Hello,
Yes, ça va mieux!!!j'ai suivi ton tuto, je pense qu'il y a déjà eu un bon nettoyage. J'ai lancé mes deux navigateurs, pas de fenêtres intempestives depuis 10 min, ni de redirection. ça fait du bien au moral!!! Petit bémol, je ne peux toujours pas redémarrer en mode sans échec, status quo.
Les fenêtres d'erreur d'images ont disparu! youhouhou!
Je sais pas si cela peu aider mais AVG a détecté un cheval de troie, décrit comme : C:\Windows\system32\Sipaneya.dll BHO.GPT.
Quant à LopSD, il n'a rien détecté.
Encore merci pour ta précieuse aide.
Je te poste les logs demandés.
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.86GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : chaton ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:52 Go (Free:14 Go)
D:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 11/12/2008|21:19 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\chaton\APPLIC~1\blah1~1\Base extra 32.exe
Supprime! - C:\DOCUME~1\chaton\APPLIC~1\blah1~1\cafwwxip.exe
Supprime! - C:\DOCUME~1\chaton\APPLIC~1\blah1~1\Trayflaw.exe
Supprime! - C:\DOCUME~1\chaton\MENUDM~1\PROGRA~1\DivoCodec\DivoCodec.lnk
Supprime! - C:\DOCUME~1\chaton\MENUDM~1\PROGRA~1\DivoCodec\HomePage.lnk
Supprime! - C:\DOCUME~1\chaton\MENUDM~1\PROGRA~1\DivoCodec\Uninstall.lnk
Supprime! - C:\DOCUME~1\chaton\Cookies\chaton@advertising.marketnetwork[2].txt
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO
Supprime! - C:\DOCUME~1\chaton\APPLIC~1\blah1~1
Supprime! - C:\Program Files\blah1~1
Supprime! - C:\DOCUME~1\chaton\MENUDM~1\PROGRA~1\DivoCodec
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[19/08/2004|13:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[11/07/2005|18:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
[11/07/2005|19:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
[20/10/2008|08:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[11/07/2005|18:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[11/07/2005|19:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[04/11/2007|23:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[23/04/2008|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/04/2006|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[20/05/2006|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/12/2008|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[26/11/2008|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[04/10/2005|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
[04/02/2008|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Citrix
[20/11/2008|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ExtraFilm
[21/10/2008|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fcbwhspc
[23/04/2008|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[11/07/2005|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[11/07/2005|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[09/12/2008|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[12/04/2006|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[21/10/2008|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[19/08/2004|13:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[03/10/2007|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Minnetonka Audio Software
[24/09/2005|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[11/11/2007|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
[19/08/2004|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[04/10/2005|13:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[23/04/2008|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[11/11/2007|18:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[10/12/2008|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/10/2008|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[31/07/2006|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[20/10/2008|22:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yhcvyluv
[18/06/2006|18:52] C:\DOCUME~1\chaton\APPLIC~1\ACD Systems
[23/04/2008|19:21] C:\DOCUME~1\chaton\APPLIC~1\Adobe
[21/05/2006|11:40] C:\DOCUME~1\chaton\APPLIC~1\Apple Computer
[26/07/2005|10:31] C:\DOCUME~1\chaton\APPLIC~1\Arcsoft
[26/11/2008|23:07] C:\DOCUME~1\chaton\APPLIC~1\Azureus
[05/10/2005|13:46] C:\DOCUME~1\chaton\APPLIC~1\Brother
[20/07/2005|05:35] C:\DOCUME~1\chaton\APPLIC~1\CyberLink
[29/10/2008|11:15] C:\DOCUME~1\chaton\APPLIC~1\DivX
[13/10/2007|15:54] C:\DOCUME~1\chaton\APPLIC~1\EFC
[02/05/2006|11:01] C:\DOCUME~1\chaton\APPLIC~1\Elaborate Bytes
[20/11/2008|10:21] C:\DOCUME~1\chaton\APPLIC~1\ExtraFilm
[24/09/2005|10:30] C:\DOCUME~1\chaton\APPLIC~1\FotoWire
[05/09/2006|21:07] C:\DOCUME~1\chaton\APPLIC~1\Google
[22/10/2008|09:34] C:\DOCUME~1\chaton\APPLIC~1\Help
[19/08/2004|13:24] C:\DOCUME~1\chaton\APPLIC~1\Identities
[11/07/2005|18:57] C:\DOCUME~1\chaton\APPLIC~1\Intel
[12/05/2007|14:38] C:\DOCUME~1\chaton\APPLIC~1\Jasc Software Inc
[19/07/2005|10:52] C:\DOCUME~1\chaton\APPLIC~1\Leadertech
[22/07/2005|14:16] C:\DOCUME~1\chaton\APPLIC~1\Macromedia
[21/10/2008|13:28] C:\DOCUME~1\chaton\APPLIC~1\Malwarebytes
[19/11/2008|19:44] C:\DOCUME~1\chaton\APPLIC~1\Microsoft
[26/11/2008|09:48] C:\DOCUME~1\chaton\APPLIC~1\Mozilla
[01/12/2008|19:04] C:\DOCUME~1\chaton\APPLIC~1\MSNInstaller
[24/07/2005|18:14] C:\DOCUME~1\chaton\APPLIC~1\Nikon
[09/12/2008|16:22] C:\DOCUME~1\chaton\APPLIC~1\Roxio
[03/11/2008|16:26] C:\DOCUME~1\chaton\APPLIC~1\Skype
[03/11/2008|15:00] C:\DOCUME~1\chaton\APPLIC~1\skypePM
[14/10/2007|17:03] C:\DOCUME~1\chaton\APPLIC~1\SlySoft
[19/07/2005|10:53] C:\DOCUME~1\chaton\APPLIC~1\Sonic
[11/07/2005|18:55] C:\DOCUME~1\chaton\APPLIC~1\Sun
[19/07/2005|10:39] C:\DOCUME~1\chaton\APPLIC~1\Symantec
[19/10/2008|18:24] C:\DOCUME~1\chaton\APPLIC~1\TmpRecentIcons
[26/11/2008|21:53] C:\DOCUME~1\chaton\APPLIC~1\uTorrent
[23/11/2008|22:36] C:\DOCUME~1\chaton\APPLIC~1\vlc
[23/03/2008|16:45] C:\DOCUME~1\chaton\APPLIC~1\WinRAR
[30/03/2006|12:22] C:\DOCUME~1\chaton\APPLIC~1\WIS
[19/08/2004|13:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[11/07/2005|18:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
[11/07/2005|19:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
[19/08/2004|13:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/07/2005|18:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[11/07/2005|19:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[20/10/2008|08:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[04/04/2008|19:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio
[05/03/2007|09:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec
[20/10/2008|08:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[22/07/2005|13:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[11/12/2008 11:42][--ah-----] C:\WINDOWS\tasks\AFDD967291A20756.job
[11/12/2008 21:16][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[11/12/2008 21:03][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
( AFDD967291A20756.job )=( c:\docume~1\chaton\applic~1\blah1~1\Baseextra32.exe )
--------------------\\ Listing des dossiers dans C:\Program Files
[24/11/2008|17:32] C:\Program Files\7-Zip
[26/12/2007|20:13] C:\Program Files\Abigs
[21/09/2008|13:05] C:\Program Files\Adobe
[11/07/2005|18:58] C:\Program Files\Apoint
[24/07/2005|18:09] C:\Program Files\ArcSoft
[11/07/2005|18:56] C:\Program Files\ATI Technologies
[09/04/2006|19:49] C:\Program Files\Auralog
[19/10/2008|17:08] C:\Program Files\AVG
[26/11/2008|21:03] C:\Program Files\Bit Che
[12/03/2006|08:33] C:\Program Files\BrevierPALM
[11/07/2005|18:59] C:\Program Files\Broadcom
[04/10/2005|13:53] C:\Program Files\Brother
[22/10/2008|08:41] C:\Program Files\CCleaner
[04/02/2008|11:01] C:\Program Files\Citrix
[09/12/2008|21:47] C:\Program Files\CleanUp!
[04/10/2005|13:53] C:\Program Files\Common Files
[19/08/2004|13:15] C:\Program Files\ComPlus Applications
[11/07/2005|18:42] C:\Program Files\CONEXANT
[11/07/2005|18:59] C:\Program Files\CyberLink
[11/07/2005|19:03] C:\Program Files\Dell
[11/07/2005|18:57] C:\Program Files\Digital Line Detect
[11/11/2007|18:17] C:\Program Files\DivX
[19/04/2006|13:49] C:\Program Files\Documed AG
[10/01/2007|09:45] C:\Program Files\Documents To Go
[12/04/2006|09:56] C:\Program Files\Elaborate Bytes
[11/04/2008|09:30] C:\Program Files\eMule
[23/11/2007|11:29] C:\Program Files\Extra Film Digitorder
[20/11/2008|10:21] C:\Program Files\ExtraFilm Designer EFCH French
[09/12/2008|21:42] C:\Program Files\Fichiers communs
[05/03/2007|11:03] C:\Program Files\FotoStation Easy
[18/03/2008|15:04] C:\Program Files\GeTax2005
[18/03/2008|15:05] C:\Program Files\GeTax2006
[07/02/2008|20:16] C:\Program Files\GeTaxPP2007
[25/10/2008|17:14] C:\Program Files\Google
[11/12/2008|21:10] C:\Program Files\Hijackthis Version Fran‡aise
[31/10/2008|14:14] C:\Program Files\InstallShield Installation Information
[11/07/2005|18:56] C:\Program Files\Intel
[11/07/2005|18:57] C:\Program Files\Intel, Inc
[11/11/2007|18:35] C:\Program Files\InterActual
[17/10/2008|08:44] C:\Program Files\Internet Explorer
[04/11/2007|23:08] C:\Program Files\Jasc Software Inc
[28/11/2008|20:34] C:\Program Files\Java
[09/12/2008|21:44] C:\Program Files\Lavasoft
[24/09/2005|10:29] C:\Program Files\Logitech
[10/12/2008|00:19] C:\Program Files\Malwarebytes' Anti-Malware
[21/10/2008|16:44] C:\Program Files\Messenger
[19/08/2004|13:18] C:\Program Files\microsoft frontpage
[19/11/2008|19:43] C:\Program Files\Microsoft Office
[11/07/2005|19:01] C:\Program Files\Microsoft Visual Studio
[11/07/2005|19:09] C:\Program Files\Microsoft Works
[11/07/2005|19:01] C:\Program Files\Microsoft.NET
[22/04/2008|16:28] C:\Program Files\Mindscape
[11/07/2005|18:57] C:\Program Files\Modem Helper
[21/10/2008|16:38] C:\Program Files\Movie Maker
[11/12/2008|19:45] C:\Program Files\Mozilla Firefox
[19/11/2008|19:42] C:\Program Files\MSECACHE
[01/12/2008|19:04] C:\Program Files\MSN
[19/08/2004|13:14] C:\Program Files\MSN Gaming Zone
[09/10/2007|15:54] C:\Program Files\MSN Messenger
[17/11/2006|08:51] C:\Program Files\MSXML 4.0
[21/10/2008|16:34] C:\Program Files\NetMeeting
[11/07/2005|18:57] C:\Program Files\NetWaiting
[24/07/2005|18:11] C:\Program Files\Nikon
[09/11/2007|20:19] C:\Program Files\Nouveau dossier
[19/08/2004|13:15] C:\Program Files\Online Services
[21/10/2008|16:34] C:\Program Files\Outlook Express
[22/10/2008|09:34] C:\Program Files\Palm
[20/05/2006|23:52] C:\Program Files\QuickTime
[22/10/2008|08:56] C:\Program Files\RegCleaner
[11/11/2007|18:32] C:\Program Files\Roxio
[04/10/2005|13:51] C:\Program Files\ScanSoft
[19/08/2004|13:16] C:\Program Files\Services en ligne
[11/11/2007|18:27] C:\Program Files\SightSpeed
[11/07/2005|18:43] C:\Program Files\Sigmatel
[23/04/2008|19:56] C:\Program Files\Skype
[12/04/2006|09:53] C:\Program Files\SlySoft
[04/11/2007|23:10] C:\Program Files\Sonic
[16/10/2005|15:05] C:\Program Files\Sony Corporation
[09/12/2008|21:53] C:\Program Files\Spybot - Search & Destroy
[19/08/2004|13:24] C:\Program Files\Uninstall Information
[06/11/2007|20:25] C:\Program Files\uTorrent
[23/11/2008|22:33] C:\Program Files\VideoLAN
[26/11/2008|21:45] C:\Program Files\Vuze
[04/11/2007|23:16] C:\Program Files\Windows Installer Clean Up
[23/03/2008|16:09] C:\Program Files\Windows Media Connect 2
[21/10/2008|16:34] C:\Program Files\Windows Media Player
[21/10/2008|16:34] C:\Program Files\Windows NT
[19/08/2004|13:16] C:\Program Files\WindowsUpdate
[18/03/2008|15:02] C:\Program Files\WistitiSoft
[19/08/2004|13:18] C:\Program Files\xerox
[18/03/2008|15:03] C:\Program Files\Yahoo!
[27/03/2006|14:45] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[20/11/2008|14:51] C:\Program Files\Fichiers communs\Adobe
[12/04/2006|10:05] C:\Program Files\Fichiers communs\Adobe Systems Shared
[11/07/2005|19:01] C:\Program Files\Fichiers communs\DESIGNER
[24/09/2005|10:29] C:\Program Files\Fichiers communs\FotoWire
[04/10/2005|13:53] C:\Program Files\Fichiers communs\InstallShield
[11/07/2005|18:54] C:\Program Files\Fichiers communs\Java
[24/09/2005|10:28] C:\Program Files\Fichiers communs\Logitech
[19/11/2008|19:43] C:\Program Files\Fichiers communs\Microsoft Shared
[19/08/2004|13:16] C:\Program Files\Fichiers communs\MSSoap
[16/10/2005|15:05] C:\Program Files\Fichiers communs\muvee Technologies
[05/11/2007|19:41] C:\Program Files\Fichiers communs\Nikon
[19/08/2004|13:10] C:\Program Files\Fichiers communs\ODBC
[11/11/2007|18:25] C:\Program Files\Fichiers communs\Roxio Shared
[04/10/2005|13:51] C:\Program Files\Fichiers communs\ScanSoft Shared
[19/08/2004|13:16] C:\Program Files\Fichiers communs\Services
[11/11/2007|18:22] C:\Program Files\Fichiers communs\SightSpeed
[23/04/2008|19:56] C:\Program Files\Fichiers communs\Skype
[11/11/2007|18:30] C:\Program Files\Fichiers communs\Sonic Shared
[19/08/2004|13:10] C:\Program Files\Fichiers communs\SpeechEngines
[11/11/2007|18:30] C:\Program Files\Fichiers communs\SureThing Shared
[20/10/2008|14:46] C:\Program Files\Fichiers communs\Symantec Shared
[21/10/2008|16:34] C:\Program Files\Fichiers communs\System
[11/07/2005|19:02] C:\Program Files\Fichiers communs\TiVo Shared
[09/12/2008|21:42] C:\Program Files\Fichiers communs\Wise Installation Wizard
--------------------\\ Process
( 71 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\WINDOWS\Tasks\AFDD967291A20756.job
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net Rootkit scan 2008-12-11 21:20:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv]
--------------------\\ Suspect ..
C:\WINDOWS\system32\TDSSlrvd.dat
[F:4][D:2]-> C:\DOCUME~1\chaton\LOCALS~1\Temp
[F:7][D:0]-> C:\DOCUME~1\chaton\Cookies
[F:14][D:4]-> C:\DOCUME~1\chaton\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 10/12/2008|21:54 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 11/12/2008|21:20 - Option : [2]
--------------------\\ Fin du rapport a 21:20:59
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1456
Windows 5.1.2600 Service Pack 3
10/12/2008 00:33:46
mbam-log-2008-12-10 (00-33-46).txt
Type de recherche: Examen rapide
Eléments examinés: 55321
Temps écoulé: 7 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nasiliyu.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85117282-fa91-4b9c-ae9b-ed5d68199cce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{85117282-fa91-4b9c-ae9b-ed5d68199cce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{85117282-fa91-4b9c-ae9b-ed5d68199cce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wonekoviye (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm5f5754f7 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\nasiliyu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nasiliyu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\nasiliyu.dll -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\bufesine.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nasiliyu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\letuyami.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Logfile of HijackThis v1.99.1
Scan saved at 22:57:06, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\ExtraFilm Designer EFCH French\EFUploadSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ELAN.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.ca/index.htmR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dell.ca/index.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\system32\ELAN.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -
http://upload.facebook.com/controls/Fac ... oader5.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://webscanner.kaspersky.fr/kavwebscan_unicode.cabO16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) -
http://www.extrafilm.ch/ImageUploader5.cabO16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) -
http://www.extrafilm.ch/ImageUploader4.cabO16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) -
http://www.wisup.net/_plateforme/Upload ... ader35.cabO16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) -
http://www.extrafilm.ch/ImageUploader4.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer EFCH French\EFUploadSrv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
VundoFix V7.0.6
Scan started at 21:26:58 11/12/2008
Listing files found while scanning....
No infected files were found.