Infection par backdoor et trojan spy goldun
vinc64
Messages postés
12
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Pouvez vous m'aider svp
J'ai laissé un message non traité il y a quelques jours d'une infection par backdoor agent AOU, ce matin mon bitdefender m'a détecté un trojan spy goldun. J'ai essayé de suivre la procédure là:
http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr
Mais au moment de scanner on line (étape3), le bit defender on line a désinstallé mon bitdefender, et n'a pas fonctionné. Je ne peux réinstaller mon bitdefender car j'ai un message d'erreur concernant "smss.exe" ou un fichier ayant smss dans le nom. (Je crois que c'est parce que je suis allé sur le site avec Mozilla et qu'il ne m'a pas affiché la page avec le scanner et que j'ai téléchargé une nouvelle version "free" de bitfender qui a désinstallé la mienne, car lorsque j'y suis allé avec ie, je m'aperçois que j'ai une autre page qui s'affiche. De toute manière le scan ne fonctionne pas et me propose la page de résolution de pb en anglais)
Je ne peux non plus éradiquer les fichiers incriminés qui sont newmsg et newmsg_1 dans le temp de localsetting. J'ai essayé Trend Micro scan en ligne d'antivirus qui m'a marqué une série d'erreurs, je n'ai pu en noter que deux mais apparemment, il a détecté un WORM SQLP1434.A (à moins qu'il s'agisse d'un autre nom d'un des virus déjà cités) en rapport avec Microsoft SQL Server 2000 & Microsoft Desktop Engine (MSDE) 2000.
Voici les différents rapports dont je dispose:
Le bitdefender initial qui détecte le trojan:
Produit BitDefender Antivirus Plus v10
// Produit 10.2
//
// Créé le: 28/09/2008 09:29:44
//
//-----------------------------------------------------------------
Statistiques
Chemin cible: C:\Documents and Settings\Vincent\Local Settings\Temp\mgxfonts.exe
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxmbkgstd.bmp
C:\Documents and Settings\Vincent\Local Settings\Temp\Microsoft Office 2003 Setup(0001).txt
C:\Documents and Settings\Vincent\Local Settings\Temp\Microsoft Office 2003 Setup(0001)_Task(0001).txt
C:\Documents and Settings\Vincent\Local Settings\Temp\MSId2e5d.LOG
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1
C:\Documents and Settings\Vincent\Local Settings\Temp\nscopy.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail.eml
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail.html
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-1.eml
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-1.html
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-1.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-2.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-3.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-4.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-5.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-6.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-7.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-8.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-9.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-10.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-11.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\offcln11.log
C:\Documents and Settings\Vincent\Local Settings\Temp\redist.log
C:\Documents and Settings\Vincent\Local Settings\Temp\SetupExe(2008092215550735B0).log
C:\Documents and Settings\Vincent\Local Settings\Temp\SetupExe(2008092216072637D4).log
C:\Documents and Settings\Vincent\Local Settings\Temp\unwise.exe
C:\Documents and Settings\Vincent\Local Settings\Temp\UserInfoSetup(2008092215550935B0).log
C:\Documents and Settings\Vincent\Local Settings\Temp\UserInfoSetup(2008092216072837D4).log
C:\Documents and Settings\Vincent\Local Settings\Temp\WCESCOMM.LOG
C:\Documents and Settings\Vincent\Local Settings\Temp\WCESLog.log
C:\Documents and Settings\Vincent\Local Settings\Temp\WcesView.log
C:\Documents and Settings\Vincent\Local Settings\Temp\WT2AA4.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\WT2BBE.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\WT8C7C.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\WT8CBF.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\Excel8.0
C:\Documents and Settings\Vincent\Local Settings\Temp\hsperfdata_Vincent
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxgroups
C:\Documents and Settings\Vincent\Local Settings\Temp\OIS
C:\Documents and Settings\Vincent\Local Settings\Temp\svg5k.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\VBE
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\_iu14D2N.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\_iu14D2O.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\_iu14D2P.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\_TinDel.exe
C:\Documents and Settings\Vincent\Local Settings\Temp\AC6A2E.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\chapters.csv
C:\Documents and Settings\Vincent\Local Settings\Temp\dvdinfo.dat
C:\Documents and Settings\Vincent\Local Settings\Temp\etilqs_4oSQCJty7cHviBsudza0
C:\Documents and Settings\Vincent\Local Settings\Temp\GLB1A2B.EXE
C:\Documents and Settings\Vincent\Local Settings\Temp\hb_encode_log.dat
C:\Documents and Settings\Vincent\Local Settings\Temp\mgx3rdlogos.bmp
C:\Documents and Settings\Vincent\Local Settings\Temp\mgx3rdlogos.ini
Dossiers : 12
Fichiers : 133
Processus Mémoire analysés : 0
Archives : 15
Fichiers enpaquetés : 4
Virus trouvés : 2
Fichiers infectés : 2
Processus Mémoire infectés : 0
Fichiers suspects : 0
Alertes : 0
Fichiers désinfectés : 0
Fichiers effacés : 0
Fichiers déplacés : 0
Erreurs I/O : 1
Temps d'analyse :=00:00:24
Fichiers/seconde :5
Définitions virus : 1819296
Plugins d'analyse : 16
Plugins archives : 43
Plug-ins décompression : 7
Plug-ins messagerie : 6
Plug-ins système : 4
Options d'analyse
Détection
[ ] Analyser le secteur de boot
[ ] Processus mémoire
[X] Analyser les archives
[X] Analyser les fichiers enpaquetés
[X] Analyser la messagerie
Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;
Action
Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action
Seconde action
[ ] Ignorer
[ ] Effacer
[X] Mettre en quarantaine
[ ] Demander l'action
Options d'analyse
[X] Activer les alertes
[X] Activer l'heuristique
[X] Afficher tous les fichiers dans le journal
[X] Fichier journal: C:\Documents and Settings\Vincent\Application Data\BitDefender\Desktop\Profiles\Logs\contextual\1222586984.log
Options d'analyse Spyware
[X] Analyse contre les risques non-viraux
[ ] Ecarter de l'analyse les dialers et les applications
[ ] Clés de registres
[ ] Cookies
Résumé:
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Infecté: Trojan.Spy.Goldun.NDO
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Désinfection impossible
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Déplacement impossible
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Infecté: Trojan.Spy.Goldun.NDO
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Désinfection impossible
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Déplacement impossible
Fichiers analysés
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxfonts.exe OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxfonts.exe=>(zlib o) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxmbkgstd.bmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\Microsoft Office 2003 Setup(0001).txt OK
C:\Documents and Settings\Vincent\Local Settings\Temp\Microsoft Office 2003 Setup(0001)_Task(0001).txt OK
C:\Documents and Settings\Vincent\Local Settings\Temp\Microsoft Office 2003 Setup(0001)_Task(0001).txt=>(unicode) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\MSId2e5d.LOG OK
C:\Documents and Settings\Vincent\Local Settings\Temp\MSId2e5d.LOG=>(unicode) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>(message body) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Infecté: Trojan.Spy.Goldun.NDO
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Désinfection impossible
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Déplacement impossible
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1 OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>(message body) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Infecté: Trojan.Spy.Goldun.NDO
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Désinfection impossible
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Déplacement impossible
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nscopy.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nscopy.tmp=>(message 0) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nscopy.tmp=>(message 0)=>[Subject: Re: Presentation Kick Off Q3 Part 2][Date: Tue, 16 Sep 2008 09:49:58 +0200]=>(message body) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail.eml OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail.eml=>[Subject: Re: Presentation Kick Off Q3 Part 2][Date: Tue, 16 Sep 2008 09:48:21 +0200]=>(message body) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail.html OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-1.eml OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-1.eml=>[Subject: Re: Presentation Kick Off Q3 Part 2][Date: Tue, 16 Sep 2008 09:49:58 +0200]=>(message body) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-1.html OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-1.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-2.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-3.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-4.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-5.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-6.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-7.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-8.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-9.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-10.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-11.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\offcln11.log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\redist.log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\SetupExe(2008092215550735B0).log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\SetupExe(2008092216072637D4).log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\unwise.exe OK
C:\Documents and Settings\Vincent\Local Settings\Temp\UserInfoSetup(2008092215550935B0).log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\UserInfoSetup(2008092216072837D4).log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WCESCOMM.LOG OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WCESLog.log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WcesView.log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WT2AA4.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WT2BBE.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WT8C7C.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WT8CBF.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\Excel8.0 OK
C:\Documents and Settings\Vincent\Local Settings\Temp\hsperfdata_Vincent OK
C:\Documents and Settings\Vincent\Local Settings\Temp\hsperfdata_Vincent\13212 OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxgroups OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxgroups\Videodeluxe0708_e-version OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxgroups\Videodeluxe0708_e-version\F OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxgroups\Videodeluxe0708_e-version\F\groups.ini OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxgroups\Videodeluxe0708_e-version\F\groups_default.ini OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxgroups\Videodeluxe0708_e-version\F\groups_language.ini OK
C:\Documents and Settings\Vincent\Local Settings\Temp\OIS OK
C:\Documents and Settings\Vincent\Local Settings\Temp\OIS\cacheFiles OK
C:\Documents and Settings\Vincent\Local Settings\Temp\OIS\temp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\svg5k.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\VBE OK
C:\Documents and Settings\Vincent\Local Settings\Temp\VBE\MSForms.exd OK
C:\Documents and Settings\Vincent\Local Settings\Temp\VBE\RefEdit.exd OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\burnlib.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\CddbLangFR.dll OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\dsp_sps.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\enc_aacplus.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\enc_flac.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\enc_lame.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\enc_vorbis.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\enc_wav.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\enc_wma.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\freeform OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\freeform\Wasabi.xml OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\freeform\Wasabi.xml=>(unicode) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\gen_crasher.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\gen_ff.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\gen_hotkeys.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\gen_ml.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\gen_tray.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_cdda.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_dshow.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_flac.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_linein.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_midi.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_mod.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_mp3.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_mp4.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_nsv.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_vorbis.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_wave.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_wm.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\jtfe_auto.ini OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_bookmarks.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_dash.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_disc.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_history.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_local.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_nowplaying.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_online.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_orb.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_playlists.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_plg.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_pmp.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_rg.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_transcode.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_wire.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\out_disk.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\out_ds.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\out_wave.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\pmp_activesync.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\pmp_ipod.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\pmp_njb.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\pmp_p4s.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\pmp_usb.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\tagz.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\vis_avs.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\vis_milk.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\vis_nsfs.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\winamp.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\_iu14D2N.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\_iu14D2O.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\_iu14D2P.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\_TinDel.exe OK
C:\Documents and Settings\Vincent\Local Settings\Temp\AC6A2E.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\AC6A2E.tmp=>(REMOVED_NULLS) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\chapters.csv OK
C:\Documents and Settings\Vincent\Local Settings\Temp\dvdinfo.dat OK
C:\Documents and Settings\Vincent\Local Settings\Temp\etilqs_4oSQCJty7cHviBsudza0 OK
C:\Documents and Settings\Vincent\Local Settings\Temp\GLB1A2B.EXE OK
C:\Documents and Settings\Vincent\Local Settings\Temp\hb_encode_log.dat OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgx3rdlogos.bmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgx3rdlogos.ini OK
après avoir commencé la procédure Méthode préliminaire de désinfection
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 12:44 2008-09-28
+ Résultat de l'analyse:
C:\Documents and Settings\Vincent\Bureau\Programmes et driver\Bagle\ELIBAGLA.%D8I%D8EB%D8%D8H.EXE -> Heuristic.Win32.AVKiller : Ignoré.
Fin du rapport
Puis le Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33, on 2008-09-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Lancement Application Fax.lnk = C:\Program Files\Alliance MCA\SafeFax\faxtray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D54A1DA5-4DB0-49F2-B31C-9D4AFD2F2838}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Pouvez vous m'aider svp
J'ai laissé un message non traité il y a quelques jours d'une infection par backdoor agent AOU, ce matin mon bitdefender m'a détecté un trojan spy goldun. J'ai essayé de suivre la procédure là:
http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr
Mais au moment de scanner on line (étape3), le bit defender on line a désinstallé mon bitdefender, et n'a pas fonctionné. Je ne peux réinstaller mon bitdefender car j'ai un message d'erreur concernant "smss.exe" ou un fichier ayant smss dans le nom. (Je crois que c'est parce que je suis allé sur le site avec Mozilla et qu'il ne m'a pas affiché la page avec le scanner et que j'ai téléchargé une nouvelle version "free" de bitfender qui a désinstallé la mienne, car lorsque j'y suis allé avec ie, je m'aperçois que j'ai une autre page qui s'affiche. De toute manière le scan ne fonctionne pas et me propose la page de résolution de pb en anglais)
Je ne peux non plus éradiquer les fichiers incriminés qui sont newmsg et newmsg_1 dans le temp de localsetting. J'ai essayé Trend Micro scan en ligne d'antivirus qui m'a marqué une série d'erreurs, je n'ai pu en noter que deux mais apparemment, il a détecté un WORM SQLP1434.A (à moins qu'il s'agisse d'un autre nom d'un des virus déjà cités) en rapport avec Microsoft SQL Server 2000 & Microsoft Desktop Engine (MSDE) 2000.
Voici les différents rapports dont je dispose:
Le bitdefender initial qui détecte le trojan:
Produit BitDefender Antivirus Plus v10
// Produit 10.2
//
// Créé le: 28/09/2008 09:29:44
//
//-----------------------------------------------------------------
Statistiques
Chemin cible: C:\Documents and Settings\Vincent\Local Settings\Temp\mgxfonts.exe
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxmbkgstd.bmp
C:\Documents and Settings\Vincent\Local Settings\Temp\Microsoft Office 2003 Setup(0001).txt
C:\Documents and Settings\Vincent\Local Settings\Temp\Microsoft Office 2003 Setup(0001)_Task(0001).txt
C:\Documents and Settings\Vincent\Local Settings\Temp\MSId2e5d.LOG
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1
C:\Documents and Settings\Vincent\Local Settings\Temp\nscopy.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail.eml
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail.html
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-1.eml
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-1.html
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-1.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-2.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-3.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-4.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-5.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-6.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-7.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-8.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-9.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-10.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-11.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\offcln11.log
C:\Documents and Settings\Vincent\Local Settings\Temp\redist.log
C:\Documents and Settings\Vincent\Local Settings\Temp\SetupExe(2008092215550735B0).log
C:\Documents and Settings\Vincent\Local Settings\Temp\SetupExe(2008092216072637D4).log
C:\Documents and Settings\Vincent\Local Settings\Temp\unwise.exe
C:\Documents and Settings\Vincent\Local Settings\Temp\UserInfoSetup(2008092215550935B0).log
C:\Documents and Settings\Vincent\Local Settings\Temp\UserInfoSetup(2008092216072837D4).log
C:\Documents and Settings\Vincent\Local Settings\Temp\WCESCOMM.LOG
C:\Documents and Settings\Vincent\Local Settings\Temp\WCESLog.log
C:\Documents and Settings\Vincent\Local Settings\Temp\WcesView.log
C:\Documents and Settings\Vincent\Local Settings\Temp\WT2AA4.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\WT2BBE.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\WT8C7C.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\WT8CBF.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\Excel8.0
C:\Documents and Settings\Vincent\Local Settings\Temp\hsperfdata_Vincent
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxgroups
C:\Documents and Settings\Vincent\Local Settings\Temp\OIS
C:\Documents and Settings\Vincent\Local Settings\Temp\svg5k.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\VBE
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\_iu14D2N.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\_iu14D2O.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\_iu14D2P.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\_TinDel.exe
C:\Documents and Settings\Vincent\Local Settings\Temp\AC6A2E.tmp
C:\Documents and Settings\Vincent\Local Settings\Temp\chapters.csv
C:\Documents and Settings\Vincent\Local Settings\Temp\dvdinfo.dat
C:\Documents and Settings\Vincent\Local Settings\Temp\etilqs_4oSQCJty7cHviBsudza0
C:\Documents and Settings\Vincent\Local Settings\Temp\GLB1A2B.EXE
C:\Documents and Settings\Vincent\Local Settings\Temp\hb_encode_log.dat
C:\Documents and Settings\Vincent\Local Settings\Temp\mgx3rdlogos.bmp
C:\Documents and Settings\Vincent\Local Settings\Temp\mgx3rdlogos.ini
Dossiers : 12
Fichiers : 133
Processus Mémoire analysés : 0
Archives : 15
Fichiers enpaquetés : 4
Virus trouvés : 2
Fichiers infectés : 2
Processus Mémoire infectés : 0
Fichiers suspects : 0
Alertes : 0
Fichiers désinfectés : 0
Fichiers effacés : 0
Fichiers déplacés : 0
Erreurs I/O : 1
Temps d'analyse :=00:00:24
Fichiers/seconde :5
Définitions virus : 1819296
Plugins d'analyse : 16
Plugins archives : 43
Plug-ins décompression : 7
Plug-ins messagerie : 6
Plug-ins système : 4
Options d'analyse
Détection
[ ] Analyser le secteur de boot
[ ] Processus mémoire
[X] Analyser les archives
[X] Analyser les fichiers enpaquetés
[X] Analyser la messagerie
Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;
Action
Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action
Seconde action
[ ] Ignorer
[ ] Effacer
[X] Mettre en quarantaine
[ ] Demander l'action
Options d'analyse
[X] Activer les alertes
[X] Activer l'heuristique
[X] Afficher tous les fichiers dans le journal
[X] Fichier journal: C:\Documents and Settings\Vincent\Application Data\BitDefender\Desktop\Profiles\Logs\contextual\1222586984.log
Options d'analyse Spyware
[X] Analyse contre les risques non-viraux
[ ] Ecarter de l'analyse les dialers et les applications
[ ] Clés de registres
[ ] Cookies
Résumé:
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Infecté: Trojan.Spy.Goldun.NDO
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Désinfection impossible
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Déplacement impossible
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Infecté: Trojan.Spy.Goldun.NDO
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Désinfection impossible
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Déplacement impossible
Fichiers analysés
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxfonts.exe OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxfonts.exe=>(zlib o) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxmbkgstd.bmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\Microsoft Office 2003 Setup(0001).txt OK
C:\Documents and Settings\Vincent\Local Settings\Temp\Microsoft Office 2003 Setup(0001)_Task(0001).txt OK
C:\Documents and Settings\Vincent\Local Settings\Temp\Microsoft Office 2003 Setup(0001)_Task(0001).txt=>(unicode) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\MSId2e5d.LOG OK
C:\Documents and Settings\Vincent\Local Settings\Temp\MSId2e5d.LOG=>(unicode) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>(message body) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Infecté: Trojan.Spy.Goldun.NDO
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Désinfection impossible
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Déplacement impossible
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1 OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>(message body) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip OK
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Infecté: Trojan.Spy.Goldun.NDO
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Désinfection impossible
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part)=>user-EA49943X-activities.zip=>user-EA49943X-activities.exe Déplacement impossible
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1=>(message 0)=>[Subject: Your internet access is going to get s][Date: Sat, 27 Sep 2008 21:51:45 +0000 ]=>(MIME part) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nscopy.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nscopy.tmp=>(message 0) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nscopy.tmp=>(message 0)=>[Subject: Re: Presentation Kick Off Q3 Part 2][Date: Tue, 16 Sep 2008 09:49:58 +0200]=>(message body) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail.eml OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail.eml=>[Subject: Re: Presentation Kick Off Q3 Part 2][Date: Tue, 16 Sep 2008 09:48:21 +0200]=>(message body) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail.html OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-1.eml OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-1.eml=>[Subject: Re: Presentation Kick Off Q3 Part 2][Date: Tue, 16 Sep 2008 09:49:58 +0200]=>(message body) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-1.html OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-1.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-2.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-3.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-4.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-5.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-6.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-7.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-8.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-9.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-10.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail-11.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\nsmail.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\offcln11.log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\redist.log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\SetupExe(2008092215550735B0).log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\SetupExe(2008092216072637D4).log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\unwise.exe OK
C:\Documents and Settings\Vincent\Local Settings\Temp\UserInfoSetup(2008092215550935B0).log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\UserInfoSetup(2008092216072837D4).log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WCESCOMM.LOG OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WCESLog.log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WcesView.log OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WT2AA4.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WT2BBE.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WT8C7C.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WT8CBF.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\Excel8.0 OK
C:\Documents and Settings\Vincent\Local Settings\Temp\hsperfdata_Vincent OK
C:\Documents and Settings\Vincent\Local Settings\Temp\hsperfdata_Vincent\13212 OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxgroups OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxgroups\Videodeluxe0708_e-version OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxgroups\Videodeluxe0708_e-version\F OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxgroups\Videodeluxe0708_e-version\F\groups.ini OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxgroups\Videodeluxe0708_e-version\F\groups_default.ini OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgxgroups\Videodeluxe0708_e-version\F\groups_language.ini OK
C:\Documents and Settings\Vincent\Local Settings\Temp\OIS OK
C:\Documents and Settings\Vincent\Local Settings\Temp\OIS\cacheFiles OK
C:\Documents and Settings\Vincent\Local Settings\Temp\OIS\temp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\svg5k.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\VBE OK
C:\Documents and Settings\Vincent\Local Settings\Temp\VBE\MSForms.exd OK
C:\Documents and Settings\Vincent\Local Settings\Temp\VBE\RefEdit.exd OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\burnlib.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\CddbLangFR.dll OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\dsp_sps.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\enc_aacplus.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\enc_flac.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\enc_lame.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\enc_vorbis.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\enc_wav.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\enc_wma.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\freeform OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\freeform\Wasabi.xml OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\freeform\Wasabi.xml=>(unicode) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\gen_crasher.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\gen_ff.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\gen_hotkeys.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\gen_ml.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\gen_tray.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_cdda.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_dshow.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_flac.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_linein.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_midi.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_mod.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_mp3.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_mp4.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_nsv.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_vorbis.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_wave.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\in_wm.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\jtfe_auto.ini OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_bookmarks.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_dash.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_disc.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_history.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_local.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_nowplaying.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_online.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_orb.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_playlists.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_plg.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_pmp.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_rg.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_transcode.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\ml_wire.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\out_disk.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\out_ds.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\out_wave.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\pmp_activesync.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\pmp_ipod.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\pmp_njb.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\pmp_p4s.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\pmp_usb.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\tagz.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\vis_avs.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\vis_milk.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\vis_nsfs.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\WLZFC5E.tmp\winamp.lng OK
C:\Documents and Settings\Vincent\Local Settings\Temp\_iu14D2N.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\_iu14D2O.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\_iu14D2P.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\_TinDel.exe OK
C:\Documents and Settings\Vincent\Local Settings\Temp\AC6A2E.tmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\AC6A2E.tmp=>(REMOVED_NULLS) OK
C:\Documents and Settings\Vincent\Local Settings\Temp\chapters.csv OK
C:\Documents and Settings\Vincent\Local Settings\Temp\dvdinfo.dat OK
C:\Documents and Settings\Vincent\Local Settings\Temp\etilqs_4oSQCJty7cHviBsudza0 OK
C:\Documents and Settings\Vincent\Local Settings\Temp\GLB1A2B.EXE OK
C:\Documents and Settings\Vincent\Local Settings\Temp\hb_encode_log.dat OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgx3rdlogos.bmp OK
C:\Documents and Settings\Vincent\Local Settings\Temp\mgx3rdlogos.ini OK
après avoir commencé la procédure Méthode préliminaire de désinfection
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 12:44 2008-09-28
+ Résultat de l'analyse:
C:\Documents and Settings\Vincent\Bureau\Programmes et driver\Bagle\ELIBAGLA.%D8I%D8EB%D8%D8H.EXE -> Heuristic.Win32.AVKiller : Ignoré.
Fin du rapport
Puis le Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33, on 2008-09-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Lancement Application Fax.lnk = C:\Program Files\Alliance MCA\SafeFax\faxtray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D54A1DA5-4DB0-49F2-B31C-9D4AFD2F2838}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:
- Infection par backdoor et trojan spy goldun
- Spy bot - Télécharger - Antivirus & Antimalwares
- Spy sweeper - Télécharger - Antivirus & Antimalwares
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan sms-par google - Accueil - Messagerie instantanée
- Anti trojan - Télécharger - Antivirus & Antimalwares
5 réponses
dans les options
clique sur avancé
c'est le premier que tu dois décocher
clique sur avancé
c'est le premier que tu dois décocher
jlpjlp
Messages postés
52399
Statut
Contributeur sécurité
5 040
merci chimay8 j'avais oublié de mettre avancé
slt,
nettoie ton ordi avec ccleaner et vire les fichiers temporaires (dans les options decocher: effacer uniquement les fihcers de plus de 48h)
https://www.malekal.com/tutoriel-ccleaner/
________________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____________________
vire ce qui est dans le dossier MOVED FILES en allant dans psote de travail puis C puis OTMOVIT
_____________________
recolle un rapport bitdefender
nettoie ton ordi avec ccleaner et vire les fichiers temporaires (dans les options decocher: effacer uniquement les fihcers de plus de 48h)
https://www.malekal.com/tutoriel-ccleaner/
________________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____________________
vire ce qui est dans le dossier MOVED FILES en allant dans psote de travail puis C puis OTMOVIT
_____________________
recolle un rapport bitdefender
J'ai voulu suivre tes indic, mais sur CCleaner, je trouve pas l'option a decocher "- de 48", j'ai fais un passage avec les "fichiers temporaires" de "Système"
Pour ottmoveit, c'est ok, voilà le rapport:
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg moved successfully.
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1 moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09282008_202623
Ok, ensuite ?
Pour ottmoveit, c'est ok, voilà le rapport:
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg moved successfully.
C:\Documents and Settings\Vincent\Local Settings\Temp\newmsg-1 moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09282008_202623
Ok, ensuite ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question