
Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
Redémarrer en mode normal et poster le rapport.
ensuite refais une analyse complete avec malwarebytes stp et poste son rapport
Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage).
Double cliquer sur smitfraudfix
Sélectionner 2 pour supprimer les fichiers responsables de l'infection.
A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.
Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
Redémarrer en mode normal et poster le rapport.
ensuite refais une analyse complete avec malwarebytes stp et poste son rapport
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
12 juil. 2008 à 22:45
12 juil. 2008 à 22:45
Salut !!
pour commencer :
Option 1 - Recherche :
télécharger smitfraudfix : http://telechargement.zebulon.fr/smitfraudfix.html
Dézipper la totalité de l'archive smitfraudfix.zip.
Double cliquer sur smitfraudfix.cmd
Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.
copier/coller le rapport dans la réponse.
pour commencer :
Option 1 - Recherche :
télécharger smitfraudfix : http://telechargement.zebulon.fr/smitfraudfix.html
Dézipper la totalité de l'archive smitfraudfix.zip.
Double cliquer sur smitfraudfix.cmd
Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.
copier/coller le rapport dans la réponse.
Je te remercie pou ta réponse rapide voilà le rapport :
SmitFraudFix v2.329
Rapport fait à 12:34:50,13, 13/07/2008
Executé à partir de C:\Documents and Settings\Julien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\nanidcla\vilclizi.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\pphcngtj0eedt.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\yvevqxgl.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Julien\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.329
Rapport fait à 12:34:50,13, 13/07/2008
Executé à partir de C:\Documents and Settings\Julien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\nanidcla\vilclizi.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\pphcngtj0eedt.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\yvevqxgl.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Julien\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
13 juil. 2008 à 12:44
13 juil. 2008 à 12:44
ok maintenant fais tout ce qui suit :
Option 2 - Nettoyage :
Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage).
Double cliquer sur smitfraudfix.cmd
Sélectionner 2 pour supprimer les fichiers responsables de l'infection.
A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.
Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
Redémarrer en mode normal et poster le rapport.
ensuite :
Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread
= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection
un rapport s'ouvre le copier et le coller dans la réponse
Puis redémarrer le pc !!
ensuite :
Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
déconnecte internet et désactive ton antivirus le temps de la manipulation
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
Et refais un nouveau rapport hijackthis stp
Option 2 - Nettoyage :
Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage).
Double cliquer sur smitfraudfix.cmd
Sélectionner 2 pour supprimer les fichiers responsables de l'infection.
A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.
Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
Redémarrer en mode normal et poster le rapport.
ensuite :
Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread
= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection
un rapport s'ouvre le copier et le coller dans la réponse
Puis redémarrer le pc !!
ensuite :
Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
déconnecte internet et désactive ton antivirus le temps de la manipulation
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
Et refais un nouveau rapport hijackthis stp
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
j'ai terminé la première étape voilà le rapport par contre le fix na pas déterminer si le fichier wininet.dll est infecté je recommence ou passe a la suite?
SmitFraudFix v2.329
Rapport fait à 13:19:12,17, 13/07/2008
Executé à partir de C:\Documents and Settings\Julien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.329
Rapport fait à 13:19:12,17, 13/07/2008
Executé à partir de C:\Documents and Settings\Julien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
13 juil. 2008 à 13:36
13 juil. 2008 à 13:36
non c est bon, tu peux faire la suite
Voilà les 3 rapports dans l'ordre
Malware :
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 942
Windows 5.1.2600 Service Pack 2
14:05:34 13/07/2008
mbam-log-7-13-2008 (14-05-34).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 108720
Temps écoulé: 27 minute(s), 6 second(s)
Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 9
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 42
Processus mémoire infecté(s):
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\system32\lphcngtj0eedt.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\pphcngtj0eedt.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mlJASJyA.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\jkkJAQjK.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mbkfbbio.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mlJATMgf.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\qoMcawxw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\rhcjgtj0eedt\MFC71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhcjgtj0eedt\msvcp71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhcjgtj0eedt\msvcr71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\WINDOWS\system32\blphcngtj0eedt.scr (Trojan.FakeAlert) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3033e73-7fd3-4afc-bed9-e11d30ea7571} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3033e73-7fd3-4afc-bed9-e11d30ea7571} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccb0e4c2-2dd5-4a5b-86a8-b8a3c8d8b05c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ccb0e4c2-2dd5-4a5b-86a8-b8a3c8d8b05c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fac1fd87-d9b0-4947-9c8b-3c9e081885db} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fac1fd87-d9b0-4947-9c8b-3c9e081885db} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bc728c13-5691-4529-a1c2-e662a9ad1c87} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc728c13-5691-4529-a1c2-e662a9ad1c87} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomcawxw (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\78d779a5 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bc728c13-5691-4529-a1c2-e662a9ad1c87} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm7be44a39 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcngtj0eedt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\rhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\mlJATMgf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fgMTAJlm.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fgMTAJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJASJyA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\AyJSAJlm.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\AyJSAJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkJAQjK.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\KjQAJkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KjQAJkkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mbkfbbio.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\oibbfkbm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMcawxw.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\ZZJWO97V\3077ahntdksr[1].dll (Trojan.Pakes) -> Delete on reboot.
C:\Program Files\rhcjgtj0eedt\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014212.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014213.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014214.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014215.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014216.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014217.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014218.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP37\A0014374.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oydbkgcv.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\BM7be44a39.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM7be44a39.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcngtj0eedt.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcngtj0eedt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcngtj0eedt.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcngtj0eedt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
Le 2nd VBG:
[07/13/2008, 14:18:42] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Julien\Bureau\VirtumundoBeGone.exe" )
[07/13/2008, 14:18:45] - Detected System Information:
[07/13/2008, 14:18:45] - Windows Version: 5.1.2600, Service Pack 2
[07/13/2008, 14:18:46] - Current Username: Julien (Admin)
[07/13/2008, 14:18:46] - Windows is in NORMAL mode.
[07/13/2008, 14:18:46] - Searching for Browser Helper Objects:
[07/13/2008, 14:18:46] - BHO 1: {1aa87772-d4b9-4df0-bbb2-a7587d8ef94c} ()
[07/13/2008, 14:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2008, 14:18:46] - Checking for HKLM\...\Winlogon\Notify\hcsion
[07/13/2008, 14:18:46] - Key not found: HKLM\...\Winlogon\Notify\hcsion, continuing.
[07/13/2008, 14:18:46] - BHO 2: {43B0961D-98C8-48AE-BC2F-77D38DDC66C4} ()
[07/13/2008, 14:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2008, 14:18:46] - Checking for HKLM\...\Winlogon\Notify\3077ahntdksr[1]
[07/13/2008, 14:18:46] - Key not found: HKLM\...\Winlogon\Notify\3077ahntdksr[1], continuing.
[07/13/2008, 14:18:46] - BHO 3: {66CD0D50-5FB0-46B1-917C-C4CA375DD94a} ()
[07/13/2008, 14:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2008, 14:18:46] - Checking for HKLM\...\Winlogon\Notify\cqelarhn
[07/13/2008, 14:18:46] - Key not found: HKLM\...\Winlogon\Notify\cqelarhn, continuing.
[07/13/2008, 14:18:46] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/13/2008, 14:18:46] - BHO 5: {CD7BA859-DB5E-4DEB-9833-8A0FC18FF7CF} ()
[07/13/2008, 14:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2008, 14:18:46] - Checking for HKLM\...\Winlogon\Notify\mlJASJyA
[07/13/2008, 14:18:46] - Key not found: HKLM\...\Winlogon\Notify\mlJASJyA, continuing.
[07/13/2008, 14:18:46] - Finished Searching Browser Helper Objects
[07/13/2008, 14:18:46] - Finishing up...
[07/13/2008, 14:18:46] - Nothing found! Exiting...
et le rapport hijackthis je precise au passage que jai tjrs le le fond decran bleu du "virus"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:52, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\All Users\Application Data\nanidcla\vilclizi.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\pphcngtj0eedt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\faditkne.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\test.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: {c49fe8d7-857a-2bbb-0fd4-9b4d27778aa1} - {1aa87772-d4b9-4df0-bbb2-a7587d8ef94c} - C:\WINDOWS\system32\hcsion.dll
O2 - BHO: (no name) - {43B0961D-98C8-48AE-BC2F-77D38DDC66C4} - C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\ZZJWO97V\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {66CD0D50-5FB0-46B1-917C-C4CA375DD94a} - C:\WINDOWS\system32\cqelarhn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {CD7BA859-DB5E-4DEB-9833-8A0FC18FF7CF} - C:\WINDOWS\system32\mlJASJyA.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mswinlogon] C:\Winnt\mswinlogon.exe
O4 - HKLM\..\Run: [SMrhcjgtj0eedt] C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
O4 - HKLM\..\Run: [lphcngtj0eedt] C:\WINDOWS\system32\lphcngtj0eedt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [77oQHDZ5lf] C:\Documents and Settings\All Users\Application Data\nanidcla\vilclizi.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] gpedits.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: setcom - {752BCA1B-42D5-8288-E6FD-050FFE506C88} - C:\Program Files\qbfhvwc\setcom.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
Malware :
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 942
Windows 5.1.2600 Service Pack 2
14:05:34 13/07/2008
mbam-log-7-13-2008 (14-05-34).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 108720
Temps écoulé: 27 minute(s), 6 second(s)
Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 9
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 42
Processus mémoire infecté(s):
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\system32\lphcngtj0eedt.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\pphcngtj0eedt.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mlJASJyA.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\jkkJAQjK.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mbkfbbio.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mlJATMgf.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\qoMcawxw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\rhcjgtj0eedt\MFC71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhcjgtj0eedt\msvcp71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhcjgtj0eedt\msvcr71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\WINDOWS\system32\blphcngtj0eedt.scr (Trojan.FakeAlert) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3033e73-7fd3-4afc-bed9-e11d30ea7571} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3033e73-7fd3-4afc-bed9-e11d30ea7571} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccb0e4c2-2dd5-4a5b-86a8-b8a3c8d8b05c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ccb0e4c2-2dd5-4a5b-86a8-b8a3c8d8b05c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fac1fd87-d9b0-4947-9c8b-3c9e081885db} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fac1fd87-d9b0-4947-9c8b-3c9e081885db} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bc728c13-5691-4529-a1c2-e662a9ad1c87} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc728c13-5691-4529-a1c2-e662a9ad1c87} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomcawxw (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\78d779a5 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bc728c13-5691-4529-a1c2-e662a9ad1c87} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm7be44a39 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcngtj0eedt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\rhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\mlJATMgf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fgMTAJlm.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fgMTAJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJASJyA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\AyJSAJlm.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\AyJSAJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkJAQjK.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\KjQAJkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KjQAJkkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mbkfbbio.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\oibbfkbm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMcawxw.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\ZZJWO97V\3077ahntdksr[1].dll (Trojan.Pakes) -> Delete on reboot.
C:\Program Files\rhcjgtj0eedt\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014212.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014213.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014214.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014215.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014216.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014217.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP36\A0014218.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06A56A75-B8CC-4970-8957-801641269115}\RP37\A0014374.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oydbkgcv.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\BM7be44a39.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM7be44a39.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcngtj0eedt.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcngtj0eedt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcngtj0eedt.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcngtj0eedt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
Le 2nd VBG:
[07/13/2008, 14:18:42] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Julien\Bureau\VirtumundoBeGone.exe" )
[07/13/2008, 14:18:45] - Detected System Information:
[07/13/2008, 14:18:45] - Windows Version: 5.1.2600, Service Pack 2
[07/13/2008, 14:18:46] - Current Username: Julien (Admin)
[07/13/2008, 14:18:46] - Windows is in NORMAL mode.
[07/13/2008, 14:18:46] - Searching for Browser Helper Objects:
[07/13/2008, 14:18:46] - BHO 1: {1aa87772-d4b9-4df0-bbb2-a7587d8ef94c} ()
[07/13/2008, 14:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2008, 14:18:46] - Checking for HKLM\...\Winlogon\Notify\hcsion
[07/13/2008, 14:18:46] - Key not found: HKLM\...\Winlogon\Notify\hcsion, continuing.
[07/13/2008, 14:18:46] - BHO 2: {43B0961D-98C8-48AE-BC2F-77D38DDC66C4} ()
[07/13/2008, 14:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2008, 14:18:46] - Checking for HKLM\...\Winlogon\Notify\3077ahntdksr[1]
[07/13/2008, 14:18:46] - Key not found: HKLM\...\Winlogon\Notify\3077ahntdksr[1], continuing.
[07/13/2008, 14:18:46] - BHO 3: {66CD0D50-5FB0-46B1-917C-C4CA375DD94a} ()
[07/13/2008, 14:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2008, 14:18:46] - Checking for HKLM\...\Winlogon\Notify\cqelarhn
[07/13/2008, 14:18:46] - Key not found: HKLM\...\Winlogon\Notify\cqelarhn, continuing.
[07/13/2008, 14:18:46] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/13/2008, 14:18:46] - BHO 5: {CD7BA859-DB5E-4DEB-9833-8A0FC18FF7CF} ()
[07/13/2008, 14:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2008, 14:18:46] - Checking for HKLM\...\Winlogon\Notify\mlJASJyA
[07/13/2008, 14:18:46] - Key not found: HKLM\...\Winlogon\Notify\mlJASJyA, continuing.
[07/13/2008, 14:18:46] - Finished Searching Browser Helper Objects
[07/13/2008, 14:18:46] - Finishing up...
[07/13/2008, 14:18:46] - Nothing found! Exiting...
et le rapport hijackthis je precise au passage que jai tjrs le le fond decran bleu du "virus"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:52, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\All Users\Application Data\nanidcla\vilclizi.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\pphcngtj0eedt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\faditkne.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\test.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: {c49fe8d7-857a-2bbb-0fd4-9b4d27778aa1} - {1aa87772-d4b9-4df0-bbb2-a7587d8ef94c} - C:\WINDOWS\system32\hcsion.dll
O2 - BHO: (no name) - {43B0961D-98C8-48AE-BC2F-77D38DDC66C4} - C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\ZZJWO97V\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {66CD0D50-5FB0-46B1-917C-C4CA375DD94a} - C:\WINDOWS\system32\cqelarhn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {CD7BA859-DB5E-4DEB-9833-8A0FC18FF7CF} - C:\WINDOWS\system32\mlJASJyA.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mswinlogon] C:\Winnt\mswinlogon.exe
O4 - HKLM\..\Run: [SMrhcjgtj0eedt] C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
O4 - HKLM\..\Run: [lphcngtj0eedt] C:\WINDOWS\system32\lphcngtj0eedt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [77oQHDZ5lf] C:\Documents and Settings\All Users\Application Data\nanidcla\vilclizi.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] gpedits.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: setcom - {752BCA1B-42D5-8288-E6FD-050FFE506C88} - C:\Program Files\qbfhvwc\setcom.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
13 juil. 2008 à 14:35
13 juil. 2008 à 14:35
as tu bien redémarrer apres malwarebytes ??
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
13 juil. 2008 à 14:45
13 juil. 2008 à 14:45
ok...fais ceci :
télécharge OtMoveIt
Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.
c:\windows\system32\hcsion.dll
c:\documents and settings\all users\application data\nanidcla\vilclizi.exe
clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
ensuite :
Fix.reg
Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisi nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en gras dans la citation ci-dessous (copie tout d'un trait sans les barres(x)) :
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aa87772-d4b9-4df0-bbb2-a7587d8ef94c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1aa87772-d4b9-4df0-bbb2-a7587d8ef94c}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"77oQHDZ5lf"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"WinUpdating"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Printing Driver"=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
ca doit ressembler à ca une fois enregistré :
http://img520.imageshack.us/img520/4251/screenshot005ps2.png
double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
ensuite refais un nouveau rapport hijackthis stp
télécharge OtMoveIt
Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.
c:\windows\system32\hcsion.dll
c:\documents and settings\all users\application data\nanidcla\vilclizi.exe
clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
ensuite :
Fix.reg
Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisi nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en gras dans la citation ci-dessous (copie tout d'un trait sans les barres(x)) :
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aa87772-d4b9-4df0-bbb2-a7587d8ef94c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1aa87772-d4b9-4df0-bbb2-a7587d8ef94c}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"77oQHDZ5lf"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"WinUpdating"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Printing Driver"=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
ca doit ressembler à ca une fois enregistré :
http://img520.imageshack.us/img520/4251/screenshot005ps2.png
double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
ensuite refais un nouveau rapport hijackthis stp
voilà le rapport
DllUnregisterServer procedure not found in c:\windows\system32\hcsion.dll
c:\windows\system32\hcsion.dll NOT unregistered.
c:\windows\system32\hcsion.dll moved successfully.
c:\documents and settings\all users\application data\nanidcla\vilclizi.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07132008_144927
et le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:32, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\All Users\Application Data\nanidcla\vilclizi.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
C:\WINDOWS\system32\lphcngtj0eedt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\pphcngtj0eedt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\test.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {43B0961D-98C8-48AE-BC2F-77D38DDC66C4} - C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\ZZJWO97V\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {66CD0D50-5FB0-46B1-917C-C4CA375DD94a} - C:\WINDOWS\system32\cqelarhn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {CD7BA859-DB5E-4DEB-9833-8A0FC18FF7CF} - C:\WINDOWS\system32\mlJASJyA.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mswinlogon] C:\Winnt\mswinlogon.exe
O4 - HKLM\..\Run: [SMrhcjgtj0eedt] C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
O4 - HKLM\..\Run: [lphcngtj0eedt] C:\WINDOWS\system32\lphcngtj0eedt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: setcom - {752BCA1B-42D5-8288-E6FD-050FFE506C88} - C:\Program Files\qbfhvwc\setcom.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
DllUnregisterServer procedure not found in c:\windows\system32\hcsion.dll
c:\windows\system32\hcsion.dll NOT unregistered.
c:\windows\system32\hcsion.dll moved successfully.
c:\documents and settings\all users\application data\nanidcla\vilclizi.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07132008_144927
et le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:32, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\All Users\Application Data\nanidcla\vilclizi.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
C:\WINDOWS\system32\lphcngtj0eedt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\pphcngtj0eedt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\test.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {43B0961D-98C8-48AE-BC2F-77D38DDC66C4} - C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\ZZJWO97V\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {66CD0D50-5FB0-46B1-917C-C4CA375DD94a} - C:\WINDOWS\system32\cqelarhn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {CD7BA859-DB5E-4DEB-9833-8A0FC18FF7CF} - C:\WINDOWS\system32\mlJASJyA.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mswinlogon] C:\Winnt\mswinlogon.exe
O4 - HKLM\..\Run: [SMrhcjgtj0eedt] C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
O4 - HKLM\..\Run: [lphcngtj0eedt] C:\WINDOWS\system32\lphcngtj0eedt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: setcom - {752BCA1B-42D5-8288-E6FD-050FFE506C88} - C:\Program Files\qbfhvwc\setcom.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
13 juil. 2008 à 15:09
13 juil. 2008 à 15:09
relance hijackthis en cliquant sur scan only et coches ces lignes stp :
O2 - BHO: (no name) - {43B0961D-98C8-48AE-BC2F-77D38DDC66C4} - C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\ZZJWO97V\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {CD7BA859-DB5E-4DEB-9833-8A0FC18FF7CF} - C:\WINDOWS\system32\mlJASJyA.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - Global Startup: BTTray.lnk = ?
O2 - BHO: (no name) - {66CD0D50-5FB0-46B1-917C-C4CA375DD94a} - C:\WINDOWS\system32\cqelarhn.dll
O4 - HKLM\..\Run: [SMrhcjgtj0eedt] C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
O4 - HKLM\..\Run: [lphcngtj0eedt] C:\WINDOWS\system32\lphcngtj0eedt.exe
puis tu cliques sur fix checked.
ensuite :
je ne vois pas d antivirus...télécharge antivir à cette adresse : https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html
et voici un tuto pour bien le configurer : https://www.malekal.com/avira-free-security-antivirus-gratuit/
Vas faire les mises à niveau de java et adobe reader à ces adresses :
java : https://www.java.com/fr/download/manual.jsp
adobe reader XP : http://www.clubic.com/lancer-le-telechargement-37823-0-adobe-reader-acrobat.html
et désinstalle les versions antérieures de java et adobe reader
est ce que tu as encore des problemes ??
O2 - BHO: (no name) - {43B0961D-98C8-48AE-BC2F-77D38DDC66C4} - C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\ZZJWO97V\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {CD7BA859-DB5E-4DEB-9833-8A0FC18FF7CF} - C:\WINDOWS\system32\mlJASJyA.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - Global Startup: BTTray.lnk = ?
O2 - BHO: (no name) - {66CD0D50-5FB0-46B1-917C-C4CA375DD94a} - C:\WINDOWS\system32\cqelarhn.dll
O4 - HKLM\..\Run: [SMrhcjgtj0eedt] C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe
O4 - HKLM\..\Run: [lphcngtj0eedt] C:\WINDOWS\system32\lphcngtj0eedt.exe
puis tu cliques sur fix checked.
ensuite :
je ne vois pas d antivirus...télécharge antivir à cette adresse : https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html
et voici un tuto pour bien le configurer : https://www.malekal.com/avira-free-security-antivirus-gratuit/
Vas faire les mises à niveau de java et adobe reader à ces adresses :
java : https://www.java.com/fr/download/manual.jsp
adobe reader XP : http://www.clubic.com/lancer-le-telechargement-37823-0-adobe-reader-acrobat.html
et désinstalle les versions antérieures de java et adobe reader
est ce que tu as encore des problemes ??
et bien j'ai tjrs entivirus xp 2008 avec un fond d'ecran bleu qui me dit "warning! spyware detected on your computer!"
merci beaucoup de t'attarder sur mon probleme...(jai fai un scan avec antivir en mode sans echec je post le rapport je ne sais pas si sa te sera utile)
Avira AntiVir Personal
Report file date: dimanche 13 juillet 2008 16:24
Scanning for 1419754 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Julien
Computer name: PINGAULT
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:24:32
ANTIVIR2.VDF : 7.0.5.86 547840 Bytes 09/07/2008 13:24:37
ANTIVIR3.VDF : 7.0.5.103 247296 Bytes 11/07/2008 13:24:40
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 13/07/2008 13:25:01
AESCN.DLL : 8.1.0.22 119157 Bytes 13/07/2008 13:24:59
AERDL.DLL : 8.1.0.20 418165 Bytes 13/07/2008 13:24:58
AEPACK.DLL : 8.1.1.6 364918 Bytes 13/07/2008 13:24:54
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 13/07/2008 13:24:52
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 13/07/2008 13:24:51
AEHELP.DLL : 8.1.0.15 115063 Bytes 13/07/2008 13:24:45
AEGEN.DLL : 8.1.0.29 307573 Bytes 13/07/2008 13:24:44
AEEMU.DLL : 8.1.0.6 430451 Bytes 13/07/2008 13:24:42
AECORE.DLL : 8.1.0.32 168311 Bytes 13/07/2008 13:24:41
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, G:, E:, F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 13 juillet 2008 16:24
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '39' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Julien\Bureau\SmitfraudFix.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.108
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temp\.tt1.tmp.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\GQCNEZMO\3077ahntdksr[1].dll
[DETECTION] Is the Trojan horse TR/ATRAPS.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\GQCNEZMO\CAC9KDCJ
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\GQCNEZMO\kb456456[1]
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\S1FZK65Y\kb671231[1]
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b04770.qua'!
C:\Documents and Settings\Julien\Mes documents\Azureus Downloads\Microsoft Office 2007 Keygen.EXE
[DETECTION] Contains detection pattern of the dropper DR/VB.BZ.1
[NOTE] The file was moved to '48dd4779.qua'!
C:\Documents and Settings\Julien\Mes documents\Azureus Downloads\Microsoft Office 2007-Keygen-.zip
[0] Archive type: ZIP
--> Microsoft Office 2007 Keygen.exe
[DETECTION] Contains detection pattern of the dropper DR/Buzus.kmw.4
[NOTE] The file was moved to '49a002fa.qua'!
C:\Documents and Settings\Julien\Mes documents\Azureus Downloads\RLD-dmc4\Crack\Devil_MayCry4_DX10.exe
[DETECTION] Contains detection pattern of the dropper DR/Monderc.7415296
[NOTE] The file was moved to '48f04c3d.qua'!
C:\Documents and Settings\Julien\Mes documents\Azureus Downloads\RLD-dmc4\Crack\Devil_MayCry4_DX9.EXE
[DETECTION] Contains detection pattern of the dropper DR/Monderc.7401984
[NOTE] The file was moved to '48f04c42.qua'!
C:\Documents and Settings\Julien\Mes documents\Mes fichiers reçus\ADOBE CS3 KEYGEN-CRACK.rar
[0] Archive type: RAR
--> ADOBE CS3 KEYGEN-CRACK\Keygen Photoshop CS3 Extended.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.aae.5
[NOTE] The file was moved to '48c95012.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080713-151659-711.dll
[DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
[NOTE] The file was moved to '48dd562b.qua'!
C:\WINDOWS\system32\alzyuv.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48f45837.qua'!
C:\WINDOWS\system32\bkknhkqx.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e5583c.qua'!
C:\WINDOWS\system32\boohfarm.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e95840.qua'!
C:\WINDOWS\system32\cqelarhn.dll
[DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
[NOTE] The file was moved to '48df5853.qua'!
C:\WINDOWS\system32\faditkne.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48de5856.qua'!
C:\WINDOWS\system32\hsskmbmk.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ed5873.qua'!
C:\WINDOWS\system32\iwsaycaw.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ed5880.qua'!
C:\WINDOWS\system32\kvhcyujy.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e25884.qua'!
C:\WINDOWS\system32\lphcngtj0eedt.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e25880.qua'!
C:\WINDOWS\system32\pphcngtj0eedt.exe
[DETECTION] Is the Trojan horse TR/Fakealert.AG
[NOTE] The file was moved to '48e2589b.qua'!
C:\WINDOWS\system32\qeufjv.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ef5891.qua'!
C:\WINDOWS\system32\qrrdglxo.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ec589f.qua'!
C:\WINDOWS\system32\yvevqxgl.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48df58c4.qua'!
C:\_OTMoveIt\MovedFiles\07132008_144927\documents and settings\all users\application data\nanidcla\vilclizi.exe
[DETECTION] Is the Trojan horse TR/Obfuscated.GX.322
[NOTE] The file was moved to '48e65970.qua'!
Begin scan in 'D:\' <Disque local>
D:\Video\julien\NudgeMania.rar
[0] Archive type: RAR
--> NudgeMania.exe
[DETECTION] Is the Trojan horse TR/Flood.VB.DN.1
[NOTE] The file was moved to '48de5fbb.qua'!
D:\Video\julien\Download\movies-codecs1231.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.NMO
[NOTE] The file was moved to '48f061b0.qua'!
D:\Video\julien\Ragdoll Masters v3.0\LineRider ZaDa V1.3c.exe
[DETECTION] Is the Trojan horse TR/PSW.LdPinch.wob
[NOTE] The file was moved to '48e86595.qua'!
Begin scan in 'G:\' <USB JUJU>
Begin scan in 'E:\' <Nouveau>
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: dimanche 13 juillet 2008 22:46
Used time: 6:22:14 min
The scan has been done completely.
8184 Scanning directories
400241 Files were scanned
29 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
5 files were deleted
0 files were repaired
24 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
400212 Files not concerned
2517 Archives were scanned
1 Warnings
29 Notes
merci beaucoup de t'attarder sur mon probleme...(jai fai un scan avec antivir en mode sans echec je post le rapport je ne sais pas si sa te sera utile)
Avira AntiVir Personal
Report file date: dimanche 13 juillet 2008 16:24
Scanning for 1419754 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Julien
Computer name: PINGAULT
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:24:32
ANTIVIR2.VDF : 7.0.5.86 547840 Bytes 09/07/2008 13:24:37
ANTIVIR3.VDF : 7.0.5.103 247296 Bytes 11/07/2008 13:24:40
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 13/07/2008 13:25:01
AESCN.DLL : 8.1.0.22 119157 Bytes 13/07/2008 13:24:59
AERDL.DLL : 8.1.0.20 418165 Bytes 13/07/2008 13:24:58
AEPACK.DLL : 8.1.1.6 364918 Bytes 13/07/2008 13:24:54
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 13/07/2008 13:24:52
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 13/07/2008 13:24:51
AEHELP.DLL : 8.1.0.15 115063 Bytes 13/07/2008 13:24:45
AEGEN.DLL : 8.1.0.29 307573 Bytes 13/07/2008 13:24:44
AEEMU.DLL : 8.1.0.6 430451 Bytes 13/07/2008 13:24:42
AECORE.DLL : 8.1.0.32 168311 Bytes 13/07/2008 13:24:41
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, G:, E:, F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 13 juillet 2008 16:24
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '39' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Julien\Bureau\SmitfraudFix.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.108
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temp\.tt1.tmp.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\GQCNEZMO\3077ahntdksr[1].dll
[DETECTION] Is the Trojan horse TR/ATRAPS.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\GQCNEZMO\CAC9KDCJ
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\GQCNEZMO\kb456456[1]
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\S1FZK65Y\kb671231[1]
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b04770.qua'!
C:\Documents and Settings\Julien\Mes documents\Azureus Downloads\Microsoft Office 2007 Keygen.EXE
[DETECTION] Contains detection pattern of the dropper DR/VB.BZ.1
[NOTE] The file was moved to '48dd4779.qua'!
C:\Documents and Settings\Julien\Mes documents\Azureus Downloads\Microsoft Office 2007-Keygen-.zip
[0] Archive type: ZIP
--> Microsoft Office 2007 Keygen.exe
[DETECTION] Contains detection pattern of the dropper DR/Buzus.kmw.4
[NOTE] The file was moved to '49a002fa.qua'!
C:\Documents and Settings\Julien\Mes documents\Azureus Downloads\RLD-dmc4\Crack\Devil_MayCry4_DX10.exe
[DETECTION] Contains detection pattern of the dropper DR/Monderc.7415296
[NOTE] The file was moved to '48f04c3d.qua'!
C:\Documents and Settings\Julien\Mes documents\Azureus Downloads\RLD-dmc4\Crack\Devil_MayCry4_DX9.EXE
[DETECTION] Contains detection pattern of the dropper DR/Monderc.7401984
[NOTE] The file was moved to '48f04c42.qua'!
C:\Documents and Settings\Julien\Mes documents\Mes fichiers reçus\ADOBE CS3 KEYGEN-CRACK.rar
[0] Archive type: RAR
--> ADOBE CS3 KEYGEN-CRACK\Keygen Photoshop CS3 Extended.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.aae.5
[NOTE] The file was moved to '48c95012.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080713-151659-711.dll
[DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
[NOTE] The file was moved to '48dd562b.qua'!
C:\WINDOWS\system32\alzyuv.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48f45837.qua'!
C:\WINDOWS\system32\bkknhkqx.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e5583c.qua'!
C:\WINDOWS\system32\boohfarm.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e95840.qua'!
C:\WINDOWS\system32\cqelarhn.dll
[DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
[NOTE] The file was moved to '48df5853.qua'!
C:\WINDOWS\system32\faditkne.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48de5856.qua'!
C:\WINDOWS\system32\hsskmbmk.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ed5873.qua'!
C:\WINDOWS\system32\iwsaycaw.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ed5880.qua'!
C:\WINDOWS\system32\kvhcyujy.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e25884.qua'!
C:\WINDOWS\system32\lphcngtj0eedt.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e25880.qua'!
C:\WINDOWS\system32\pphcngtj0eedt.exe
[DETECTION] Is the Trojan horse TR/Fakealert.AG
[NOTE] The file was moved to '48e2589b.qua'!
C:\WINDOWS\system32\qeufjv.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ef5891.qua'!
C:\WINDOWS\system32\qrrdglxo.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ec589f.qua'!
C:\WINDOWS\system32\yvevqxgl.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48df58c4.qua'!
C:\_OTMoveIt\MovedFiles\07132008_144927\documents and settings\all users\application data\nanidcla\vilclizi.exe
[DETECTION] Is the Trojan horse TR/Obfuscated.GX.322
[NOTE] The file was moved to '48e65970.qua'!
Begin scan in 'D:\' <Disque local>
D:\Video\julien\NudgeMania.rar
[0] Archive type: RAR
--> NudgeMania.exe
[DETECTION] Is the Trojan horse TR/Flood.VB.DN.1
[NOTE] The file was moved to '48de5fbb.qua'!
D:\Video\julien\Download\movies-codecs1231.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.NMO
[NOTE] The file was moved to '48f061b0.qua'!
D:\Video\julien\Ragdoll Masters v3.0\LineRider ZaDa V1.3c.exe
[DETECTION] Is the Trojan horse TR/PSW.LdPinch.wob
[NOTE] The file was moved to '48e86595.qua'!
Begin scan in 'G:\' <USB JUJU>
Begin scan in 'E:\' <Nouveau>
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: dimanche 13 juillet 2008 22:46
Used time: 6:22:14 min
The scan has been done completely.
8184 Scanning directories
400241 Files were scanned
29 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
5 files were deleted
0 files were repaired
24 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
400212 Files not concerned
2517 Archives were scanned
1 Warnings
29 Notes
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
14 juil. 2008 à 11:30
14 juil. 2008 à 11:30
Salut !!
vas vider la quarantaine d antivir et ensuite repasse un coup de smtfraudfix :
double clique sur smitfraudfix puis exécuter
Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.
copier/coller le rapport dans la réponse.
vas vider la quarantaine d antivir et ensuite repasse un coup de smtfraudfix :
double clique sur smitfraudfix puis exécuter
Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.
copier/coller le rapport dans la réponse.
salut! vila le rapport:
SmitFraudFix v2.329
Rapport fait à 11:36:39,98, 14/07/2008
Executé à partir de C:\Documents and Settings\Julien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Julien\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.329
Rapport fait à 11:36:39,98, 14/07/2008
Executé à partir de C:\Documents and Settings\Julien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Julien\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
rapport smitfraudfix :
SmitFraudFix v2.329
Rapport fait à 12:21:39,71, 14/07/2008
Executé à partir de C:\Documents and Settings\Julien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
et rapport malware:
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 942
Windows 5.1.2600 Service Pack 2
13:05:51 14/07/2008
mbam-log-7-14-2008 (13-05-51).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 108708
Temps écoulé: 35 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 11
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\rhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\rhcjgtj0eedt\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcngtj0eedt.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcngtj0eedt.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
SmitFraudFix v2.329
Rapport fait à 12:21:39,71, 14/07/2008
Executé à partir de C:\Documents and Settings\Julien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC622602-5496-4CCD-93EC-9871EC034F66}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
et rapport malware:
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 942
Windows 5.1.2600 Service Pack 2
13:05:51 14/07/2008
mbam-log-7-14-2008 (13-05-51).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 108708
Temps écoulé: 35 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 11
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\rhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julien\Application Data\rhcjgtj0eedt\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\rhcjgtj0eedt\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjgtj0eedt\rhcjgtj0eedt.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcngtj0eedt.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcngtj0eedt.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
14 juil. 2008 à 21:28
14 juil. 2008 à 21:28
est ce que tu as encore des soucis avec antivirus XP 2008 ??
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
14 juil. 2008 à 21:53
14 juil. 2008 à 21:53
ok tant mieux...une derniere chose à faire pour terminer :
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :
Télécharge toolscleaner sur ton Bureau : http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
* Double-clique sur ToolsCleaner2.bat et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
Désactive et réactive la Restauration du système :
1 Dans la barre des tâches de Windows, clique sur Démarrer.
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"
4 Clique sur Appliquer.
5 Ensuite décoche "Désactiver la restauration du systeme"
6 clique sur appliquer puis ok
7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :
Télécharge toolscleaner sur ton Bureau : http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
* Double-clique sur ToolsCleaner2.bat et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
Désactive et réactive la Restauration du système :
1 Dans la barre des tâches de Windows, clique sur Démarrer.
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"
4 Clique sur Appliquer.
5 Ensuite décoche "Désactiver la restauration du systeme"
6 clique sur appliquer puis ok
7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.
Merci voila
-->- Recherche:
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Julien\Bureau\anti virus\HijackThis.lnk: trouvé !
C:\Documents and Settings\Julien\Bureau\anti virus\VirtumundoBeGone.exe: trouvé !
C:\Documents and Settings\Julien\Bureau\anti virus\HJTInstall.exe: trouvé !
C:\Documents and Settings\Julien\Bureau\anti virus\SmitFraudfix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Julien\Bureau\anti virus\HijackThis.lnk: supprimé !
C:\Documents and Settings\Julien\Bureau\anti virus\VirtumundoBeGone.exe: supprimé !
C:\Documents and Settings\Julien\Bureau\anti virus\HJTInstall.exe: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Julien\Bureau\anti virus\SmitFraudfix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
-->- Recherche:
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Julien\Bureau\anti virus\HijackThis.lnk: trouvé !
C:\Documents and Settings\Julien\Bureau\anti virus\VirtumundoBeGone.exe: trouvé !
C:\Documents and Settings\Julien\Bureau\anti virus\HJTInstall.exe: trouvé !
C:\Documents and Settings\Julien\Bureau\anti virus\SmitFraudfix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Julien\Bureau\anti virus\HijackThis.lnk: supprimé !
C:\Documents and Settings\Julien\Bureau\anti virus\VirtumundoBeGone.exe: supprimé !
C:\Documents and Settings\Julien\Bureau\anti virus\HJTInstall.exe: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Julien\Bureau\anti virus\SmitFraudfix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !