Se connecter / S'enregistrer
Votre question
Fermé

Suite des gros problème de mon PC

Tags :
  • Sécurité
16 Mai 2008 08:39:54

bonjour

suite a mes problemes d'hier et après les conseils d'angeldark voici ou j'en suis aujourd'hui .
mon pc est trés lent au démarrage , les mises a jours automatique sont desactivées ; mon antivirus ( avast ) a disparu de la barre des taches ; des fenêtres d'avertissement et de pub s'ouvre inopinement sur internet . bref je pense qu'il y a encore des intrus .
voici ci dessous les rapports suite a intervention d'Angeldark.
merci de continuer a m'aider .

voici le rapport Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:32, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [747af360] rundll32.exe "C:\WINDOWS\system32\nwcfqqmx.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6934BABA-2F14-49DF-979C-F36B4D34FCEF}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10556 bytes


Angeldark



Profil : Helper
Plus d'informations
Age : 16 ans
Sexe : Homme
Messages : 45859
Inscription : Mar 29 Dec, 2005
Lieu : Paris
15-05-2008 à 15:46:45 Masquer Mettre un favori sur cette position pour y revenir plus tard Prévenir les modérateurs en cas d'abus Retirer de la liste des messages cités Ajouter à la liste des messages cités Répondre à ce message Voir le bbcode | - 0 +
Bonjour,

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !


Télécharge ComboFix (sUBs) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

---------------
Prévention & Protection|Les logiciels gratuits

MR942
Online
Profil : IDNaute
Plus d'informations
Age : 44 ans
Sexe : Homme
Messages : 58
Inscription : Ven 08 Sep, 2006
Lieu : ALLAUCH
15-05-2008 à 18:32:25 Masquer Mettre un favori sur cette position pour y revenir plus tard Prévenir les modérateurs en cas d'abus Retirer de la liste des messages cités Ajouter à la liste des messages cités Répondre à ce message Edition rapide Editer le message Voir le bbcode | - 0 +
voici le rapport demandé.
note qu'au redémarrage de windows , il y a MALWARRIOR qui s'est lancé .
j'ai fait fin de tache pour le fermer et combofix a continuer a travailler et voici le rapport

ComboFix 08-05-12.1 - MICHEL 2008-05-15 18:09:01.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.961 [GMT 2:00]
Endroit: C:\Documents and Settings\MICHEL\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\MICHEL\Application Data\inst.exe
C:\RECYCLER\mxfilerelatedcache.mxc2
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\BcMWDJjl.ini
C:\WINDOWS\system32\BcMWDJjl.ini2
C:\WINDOWS\system32\FNmVutwa.ini
C:\WINDOWS\system32\FNmVutwa.ini2
C:\WINDOWS\system32\gxynbkao.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pVEgNXyb.ini
C:\WINDOWS\system32\pVEgNXyb.ini2
C:\WINDOWS\system32\sDddgMoq.ini
C:\WINDOWS\system32\sDddgMoq.ini2
C:\WINDOWS\system32\xmqqfcwn.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

2008-05-15 14:11 . 2008-05-15 14:11 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 13:31 . 2008-05-15 13:31 91,776 --a------ C:\WINDOWS\system32\nwcfqqmx.dll
2008-05-15 13:30 . 2008-05-15 13:30 318,848 --a------ C:\WINDOWS\system32\ljJDWMcB.dll
2008-05-15 12:30 . 2008-05-15 12:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-14 17:13 . 2008-05-14 17:13 <REP> d-------- C:\Program Files\AbsoluteTransfer
2008-05-14 11:26 . 2008-05-15 12:28 530 --a------ C:\WINDOWS\wininit.ini
2008-05-14 10:38 . 2008-05-14 10:38 28,800 --a------ C:\WINDOWS\system32\ddcYpNHy.dll
2008-05-14 10:36 . 2008-05-14 00:46 274,432 --a------ C:\WINDOWS\mpfanvqg.dll
2008-05-14 10:35 . 2008-05-14 10:35 28,800 --a------ C:\WINDOWS\system32\fccaXRhe.dll
2008-05-14 10:34 . 2008-05-14 10:34 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-04 18:41 . 2008-05-04 18:41 <REP> d--hs---- C:\found.000
2008-04-30 13:36 . 2004-08-04 08:09 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2008-04-30 13:36 . 2004-08-04 08:09 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-04-30 13:36 . 2004-08-04 08:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-04-30 13:36 . 2004-08-04 08:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-04-30 13:36 . 2004-08-04 08:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2008-04-30 13:36 . 2004-08-04 08:10 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2008-04-30 13:28 . 2004-08-04 08:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-30 13:28 . 2004-08-04 08:10 61,056 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-04-30 13:28 . 2004-08-04 08:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-30 13:28 . 2004-08-04 08:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2008-04-30 13:28 . 2001-08-17 21:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-30 13:28 . 2001-08-17 21:46 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys
2008-04-30 11:00 . 2003-02-12 18:39 34,978 --a------ C:\WINDOWS\system32\drivers\SMBios.sys
2008-04-19 14:43 . 2008-04-19 14:43 <REP> d-------- C:\Documents and Settings\MICHEL\Application Data\Samsung

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 12:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-14 14:33 --------- d-----w C:\Program Files\adslTV
2008-05-14 08:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 07:32 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-14 07:29 --------- d-----w C:\Documents and Settings\MICHEL\Application Data\AdobeUM
2008-05-08 19:22 --------- d-----w C:\Program Files\eMule
2008-05-04 09:56 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-19 12:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 12:41 --------- d-----w C:\Program Files\Samsung
2008-04-15 20:32 --------- d-----w C:\Program Files\HomePlayer1.5.1.2
2008-04-10 13:48 --------- d-----w C:\Documents and Settings\MICHEL\Application Data\Vso
2008-04-09 08:32 --------- d-----w C:\Documents and Settings\MICHEL\Application Data\MAGIX
2008-04-09 08:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\FREEDB
2008-04-08 13:49 16 ---ha-w C:\Program Files\mxfilerelatedcache.mxc2
2008-04-08 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 11:49 108,768 ----a-w C:\WINDOWS\system32\drivers\ACEDRV08.sys
2008-03-20 11:45 --------- d-----w C:\Program Files\Fichiers communs\MAGIX Shared
2008-03-20 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 19:10 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-15 19:10 47,360 ----a-w C:\Documents and Settings\MICHEL\Application Data\pcouffin.sys
2008-03-15 15:43 --------- d-----w C:\Documents and Settings\MICHEL\Application Data\ma-config.com
2008-03-15 15:40 --------- d-----w C:\Documents and Settings\MICHEL\Application Data\Cuttermaran(2)
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

------- Sigcheck -------

2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-30 14:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-20 01:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-20 01:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{039813F8-40FA-4D72-9FFB-5D4803B52D78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]
2008-03-27 15:43 247296 --a------ C:\Program Files\AbsoluteTransfer\AbsoluteTransfer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{240A2128-ACD4-4124-87AF-527124CAAC38}]
2008-05-14 10:35 28800 --a------ C:\WINDOWS\system32\fccaXRhe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{294FA13E-A8A1-4EE8-B9D1-C2D1436460A2}]
2008-05-15 18:22 318336 --a------ C:\WINDOWS\system32\jkkLFuSk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{346A7709-47F1-491F-BA0D-4F85334FD013}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61A3204D-FF60-464B-8D46-6558C6A26D74}]
2008-05-15 13:30 318848 --a------ C:\WINDOWS\system32\ljJDWMcB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF9989E4-55F4-4391-BC4A-6DBFEC8584AB}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 14:38 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-07-16 11:36 200747]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [2008-05-15 12:38 1025536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 13:48 1388544]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-21 14:31 7561216]
"nwiz"="nwiz.exe" [2006-03-21 14:31 1519616 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvMediaCenter"="NvMCTray.dll" [2006-03-21 14:31 86016 C:\WINDOWS\system32\nvmctray.dll]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-02-09 14:45 90112]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"combofix"="C:\WINDOWS\system32\CF4120.exe" [2004-08-20 01:09 428032]
"747af360"="C:\WINDOWS\system32\opfyfffm.dll" [2008-05-15 18:25 91264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{240A2128-ACD4-4124-87AF-527124CAAC38}"= C:\WINDOWS\system32\fccaXRhe.dll [2008-05-14 10:35 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaXRhe]
fccaXRhe.dll 2008-05-14 10:35 28800 C:\WINDOWS\system32\fccaXRhe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkkLFuSk

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\adslTV\\adslTV.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\adslTV\\vlc.exe"=
"C:\\Program Files\\Freeplayer\\fbx-playlist.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\POWERPNT.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"C:\\Program Files\\Adobe\\Photoshop Elements 3.0\\Photoshop Elements 3.0.exe"=
"C:\\Program Files\\HomePlayer1.5.1.2\\HomePlayer.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 ACEDRV08;ACEDRV08;C:\WINDOWS\system32\drivers\ACEDRV08.sys [2008-03-20 13:49]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-12 04:47]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-12 03:40]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 19:52]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-11-22 19:04]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-11-22 19:04]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-12 10:00:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 18:18:43
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\WINDOWS\system32\kSuFLkkj.ini 344 bytes
C:\WINDOWS\system32\kSuFLkkj.ini2 344 bytes
C:\Documents and Settings\MICHEL\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1143 bytes hidden from API

Scan termin‚ avec succŠs
Les fichiers cach‚s: 3

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\fccaXRhe.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 18:28:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 16:27:58

Pre-Run: 30,112,829,440 octets libres
Post-Run: 30,198,243,328 octets libres

255 --- E O F --- 2008-05-14 08:05:13


Angeldark



Profil : Helper
Plus d'informations
Age : 16 ans
Sexe : Homme
Messages : 45859
Inscription : Mar 29 Dec, 2005
Lieu : Paris
15-05-2008 à 18:46:36 Masquer Mettre un favori sur cette position pour y revenir plus tard Prévenir les modérateurs en cas d'abus Retirer de la liste des messages cités Ajouter à la liste des messages cités Répondre à ce message Voir le bbcode | - 0 +
Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec


Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

---------------
Prévention & Protection|Les logiciels gratuits

MR942
Online
Profil : IDNaute
Plus d'informations
Age : 44 ans
Sexe : Homme
Messages : 58
Inscription : Ven 08 Sep, 2006
Lieu : ALLAUCH
15-05-2008 à 20:58:23 Masquer Mettre un favori sur cette position pour y revenir plus tard Prévenir les modérateurs en cas d'abus Retirer de la liste des messages cités Ajouter à la liste des messages cités Répondre à ce message Edition rapide Editer le message Voir le bbcode | - 0 +
voici le rapport Malwarebyte's .

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 752

Type de recherche: Examen complet (C:\|)
Eléments examinés: 130508
Temps écoulé: 1 hour(s), 41 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\jkkLFuSk.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\fccaXRhe.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7091f617-443d-4d84-b508-2872859a7db4} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7091f617-443d-4d84-b508-2872859a7db4} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\absolutetransfer.absolutetransfer (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\absolutetransfer.absolutetransfer.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{61a3204d-ff60-464b-8d46-6558c6a26d74} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61a3204d-ff60-464b-8d46-6558c6a26d74} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{240a2128-acd4-4124-87af-527124caac38} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{240a2128-acd4-4124-87af-527124caac38} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaxrhe (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\747af360 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MalWarrior (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TacOnlyOne\MalWarrior (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{240a2128-acd4-4124-87af-527124caac38} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkklfusk -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkklfusk -> Delete on reboot.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\jkkLFuSk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kSuFLkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kSuFLkkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opfyfffm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mfffyfpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\AbsoluteTransfer\AbsoluteTransfer.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8678E3DF-0B6A-4D4B-8945-A7754986883B}\RP815\A0221395.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8678E3DF-0B6A-4D4B-8945-A7754986883B}\RP815\A0221396.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\BASE\vbase.tmp (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080515123828609.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080515132710906.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080515140230906.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080515152637156.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080515172050859.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080515181827281.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080515185602093.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcYpNHy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJDWMcB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccaXRhe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\mpfanvqg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.


Autres pages sur : suite gros probleme

Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS