vundo malware Résolu/Fermé

Question

Bonjour,
J'ai un gros problème, mon ordinateur a été infecté par Vundo Malware et je n'arrive pas à m'en débarrasser. J'utilise Malwarebyte's Anti-Malware mais à chaque nouveau scan, il y a de nouveaux éléments infectés (Trojan.vundo).
Que dois-je faire pour totalement m'en débarrasser, s'il vous plait? 

Un grand merci d'avance.

Voici une copie du rapport de Malwarebyte's Anti-malware : 
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1052
Windows 5.1.2600 Service Pack 2

13:55:31 15/08/2008
mbam-log-8-15-2008 (13-55-20).txt

Type de recherche: Examen rapide
Eléments examinés: 44137
Temps écoulé: 6 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\pmnlkHWM.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32
nnliGvS.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d1f3e18-f50a-4da8-9389-821fef48e61f} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9d1f3e18-f50a-4da8-9389-821fef48e61f} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8ed025a9-a060-4e8c-9d96-6ec15c0b83de} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ed025a9-a060-4e8c-9d96-6ec15c0b83de} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
nnligvs (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8ed025a9-a060-4e8c-9d96-6ec15c0b83de} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnlkhwm -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnlkhwm  -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

geoffrey5 · Answer

Salut !!

tu n as pas appliqué d action avec malwarebytes, il faut que tu refasses l analyse et supprimer ce qu il a trouvé...

ensuite :

Télécharge  hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :

https://www.androidworld.fr/

raphy00 · Answer

Salut,

1.Supprime tout ca.


2.Clique sur ce lien 
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe 
pour télécharger le fichier d'installation d'HijackThis. 

Enregistre HJTInstall.exe sur ton bureau. 

Double-clique sur HJTInstall.exe pour lancer le programme 

Par défaut, il s'installera là : 
C:\Program Files\Trend Micro\HijackThis 

Avant toute installation, renommes le en lalala.exe.

Accepte la license en cliquant sur le bouton "I Accept"

Ensuite clique sur "do a system scan and save a logfile" et postes le rapport.

raphy00 · Answer

Je te laisse ;-))
Pour suivre.

geoffrey5 · Answer

Salut raphy00 !!

je m en occupe merci  ;-)

geoffrey5 · Answer

aide toi de ce tuto pour supprimer correctement ce que malwarebytes a trouvé :

https://www.androidworld.fr/

Amélie852 · Answer

Merci pour votre rapidité, 

voici le rapport : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:13, on 15/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\A-SQUA~1\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\SoftPerfect Personal Firewall\fw.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [SoftPerfect Personal Firewall] C:\Program Files\SoftPerfect Personal Firewall\fw.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZJ
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Amy\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: gqmydj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRA~1\A-SQUA~1\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Utilisateur anonyme · Answer

Salut ,

pour suivre aussi 

bonne suite

geoffrey5 · Answer

refais une analyse complete avec malwarebytes comme je t ai demandé en t aidant du tuto pour supprimer corectement.

ensuite :

Télécharge sur le bureau virtumundobegone : 

(c est le numéro 13 en bas de la page) : https://www.androidworld.fr/ 

déconnecte internet et désactive ton antivirus le temps de la manipulation



=> Double clic sur VirtumundoBeGone.exe 
=> Clic Continue ==> clic Start 
=> Clic Oui 
=> A la fin si Vundo est présent , le PC s’éteint et redémarre 
- Si Ecran bleu et message : Erreur fatale .. pas de problème 
=> Poster le rapport VBG.TXT qui est sur le bureau 

ensuite :

télécharge combofix (par sUBs) à cette adresse : 

(c est le numéro 5 en bas de la page) : https://www.androidworld.fr/

et enregistre le sur le Bureau. 

  
désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware) 


Voici un tuto pour bien l'installer et savoir l utiliser : https://www.androidworld.fr/
 

envois le rapport 

et ensuite va renommer hijackthis comme expliqué dans le lien que je t avais envoyé avec hijackthis et refais un nouveau rapport stp

Amélie852 · Answer

Désolée, Hijack This est maintenant correctement renommé, j'attends que le scan de Malwarebytes soit fini(ce qui peut prendre du temps :s) et de faire le reste avant de le relancer ;)

geoffrey5 · Answer

ok amélie...j attends tes rapports  ;-)

Amélie852 · Answer

voila le rapport VBG.txt:

[08/15/2008, 15:38:27] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Amy\Bureau\VirtumundoBeGone.exe" )
[08/15/2008, 15:38:31] - Detected System Information:
[08/15/2008, 15:38:31] -  Windows Version: 5.1.2600, Service Pack 2
[08/15/2008, 15:38:31] -  Current Username: Amy (Admin)
[08/15/2008, 15:38:31] -  Windows is in NORMAL mode.
[08/15/2008, 15:38:31] - Searching for Browser Helper Objects:
[08/15/2008, 15:38:31] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/15/2008, 15:38:31] -  BHO 2: {0fd8388e-fbfb-4e85-989c-4d588a9b09ac} ()
[08/15/2008, 15:38:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:31] -  No filename found. Continuing.
[08/15/2008, 15:38:31] -  BHO 3: {1163CEEB-7C80-4F41-BD2B-A8653949421F} ()
[08/15/2008, 15:38:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:31] -  No filename found. Continuing.
[08/15/2008, 15:38:31] -  BHO 4: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} ()
[08/15/2008, 15:38:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:31] -  No filename found. Continuing.
[08/15/2008, 15:38:31] -  BHO 5: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[08/15/2008, 15:38:31] -  BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/15/2008, 15:38:31] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/15/2008, 15:38:31] -  BHO 8: {7C0FB51D-3E18-422F-9211-D60AA0ECAFA1} ()
[08/15/2008, 15:38:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:31] -  Checking for HKLM\...\Winlogon\Notify\pmnlkHWM
[08/15/2008, 15:38:31] -  Key not found: HKLM\...\Winlogon\Notify\pmnlkHWM, continuing.
[08/15/2008, 15:38:31] -  BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/15/2008, 15:38:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:31] -  No filename found. Continuing.
[08/15/2008, 15:38:31] -  BHO 10: {8ED025A9-A060-4E8C-9D96-6EC15C0B83DE} ()
[08/15/2008, 15:38:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:31] -  Checking for HKLM\...\Winlogon\Notify
nnliGvS
[08/15/2008, 15:38:31] -  Found: HKLM\...\Winlogon\Notify
nnliGvS - This is probably Virtumundo.
[08/15/2008, 15:38:31] -  Assigning {8ED025A9-A060-4E8C-9D96-6EC15C0B83DE} MSEvents Object
[08/15/2008, 15:38:31] - BHO list has been changed! Starting over...
[08/15/2008, 15:38:31] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/15/2008, 15:38:31] -  BHO 2: {0fd8388e-fbfb-4e85-989c-4d588a9b09ac} ()
[08/15/2008, 15:38:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:31] -  No filename found. Continuing.
[08/15/2008, 15:38:31] -  BHO 3: {1163CEEB-7C80-4F41-BD2B-A8653949421F} ()
[08/15/2008, 15:38:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:31] -  No filename found. Continuing.
[08/15/2008, 15:38:31] -  BHO 4: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} ()
[08/15/2008, 15:38:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:31] -  No filename found. Continuing.
[08/15/2008, 15:38:31] -  BHO 5: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[08/15/2008, 15:38:31] -  BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/15/2008, 15:38:31] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/15/2008, 15:38:31] -  BHO 8: {7C0FB51D-3E18-422F-9211-D60AA0ECAFA1} ()
[08/15/2008, 15:38:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:31] -  Checking for HKLM\...\Winlogon\Notify\pmnlkHWM
[08/15/2008, 15:38:31] -  Key not found: HKLM\...\Winlogon\Notify\pmnlkHWM, continuing.
[08/15/2008, 15:38:31] -  BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/15/2008, 15:38:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:31] -  No filename found. Continuing.
[08/15/2008, 15:38:31] -  BHO 10: {8ED025A9-A060-4E8C-9D96-6EC15C0B83DE} (MSEvents Object)
[08/15/2008, 15:38:31] - ALERT: Found MSEvents Object!
[08/15/2008, 15:38:31] -  BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[08/15/2008, 15:38:31] -  BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/15/2008, 15:38:31] -  BHO 13: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/15/2008, 15:38:31] -  BHO 14: {BF6D4224-A7A0-4F79-A73C-FDE7E25F27A6} ()
[08/15/2008, 15:38:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:31] -  No filename found. Continuing.
[08/15/2008, 15:38:31] -  BHO 15: {D75B4C3A-50A7-45F5-92B4-9A96E43AF2EC} ()
[08/15/2008, 15:38:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:31] -  No filename found. Continuing.
[08/15/2008, 15:38:31] -  BHO 16: {DF427E5C-9C9E-4189-A4DF-B98BD5B901D9} ()
[08/15/2008, 15:38:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:31] -  No filename found. Continuing.
[08/15/2008, 15:38:31] - Finished Searching Browser Helper Objects
[08/15/2008, 15:38:31] - *** Detected MSEvents Object
[08/15/2008, 15:38:31] - Trying to remove MSEvents Object...
[08/15/2008, 15:38:32] -    Terminating Process: IEXPLORE.EXE
[08/15/2008, 15:38:33] -    Terminating Process: RUNDLL32.EXE
[08/15/2008, 15:38:33] -    Disabling Automatic Shell Restart
[08/15/2008, 15:38:33] -    Terminating Process: EXPLORER.EXE
[08/15/2008, 15:38:34] -    Suspending the NT Session Manager System Service
[08/15/2008, 15:38:34] -    Terminating Windows NT Logon/Logoff Manager
[08/15/2008, 15:38:34] -    Re-enabling Automatic Shell Restart
[08/15/2008, 15:38:34] -   File to disable: C:\WINDOWS\system32
nnliGvS.dll
[08/15/2008, 15:38:34] -  Renaming C:\WINDOWS\system32
nnliGvS.dll -> C:\WINDOWS\system32
nnliGvS.dll.vir
[08/15/2008, 15:38:34] -  File successfully renamed!
[08/15/2008, 15:38:34] -   Removing HKLM\...\Browser Helper Objects\{8ED025A9-A060-4E8C-9D96-6EC15C0B83DE}
[08/15/2008, 15:38:35] -   Removing HKCR\CLSID\{8ED025A9-A060-4E8C-9D96-6EC15C0B83DE}
[08/15/2008, 15:38:36] -   Adding Kill Bit for ActiveX for GUID: {8ED025A9-A060-4E8C-9D96-6EC15C0B83DE}
[08/15/2008, 15:38:36] -   Deleting ATLEvents/MSEvents Registry entries
[08/15/2008, 15:38:36] -   Removing HKLM\...\Winlogon\Notify
nnliGvS
[08/15/2008, 15:38:36] - Searching for Browser Helper Objects:
[08/15/2008, 15:38:36] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/15/2008, 15:38:36] -  BHO 2: {0fd8388e-fbfb-4e85-989c-4d588a9b09ac} ()
[08/15/2008, 15:38:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:36] -  No filename found. Continuing.
[08/15/2008, 15:38:36] -  BHO 3: {1163CEEB-7C80-4F41-BD2B-A8653949421F} ()
[08/15/2008, 15:38:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:36] -  No filename found. Continuing.
[08/15/2008, 15:38:36] -  BHO 4: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} ()
[08/15/2008, 15:38:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:36] -  No filename found. Continuing.
[08/15/2008, 15:38:36] -  BHO 5: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[08/15/2008, 15:38:36] -  BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/15/2008, 15:38:36] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/15/2008, 15:38:36] -  BHO 8: {7C0FB51D-3E18-422F-9211-D60AA0ECAFA1} ()
[08/15/2008, 15:38:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:36] -  Checking for HKLM\...\Winlogon\Notify\pmnlkHWM
[08/15/2008, 15:38:36] -  Key not found: HKLM\...\Winlogon\Notify\pmnlkHWM, continuing.
[08/15/2008, 15:38:36] -  BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/15/2008, 15:38:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:36] -  No filename found. Continuing.
[08/15/2008, 15:38:36] -  BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[08/15/2008, 15:38:36] -  BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/15/2008, 15:38:36] -  BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/15/2008, 15:38:36] -  BHO 13: {BF6D4224-A7A0-4F79-A73C-FDE7E25F27A6} ()
[08/15/2008, 15:38:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:36] -  No filename found. Continuing.
[08/15/2008, 15:38:36] -  BHO 14: {D75B4C3A-50A7-45F5-92B4-9A96E43AF2EC} ()
[08/15/2008, 15:38:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:36] -  No filename found. Continuing.
[08/15/2008, 15:38:36] -  BHO 15: {DF427E5C-9C9E-4189-A4DF-B98BD5B901D9} ()
[08/15/2008, 15:38:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/15/2008, 15:38:36] -  No filename found. Continuing.
[08/15/2008, 15:38:36] - Finished Searching Browser Helper Objects
[08/15/2008, 15:38:36] - Finishing up...
[08/15/2008, 15:38:36] - A restart is needed.
[08/15/2008, 15:38:43] - Attempting to Restart via STOP error (Blue Screen!)

geoffrey5 · Answer

ok fais la suite stp...

virtumundobegone a redémarré ton pc apres l analyse ??

Amélie852 · Answer

d'ailleurs je me suis rendue compte que le résident de Avast n'était plus dans ma barre des tâches, j'ai donc été le rechercher dans le gestionnaire de tâche (nouvelle tâche), et au redémarrage, Avast m'a demandé de mettre en quarantaine : pmnlkHWM.dll (Win32:Trojan-gen {Other} ), ce que j'ai fait...

geoffrey5 · Answer

ok...fais la suite stp

Amélie852 · Answer

voici le rapport mais lorsque j'ai double-cliqué sur Combofix, j'ai eu un message de dégagement de responsabilité mais comme une fenetre Windows et pas dans l'écran bleu comme dans le tuto. Le reste s'est bien passé. ComboFix 08-08-14.03 - Amy 2008-08-15 15:57:17.2 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.163 [GMT 2:00] Endroit: C:\Documents and Settings\Amy\Bureau\ComboFix.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\bmuecwfh.dll C:\WINDOWS\system32\gmkbir.dll C:\WINDOWS\system32\MWHklnmp.ini C:\WINDOWS\system32\MWHklnmp.ini2 C:\WINDOWS emp\perflib_perfdata_1cc.dat . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))))))) . 2008-08-15 14:20 . 2008-08-15 14:20 d-------- C:\Program Files\Trend Micro 2008-08-14 18:27 . 2008-08-14 18:27 d--hs---- C:\FOUND.000 2008-08-14 11:55 . 2008-08-14 11:55 d-------- C:\Documents and Settings\Amy\Application Data\Malwarebytes 2008-08-14 11:54 . 2008-08-14 11:54 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-14 11:54 . 2008-08-14 11:54 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-14 11:54 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-14 11:54 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-14 11:51 . 2008-08-14 11:51 1,388,544 --a------ C:\WINDOWS\system32\dmkyuojn.tmp 2008-08-14 10:58 . 2008-08-14 10:58 d-------- C:\Documents and Settings\All Users\Application Data\services 2008-08-14 10:56 . 2008-08-14 10:57 34,176 --a------ C:\WINDOWS\system32 nnliGvS.dll.vir 2008-08-09 14:53 . 2008-08-09 14:53 d-------- C:\Documents and Settings\Amy\Application Data\Big Fish Games 2008-08-08 14:29 . 2008-08-08 14:29 d-------- C:\Documents and Settings\Amy\Application Data\PlayFirst 2008-08-08 14:29 . 2008-08-08 14:29 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-08-07 23:38 . 2008-08-07 23:38 d-------- C:\Documents and Settings\Amy\Application Data\Sudden Games 2008-08-07 20:56 . 2008-08-07 20:56 38 --a------ C:\WINDOWS\avisplitter.INI 2008-08-06 14:56 . 2008-08-06 14:56 d-------- C:\Documents and Settings\Amy\Application Data\Gaijin Ent 2008-08-05 21:47 . 2008-08-05 21:47 d-------- C:\Documents and Settings\Amy\Application Data\BloodTies 2008-08-05 00:37 . 2008-08-05 00:37 d-------- C:\Documents and Settings\Amy\Application Data\GamesCafe 2008-08-05 00:36 . 2008-08-05 00:36 d-------- C:\My Games 2008-08-05 00:33 . 2008-08-05 00:33 d-------- C:\My Download Files 2008-08-05 00:24 . 2008-08-05 00:24 774,144 --a------ C:\Program Files\RngInterstitial.dll 2008-08-04 23:10 . 2008-08-04 23:10 d-------- C:\Program Files\Fichiers communs\Oberon Media 2008-08-04 23:10 . 2008-08-04 23:10 d-------- C:\Program Files\Chill 2008-08-03 19:49 . 2008-08-03 19:49 d-------- C:\Program Files\Trymedia 2008-08-02 20:32 . 2008-08-02 20:32 d-------- C:\WINDOWS\Fashion Star 2008-07-31 12:59 . 2008-07-31 12:59 d-------- C:\Program Files\iPod 2008-07-23 01:54 . 2008-07-23 01:54 d-------- C:\Program Files\Fichiers communs\PocketSoft 2008-07-23 01:54 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll 2008-07-22 23:19 . 2008-07-22 23:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-07-22 23:18 . 2008-07-22 23:18 d-------- C:\Documents and Settings\Amy\Application Data\Leadertech 2008-07-22 22:55 . 2008-07-22 22:56 d-------- C:\Documents and Settings\Amy\Application Data\Atari 2008-07-21 21:35 . 2008-07-21 21:35 d-------- C:\Documents and Settings\Amy\Application Data\blg 2008-07-21 21:35 . 2008-07-21 21:35 d-------- C:\Documents and Settings\All Users\Application Data\blg 2008-07-19 14:05 . 2008-07-19 14:05 378 --a------ C:\WINDOWS\wininit.ini 2008-07-19 14:05 . 2008-07-19 14:05 123 --a------ C:\WINDOWS mpcpyis.bat 2008-07-19 14:05 . 2008-07-19 14:05 122 --a------ C:\WINDOWS mpdelis.bat 2008-07-19 14:05 . 2008-07-19 14:05 26 --a------ C:\WINDOWS\winstart.bat 2008-07-18 15:31 . 2008-07-18 15:31 d-------- C:\Documents and Settings\Amy\Application Data\OpenOffice.org2 2008-07-18 14:18 . 2008-07-18 14:18 d-------- C:\Program Files\OpenOffice.org 2.4 2008-07-18 12:30 . 2008-07-18 12:30 d-------- C:\Program Files\DNA 2008-07-18 12:30 . 2008-07-18 12:30 d-------- C:\Program Files\BitTorrent 2008-07-18 12:30 . 2008-07-18 12:30 d-------- C:\Documents and Settings\Amy\Application Data\DNA 2008-07-18 12:30 . 2008-07-18 12:30 d-------- C:\Documents and Settings\Amy\Application Data\BitTorrent 2008-07-17 22:29 . 2008-07-17 22:29 d---s---- C:\WINDOWS\system32\%SystemDrive% 2008-07-17 22:29 . 2008-07-17 22:29 d-------- C:\WINDOWS\Google Toolbar 2008-07-17 22:29 . 2008-07-17 22:29 d-------- C:\WINDOWS\__SkypeIEToolbar_Cache 2008-07-16 15:06 . 2008-07-16 15:06 d-------- C:\Documents and Settings\Amy\Application Data\Zylom 2008-07-16 15:04 . 2008-07-16 15:04 d-------- C:\Program Files\Zylom Games . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-12 16:24 --------- d-----w C:\Program Files\Bonjour 2008-07-12 16:23 --------- d-----w C:\Program Files\QuickTime 2008-07-11 14:40 --------- d-----w C:\Documents and Settings\Amy\Application Data\iWinArcade 2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-09 10:33 --------- d-----w C:\Program Files\RealArcade 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll 2008-07-07 16:55 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-06-29 18:48 --------- d-----w C:\Documents and Settings\Amy\Application Data\Boomzap 2008-06-25 23:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-23 18:45 0 ----a-w C:\Program Files emp01 2008-06-23 09:21 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers cpip.sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache cpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers cpip6.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache cpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2007-07-13 19:44 456,272 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe 2007-07-04 10:11 80 --sh--r C:\WINDOWS\system32\B66B4B8766.dll 2007-07-13 21:02 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-07-13 21:02 88 --sh--r C:\WINDOWS\system32\66874B6BB6.sys . ((((((((((((((((((((((((((((( snapshot@2008-08-02_22.41.53.09 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-23 04:16:40 124,928 ------w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll + 2008-04-23 04:16:40 347,136 ------w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll + 2008-04-23 04:16:40 214,528 ------w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll + 2008-04-23 04:16:40 133,120 ------w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll + 2008-04-23 04:16:40 63,488 ------w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll + 2008-04-22 07:41:08 70,656 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe + 2008-04-23 04:16:40 153,088 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll + 2008-04-23 04:16:40 230,400 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll + 2008-04-20 05:07:52 161,792 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll + 2008-04-23 04:16:40 383,488 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll + 2008-04-23 04:16:40 384,512 ------w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll + 2008-04-23 04:16:40 6,066,176 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll + 2008-04-23 04:16:40 44,544 ------w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll + 2008-04-23 04:16:40 267,776 ------w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll + 2008-04-22 07:39:58 13,824 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe + 2008-04-22 07:41:30 625,664 ------w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe + 2008-04-23 04:16:40 27,648 ------w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll + 2008-04-23 04:16:40 459,264 ------w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll + 2008-04-23 04:16:40 52,224 ------w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll + 2008-04-23 20:16:42 3,591,680 ------w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll + 2008-04-23 04:16:40 478,208 ------w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll + 2008-04-23 04:16:40 193,024 ------w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll + 2008-04-23 04:16:40 671,232 ------w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll + 2008-04-23 04:16:40 102,912 ------w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll + 2008-04-23 04:16:40 44,544 ------w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll + 2007-03-06 01:34:38 216,800 ------w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 ------w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll + 2008-04-23 04:16:40 105,984 ------w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll + 2008-04-23 04:16:40 1,159,680 ------w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll + 2008-04-23 04:16:40 233,472 ------w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll + 2008-04-23 04:16:40 826,368 ------w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll - 2008-04-23 04:16:40 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-06-23 16:28:18 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2008-04-23 04:16:40 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-06-23 16:28:18 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll - 2008-04-23 04:16:40 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-06-23 16:28:18 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-04-23 04:16:40 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-06-23 16:28:18 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-04-23 04:16:40 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-06-23 16:28:18 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-04-23 04:16:40 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-06-23 16:28:18 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll - 2008-04-23 04:16:40 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-06-23 16:28:18 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2008-04-23 04:16:40 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-06-23 16:28:18 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2008-04-23 04:16:40 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-06-23 16:28:18 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2008-04-23 04:16:40 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-06-23 16:28:18 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-04-23 04:16:40 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll + 2008-06-23 16:28:20 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll - 2008-04-23 04:16:40 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-06-23 16:28:20 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll - 2008-04-23 04:16:40 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-06-23 16:28:20 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll - 2007-08-21 06:17:24 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll + 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll - 2008-04-23 04:16:40 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-06-23 16:28:20 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2004-08-05 03:00:00 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll + 2008-05-01 14:31:48 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll - 2008-04-23 04:16:40 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-06-23 16:28:20 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2008-04-23 04:16:40 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-06-23 16:28:20 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2008-04-23 04:16:40 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-06-23 16:28:22 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-04-23 04:16:40 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-06-23 16:28:22 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-04-23 04:16:40 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-06-23 16:28:22 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-04-23 04:16:40 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll + 2008-06-23 16:28:22 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll - 2008-04-23 04:16:40 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-06-23 16:28:22 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2008-04-23 04:16:40 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll + 2008-06-23 16:28:22 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll - 2008-04-23 04:16:40 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-06-23 16:28:24 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-04-23 04:16:40 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-06-23 16:28:24 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll - 2008-04-23 04:16:40 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-06-23 16:28:24 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-04-23 04:16:40 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-06-23 16:28:18 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-04-23 04:16:40 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-06-23 16:28:18 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-04-23 04:16:40 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-06-23 16:28:18 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll - 2008-04-23 04:16:40 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-06-23 16:28:18 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2008-04-22 07:41:08 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2008-06-23 09:21:30 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2008-04-23 04:16:40 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2008-06-23 16:28:18 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2008-04-23 04:16:40 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2008-06-23 16:28:18 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2008-04-20 05:07:52 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2008-04-23 04:16:40 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-06-23 16:28:18 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2008-04-23 04:16:40 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2008-06-23 16:28:18 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2008-04-23 04:16:40 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-06-23 16:28:20 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2008-04-23 04:16:40 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2008-06-23 16:28:20 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2008-04-23 04:16:40 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-06-23 16:28:20 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2007-08-21 06:17:24 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll + 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll - 2008-04-23 04:16:40 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-06-23 16:28:20 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-08-05 18:11:02 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe - 2008-04-23 04:16:40 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-06-23 16:28:20 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2008-04-23 04:16:40 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-06-23 16:28:20 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2008-04-23 20:16:42 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-06-24 08:28:24 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-04-23 04:16:40 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-06-23 16:28:22 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-04-23 04:16:40 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-06-23 16:28:22 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-04-23 04:16:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-06-23 16:28:22 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2008-04-23 04:16:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll + 2008-06-23 16:28:22 102,912 ----a-w C:\WINDOWS\system32\occache.dll - 2008-04-23 04:16:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-06-23 16:28:22 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2007-11-30 12:39:30 18,296 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll - 2007-11-13 10:31:12 60,416 ------w C:\WINDOWS\system32 zchange.exe + 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32 zchange.exe - 2008-04-23 04:16:40 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-06-23 16:28:22 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2008-04-23 04:16:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-06-23 16:28:24 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-04-23 04:16:40 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-06-23 16:28:24 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll - 2008-04-23 04:16:40 826,368 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-06-23 16:28:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-08-15 14:02:24 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_7a0.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 15:07 68856] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-18 12:30 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 16:17 102491] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 16:16 692315] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-18 04:09 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-18 04:06 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-18 04:10 114688] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 09:30 69632] "EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 15:59 212992] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 17:38 458752] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00 397312] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208] "SoftPerfect Personal Firewall"="C:\Program Files\SoftPerfect Personal Firewall\fw.exe" [2005-07-15 01:30 1328128] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2008-04-27 20:54 185896] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064] "RTHDCPL"="RTHDCPL.EXE" [2005-11-16 20:27 15600128 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\geBqQGaB] [BU] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=gqmydj.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\DNA\btdna.exe"= "C:\Program Files\BitTorrent\bittorrent.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\WINDOWS\System32\dpnsvr.exe"= "C:\Program Files\Skype\Phone\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo "37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo "37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo "37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34] S3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys [2002-12-27 18:26] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-08-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-07 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1212850618.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52] . - - - - ORPHANS REMOVED - - - - BHO-{0fd8388e-fbfb-4e85-989c-4d588a9b09ac} - (no file) BHO-{1163CEEB-7C80-4F41-BD2B-A8653949421F} - (no file) BHO-{7C0FB51D-3E18-422F-9211-D60AA0ECAFA1} - (no file) BHO-{8ED025A9-A060-4E8C-9D96-6EC15C0B83DE} - (no file) BHO-{BBA89305-AF9C-4BFC-96B5-BDB12249CE22} - C:\WINDOWS\system32\pmnlkHWM.dll BHO-{BF6D4224-A7A0-4F79-A73C-FDE7E25F27A6} - (no file) BHO-{D75B4C3A-50A7-45F5-92B4-9A96E43AF2EC} - (no file) BHO-{DF427E5C-9C9E-4189-A4DF-B98BD5B901D9} - (no file) Notify-nnnliGvS - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\5ic4al80.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.yahoo.com/ FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer pzylomgamesplayer.dll FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser ppdf32.dll FF -: plugin - C:\Program Files\DNA\plugins pbtdna.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins pitunes.dll FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla pracplug.dll FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins oreg\NPVeohVersion.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-15 16:03:21 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\PROGRAM FILES\A-SQUARED FREE\A2SERVICE.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE C:\WINDOWS\SYSTEM32\PSISERVICE.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE C:\PROGRAM FILES\LAUNCH MANAGER\QTZGACER.EXE C:\WINDOWS\SYSTEM32\IGFXSRVC.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\WINDOWS\system32\igfxext.exe C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-15 16:07:56 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-15 14:07:46 ComboFix2.txt 2008-08-02 20:42:48 Pre-Run: 3,142,844,416 octets libres Post-Run: 3,649,503,232 octets libres 396 --- E O F --- 2008-08-14 01:04:51 Voici le rapport du Hijack this : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:15:19, on 15/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\A-SQUA~1\a2service.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\acer\Empowering Technology\ePower\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Acer\Empowering Technology\admtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\SoftPerfect Personal Firewall\fw.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32 otepad.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\lalala.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer pbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins eg\VeohToolbar.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [SoftPerfect Personal Firewall] C:\Program Files\SoftPerfect Personal Firewall\fw.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: hp psc 1000 series.lnk = ? O8 - Extra context menu item: &Search - ?p=ZJ O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Amy\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: gqmydj.dll O20 - Winlogon Notify: geBqQGaB - C:\WINDOWS\ O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRA~1\A-SQUA~1\a2service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap pcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

geoffrey5 · Answer

avais tu bien supprimé les éléments infectés que malwarebytes avait trouvé ?? (deuxième analyse)

Amélie852 · Answer

oui oui, j'ai supprimé de la quarantaine aussi...

geoffrey5 · Answer

ok fais ceci :

relance hijackthis en cliquant sur scan only et coches ces lignes stp :

O4 - Global Startup: hpoddt01.exe.lnk = ? 
O4 - Global Startup: hp psc 1000 series.lnk = ? 
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab 

puis tu cliques sur fix checked.

vas faire la mise à niveau d adobe reader à cette adresse :

https://get2.adobe.com/reader/otherversions/

et ensuite désinstalle la version antérieure 7.0

est ce que tu as encore des problemes ??

Amélie852 · Answer

voila j'ai installé adobe reader  9  mais je ne vois pas la version antérieure.....

geoffrey5 · Answer

elle n est pas dans le panneau de configuration => ajout/suppression de programmes ??

Amélie852 · Answer

ben non  y a que le 9    c bizarre

Amélie852 · Answer

par contre je viens de voir une getPlus(R) avec le logo adobe

geoffrey5 · Answer

ok...c est qu il l a remplacé...si tu as encore le raccourci sur le bureau tu peux le supprimer..

est ce que tu as encore des problemes ??

Amélie852 · Answer

j'ai un fichier Acrobat 7.0 et un Reader 9.0 dans C:\Program Files\Adobe

Amélie852 · Answer

Pour l'instant oui ca va mais je pensais avoir résolu le problème hier soir....
C'est revenu ce matin
En tout cas un grand merci pour ton aide et ton efficacité. je vais attendre demain pour indiquer "résolu":-)

Amélie852 · Answer

ah oui j'oubliais   je vire l'acrobat 7.0??

geoffrey5 · Answer

supprime la 7.0

ok...mais reviens signaler demain car il y a d autres choses à faire pour terminer..

je te souhaite de passer une bonne soirée @+


PS : demain je suis invité à un mariage donc je te répondrai surement dimanche  ;-)

Amélie852 · Answer

ha je pensais que c'était terminé, on peut le faire maintenant si ca te convient.

geoffrey5 · Answer

ok c est comme tu veux...

si tu n as plus de problemes tu peux faire ceci :

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :  

Télécharge toolscleaner sur ton Bureau : 

(c est le numéro 15 en bas de la page) : https://www.androidworld.fr/ 

* Double-clique sur ToolsCleaner2.exe et laisse le travailler 
* Clique sur Recherche et laisse le scan se terminer. 
* Clique sur Suppression pour finaliser. 
* Tu peux, si tu le souhaites, te servir des Options facultatives. 
* Clique sur Quitter, pour que le rapport puisse se créer. 
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse


Désactive et réactive la Restauration du système :
 
1 Dans la barre des tâches de Windows, clique sur Démarrer.
 
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
 
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

4 Clique sur Appliquer.
  
5 Ensuite décoche "Désactiver la restauration du systeme"

6 clique sur appliquer puis ok

7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.


Tu peux mettre ton problème résolu !!

https://www.commentcamarche.net/list 11365 marquer un fil de discussion comme etant resolu

Amélie852 · Answer

voila le rapport tcleaner.txt
-->- Recherche: 

C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Amy\Bureau\VirtumundoBeGone.exe: trouvé !
C:\Documents and Settings\Amy\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Amy\Bureau\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Amy\Bureau\VirtumundoBeGone.exe: supprimé !
C:\Documents and Settings\Amy\Bureau\ComboFix.exe: Erreur de suppression !
C:\Documents and Settings\Amy\Bureau\HJTInstall.exe: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !


Merci beaucoup en tout cas. 
Bonne soirée. Bon amusement au mariage:)

geoffrey5 · Answer

Mais de rien Amélie ;-)

merci @+

Vundo malware

31 réponses

Discussions similaires

Newsletters