Hactool.rootkit .. moi aussi infecté !!
Gilou
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
cela fait quelques jours que le PC familial rame .. et rien à faire on a toujours ce virus dans les pattes. Alors je suis allez sur le forum et j'ai fait un HijackThis et voici ce qu'il me di.
pourriez vous me dire quelle est la suite à donner ?
Merci.
Logfile of HijackThis v1.99.1
Scan saved at 12:28:24, on 02/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\system.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Defenza\pcd-as.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\IZArc\IZArc.exe
C:\DOCUME~1\BENEDI~1\LOCALS~1\Temp\ARC19\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\system.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
cela fait quelques jours que le PC familial rame .. et rien à faire on a toujours ce virus dans les pattes. Alors je suis allez sur le forum et j'ai fait un HijackThis et voici ce qu'il me di.
pourriez vous me dire quelle est la suite à donner ?
Merci.
Logfile of HijackThis v1.99.1
Scan saved at 12:28:24, on 02/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\system.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Defenza\pcd-as.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\IZArc\IZArc.exe
C:\DOCUME~1\BENEDI~1\LOCALS~1\Temp\ARC19\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\system.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
A voir également:
- Hactool.rootkit .. moi aussi infecté !!
- Alerte windows ordinateur infecté - Accueil - Arnaque
- L'ordinateur de simon a été infecté par un virus répertorié récemment ✓ - Forum Virus
- L'ordinateur de mustapha a été infecté par un virus répertorié récemment - Forum Virus
- Infection par : ONLYPC Flow.co.in ✓ - Forum Virus
- Mustapha - Forum Windows
9 réponses
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
guide: http://site-naheulbeuk.com/
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
______________________________
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
_______________________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
guide: http://site-naheulbeuk.com/
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
______________________________
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
_______________________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
ok tu as mis depuis un moment defenza sur ton ordi!!! c'est un rogue (espion)
Pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
_______________
telecharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
_________________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Program Files\Defenza\pcd-as.exe
C:\WINDOWS\system32\Machnm1.exe
C:\Program Files\Defenza
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCDAS"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
_______________
telecharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
_________________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Program Files\Defenza\pcd-as.exe
C:\WINDOWS\system32\Machnm1.exe
C:\Program Files\Defenza
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCDAS"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Voici le rapport de Combofix
ComboFix 09-03-01.01 - benedicte 2009-03-02 13:57:44.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.156 [GMT 1:00]
Lancé depuis: c:\documents and settings\benedicte\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\benedicte\Bureau\CFscript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
* Un nouveau point de restauration a été créé
FILE ::
c:\program files\Defenza
c:\program files\Defenza\pcd-as.exe
c:\windows\system32\Machnm1.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Defenza\pcd-as.exe
c:\windows\system32\_004559_.tmp.dll
c:\windows\system32\_004560_.tmp.dll
c:\windows\system32\_004561_.tmp.dll
c:\windows\system32\_004562_.tmp.dll
c:\windows\system32\_004569_.tmp.dll
c:\windows\system32\_004570_.tmp.dll
c:\windows\system32\_004571_.tmp.dll
c:\windows\system32\_004572_.tmp.dll
c:\windows\system32\_004574_.tmp.dll
c:\windows\system32\_004575_.tmp.dll
c:\windows\system32\_004578_.tmp.dll
c:\windows\system32\_004579_.tmp.dll
c:\windows\system32\_004581_.tmp.dll
c:\windows\system32\_004582_.tmp.dll
c:\windows\system32\_004583_.tmp.dll
c:\windows\system32\_004585_.tmp.dll
c:\windows\system32\_004588_.tmp.dll
c:\windows\system32\_004589_.tmp.dll
c:\windows\system32\_004593_.tmp.dll
c:\windows\system32\_004594_.tmp.dll
c:\windows\system32\_004596_.tmp.dll
c:\windows\system32\_004599_.tmp.dll
c:\windows\system32\_004601_.tmp.dll
c:\windows\system32\_004602_.tmp.dll
c:\windows\system32\_004603_.tmp.dll
c:\windows\system32\_004604_.tmp.dll
c:\windows\system32\_004605_.tmp.dll
c:\windows\system32\_004608_.tmp.dll
c:\windows\system32\_004609_.tmp.dll
c:\windows\system32\_004610_.tmp.dll
c:\windows\system32\_004611_.tmp.dll
c:\windows\system32\_004612_.tmp.dll
c:\windows\system32\_004617_.tmp.dll
c:\windows\system32\[u]0/u40.exe
c:\windows\system32\Machnm1.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 ))))))))))))))))))))))))))))))))))))
.
2009-03-02 13:14 . 2009-03-02 13:15 <REP> d-------- C:\rsit
2009-03-02 13:14 . 2009-03-02 13:15 <REP> d-------- c:\program files\trend micro
2009-03-02 12:52 . 2009-03-02 12:52 578,048 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-03-02 12:50 . 2009-03-02 12:50 <REP> d-------- c:\windows\ERUNT
2009-03-02 12:43 . 2009-03-02 13:04 <REP> d-------- C:\SDFix
2009-03-01 23:59 . 2009-03-02 13:57 <REP> d-------- c:\program files\Defenza
2009-03-01 23:59 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
2009-03-01 23:59 . 2009-03-01 23:59 3,120 --a------ c:\windows\system32\118290.54
2009-03-01 23:59 . 2009-03-01 23:59 3,120 --a------ c:\windows\118294.78
2009-03-01 23:59 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2009-03-01 23:15 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-01 23:14 . 2009-03-01 23:14 <REP> d-------- c:\program files\Panda Security
2009-02-28 11:53 . 2009-02-28 11:53 <REP> dr------- c:\documents and settings\LocalService\Favoris
2009-02-27 11:21 . 2009-02-27 11:21 <REP> d-------- c:\windows\system32\fr
2009-02-27 11:21 . 2009-02-27 11:21 <REP> d-------- c:\windows\system32\bits
2009-02-27 11:21 . 2009-02-27 11:21 <REP> d-------- c:\windows\l2schemas
2009-02-27 11:18 . 2009-02-27 11:21 <REP> d-------- c:\windows\ServicePackFiles
2009-02-24 19:28 . 2009-02-24 19:28 <REP> d-------- c:\program files\MSXML 6.0
2009-02-24 10:31 . 2004-08-04 00:38 327,168 --------- c:\windows\system32\drivers\ati2mtaa.sys
2009-02-24 10:06 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-24 10:06 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-24 10:06 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-24 10:06 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-24 10:06 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-24 10:06 . 2008-06-14 18:33 272,768 --------- c:\windows\system32\drivers\bthport.sys
2009-02-24 10:06 . 2008-06-14 18:33 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-24 10:05 . 2008-12-12 18:02 3,088,896 --------- c:\windows\system32\SET1483.tmp
2009-02-24 10:05 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-24 10:05 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-24 10:05 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-24 10:04 . 2008-10-16 02:01 3,088,896 --------- c:\windows\system32\SET1471.tmp
2009-02-24 10:04 . 2008-12-12 18:02 3,088,896 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-02-24 10:04 . 2008-10-16 02:01 1,499,648 --------- c:\windows\system32\SET1470.tmp
2009-02-24 10:04 . 2008-10-16 02:01 1,499,648 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-02-24 10:04 . 2008-04-11 20:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-24 10:04 . 2008-10-16 02:01 670,208 --------- c:\windows\system32\SET146E.tmp
2009-02-24 10:04 . 2008-10-16 02:01 670,208 -----c--- c:\windows\system32\dllcache\wininet.dll
2009-02-24 10:04 . 2008-10-16 02:01 620,544 --------- c:\windows\system32\SET146F.tmp
2009-02-24 10:04 . 2008-10-16 02:01 620,544 -----c--- c:\windows\system32\dllcache\urlmon.dll
2009-02-24 10:00 . 2009-02-27 15:13 <REP> d--h----- c:\windows\$hf_mig$
2009-02-24 10:00 . 2008-09-04 18:16 1,106,944 --a------ c:\windows\system32\SET144C.tmp
2009-02-24 10:00 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\SET1479.tmp
2009-02-24 10:00 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-16 18:59 . 2009-02-27 19:30 3 --a------ c:\windows\switch.inf
2009-02-08 01:11 . 2009-02-08 01:12 21,637 --a------ c:\windows\system32\16.scr
2009-02-06 17:55 . 2009-02-06 17:55 <REP> d-------- c:\documents and settings\benedicte\Application Data\dvdcss
2009-02-06 17:42 . 2009-02-06 17:42 <REP> d-------- c:\program files\Zinf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 12:55 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-01 22:59 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 22:59 --------- d-----w c:\program files\Fichiers communs\InstallShield
2009-01-26 12:31 --------- d-----w c:\documents and settings\benedicte\Application Data\Canneverbe_Limited
2009-01-26 12:30 --------- d-----w c:\program files\CDBurnerXP
2009-01-26 12:25 --------- d-----w c:\program files\MSBuild
2009-01-26 12:21 --------- d-----w c:\program files\Reference Assemblies
2009-01-26 12:01 --------- d-----w c:\program files\Real
2009-01-26 12:01 --------- d-----w c:\program files\Fichiers communs\xing shared
2009-01-26 12:01 --------- d-----w c:\program files\Fichiers communs\Real
2009-01-26 11:53 --------- d-----w c:\documents and settings\benedicte\Application Data\vlc
2009-01-26 11:52 --------- d-----w c:\program files\VideoLAN
2009-01-26 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-26 08:33 --------- d-----w c:\documents and settings\benedicte\Application Data\OpenOffice.org
2009-01-26 08:31 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-26 08:27 --------- d-----w c:\program files\IZArc
2009-01-22 12:02 --------- d-----w c:\program files\Analog Devices
2009-01-21 10:04 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-21 10:04 8,014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-21 10:04 48,768 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-21 10:04 110,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-21 10:04 --------- d-----w c:\program files\Symantec
2009-01-21 10:04 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-01-21 10:04 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-21 09:46 --------- d-----w c:\program files\microsoft frontpage
2009-01-21 09:45 --------- d-----w c:\program files\Services en ligne
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-05-04 126000]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-26 185872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2003-05-30 09:42 585728 c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2003-05-29 16:28 790528 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-01-26 13:01 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-01 28544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-05-04 119856]
.
.
------- Examen supplémentaire -------
.
FF - ProfilePath - c:\documents and settings\benedicte\Application Data\Mozilla\Firefox\Profiles\yjgspbot.default\
FF - prefs.js: browser.startup.homepage - google.fr
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 13:59:07
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-03-02 14:00:01
ComboFix-quarantined-files.txt 2009-03-02 12:59:58
Avant-CF: 191 085 682 688 octets libres
Après-CF: 191,079,092,224 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
187 --- E O F --- 2009-02-27 15:59:29
ComboFix 09-03-01.01 - benedicte 2009-03-02 13:57:44.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.156 [GMT 1:00]
Lancé depuis: c:\documents and settings\benedicte\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\benedicte\Bureau\CFscript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
* Un nouveau point de restauration a été créé
FILE ::
c:\program files\Defenza
c:\program files\Defenza\pcd-as.exe
c:\windows\system32\Machnm1.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Defenza\pcd-as.exe
c:\windows\system32\_004559_.tmp.dll
c:\windows\system32\_004560_.tmp.dll
c:\windows\system32\_004561_.tmp.dll
c:\windows\system32\_004562_.tmp.dll
c:\windows\system32\_004569_.tmp.dll
c:\windows\system32\_004570_.tmp.dll
c:\windows\system32\_004571_.tmp.dll
c:\windows\system32\_004572_.tmp.dll
c:\windows\system32\_004574_.tmp.dll
c:\windows\system32\_004575_.tmp.dll
c:\windows\system32\_004578_.tmp.dll
c:\windows\system32\_004579_.tmp.dll
c:\windows\system32\_004581_.tmp.dll
c:\windows\system32\_004582_.tmp.dll
c:\windows\system32\_004583_.tmp.dll
c:\windows\system32\_004585_.tmp.dll
c:\windows\system32\_004588_.tmp.dll
c:\windows\system32\_004589_.tmp.dll
c:\windows\system32\_004593_.tmp.dll
c:\windows\system32\_004594_.tmp.dll
c:\windows\system32\_004596_.tmp.dll
c:\windows\system32\_004599_.tmp.dll
c:\windows\system32\_004601_.tmp.dll
c:\windows\system32\_004602_.tmp.dll
c:\windows\system32\_004603_.tmp.dll
c:\windows\system32\_004604_.tmp.dll
c:\windows\system32\_004605_.tmp.dll
c:\windows\system32\_004608_.tmp.dll
c:\windows\system32\_004609_.tmp.dll
c:\windows\system32\_004610_.tmp.dll
c:\windows\system32\_004611_.tmp.dll
c:\windows\system32\_004612_.tmp.dll
c:\windows\system32\_004617_.tmp.dll
c:\windows\system32\[u]0/u40.exe
c:\windows\system32\Machnm1.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 ))))))))))))))))))))))))))))))))))))
.
2009-03-02 13:14 . 2009-03-02 13:15 <REP> d-------- C:\rsit
2009-03-02 13:14 . 2009-03-02 13:15 <REP> d-------- c:\program files\trend micro
2009-03-02 12:52 . 2009-03-02 12:52 578,048 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-03-02 12:50 . 2009-03-02 12:50 <REP> d-------- c:\windows\ERUNT
2009-03-02 12:43 . 2009-03-02 13:04 <REP> d-------- C:\SDFix
2009-03-01 23:59 . 2009-03-02 13:57 <REP> d-------- c:\program files\Defenza
2009-03-01 23:59 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
2009-03-01 23:59 . 2009-03-01 23:59 3,120 --a------ c:\windows\system32\118290.54
2009-03-01 23:59 . 2009-03-01 23:59 3,120 --a------ c:\windows\118294.78
2009-03-01 23:59 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2009-03-01 23:15 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-01 23:14 . 2009-03-01 23:14 <REP> d-------- c:\program files\Panda Security
2009-02-28 11:53 . 2009-02-28 11:53 <REP> dr------- c:\documents and settings\LocalService\Favoris
2009-02-27 11:21 . 2009-02-27 11:21 <REP> d-------- c:\windows\system32\fr
2009-02-27 11:21 . 2009-02-27 11:21 <REP> d-------- c:\windows\system32\bits
2009-02-27 11:21 . 2009-02-27 11:21 <REP> d-------- c:\windows\l2schemas
2009-02-27 11:18 . 2009-02-27 11:21 <REP> d-------- c:\windows\ServicePackFiles
2009-02-24 19:28 . 2009-02-24 19:28 <REP> d-------- c:\program files\MSXML 6.0
2009-02-24 10:31 . 2004-08-04 00:38 327,168 --------- c:\windows\system32\drivers\ati2mtaa.sys
2009-02-24 10:06 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-24 10:06 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-24 10:06 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-24 10:06 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-24 10:06 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-24 10:06 . 2008-06-14 18:33 272,768 --------- c:\windows\system32\drivers\bthport.sys
2009-02-24 10:06 . 2008-06-14 18:33 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-24 10:05 . 2008-12-12 18:02 3,088,896 --------- c:\windows\system32\SET1483.tmp
2009-02-24 10:05 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-24 10:05 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-24 10:05 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-24 10:04 . 2008-10-16 02:01 3,088,896 --------- c:\windows\system32\SET1471.tmp
2009-02-24 10:04 . 2008-12-12 18:02 3,088,896 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-02-24 10:04 . 2008-10-16 02:01 1,499,648 --------- c:\windows\system32\SET1470.tmp
2009-02-24 10:04 . 2008-10-16 02:01 1,499,648 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-02-24 10:04 . 2008-04-11 20:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-24 10:04 . 2008-10-16 02:01 670,208 --------- c:\windows\system32\SET146E.tmp
2009-02-24 10:04 . 2008-10-16 02:01 670,208 -----c--- c:\windows\system32\dllcache\wininet.dll
2009-02-24 10:04 . 2008-10-16 02:01 620,544 --------- c:\windows\system32\SET146F.tmp
2009-02-24 10:04 . 2008-10-16 02:01 620,544 -----c--- c:\windows\system32\dllcache\urlmon.dll
2009-02-24 10:00 . 2009-02-27 15:13 <REP> d--h----- c:\windows\$hf_mig$
2009-02-24 10:00 . 2008-09-04 18:16 1,106,944 --a------ c:\windows\system32\SET144C.tmp
2009-02-24 10:00 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\SET1479.tmp
2009-02-24 10:00 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-16 18:59 . 2009-02-27 19:30 3 --a------ c:\windows\switch.inf
2009-02-08 01:11 . 2009-02-08 01:12 21,637 --a------ c:\windows\system32\16.scr
2009-02-06 17:55 . 2009-02-06 17:55 <REP> d-------- c:\documents and settings\benedicte\Application Data\dvdcss
2009-02-06 17:42 . 2009-02-06 17:42 <REP> d-------- c:\program files\Zinf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 12:55 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-01 22:59 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 22:59 --------- d-----w c:\program files\Fichiers communs\InstallShield
2009-01-26 12:31 --------- d-----w c:\documents and settings\benedicte\Application Data\Canneverbe_Limited
2009-01-26 12:30 --------- d-----w c:\program files\CDBurnerXP
2009-01-26 12:25 --------- d-----w c:\program files\MSBuild
2009-01-26 12:21 --------- d-----w c:\program files\Reference Assemblies
2009-01-26 12:01 --------- d-----w c:\program files\Real
2009-01-26 12:01 --------- d-----w c:\program files\Fichiers communs\xing shared
2009-01-26 12:01 --------- d-----w c:\program files\Fichiers communs\Real
2009-01-26 11:53 --------- d-----w c:\documents and settings\benedicte\Application Data\vlc
2009-01-26 11:52 --------- d-----w c:\program files\VideoLAN
2009-01-26 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-26 08:33 --------- d-----w c:\documents and settings\benedicte\Application Data\OpenOffice.org
2009-01-26 08:31 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-26 08:27 --------- d-----w c:\program files\IZArc
2009-01-22 12:02 --------- d-----w c:\program files\Analog Devices
2009-01-21 10:04 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-21 10:04 8,014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-21 10:04 48,768 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-21 10:04 110,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-21 10:04 --------- d-----w c:\program files\Symantec
2009-01-21 10:04 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-01-21 10:04 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-21 09:46 --------- d-----w c:\program files\microsoft frontpage
2009-01-21 09:45 --------- d-----w c:\program files\Services en ligne
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-05-04 126000]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-26 185872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2003-05-30 09:42 585728 c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2003-05-29 16:28 790528 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-01-26 13:01 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-01 28544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-05-04 119856]
.
.
------- Examen supplémentaire -------
.
FF - ProfilePath - c:\documents and settings\benedicte\Application Data\Mozilla\Firefox\Profiles\yjgspbot.default\
FF - prefs.js: browser.startup.homepage - google.fr
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 13:59:07
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-03-02 14:00:01
ComboFix-quarantined-files.txt 2009-03-02 12:59:58
Avant-CF: 191 085 682 688 octets libres
Après-CF: 191,079,092,224 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
187 --- E O F --- 2009-02-27 15:59:29
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
c:\program files\Defenza
c:\windows\system32\Machnm64.sys
c:\windows\system32\118290.54
c:\windows\118294.78
c:\windows\system32\Machnm32.sys
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
c:\program files\Defenza
c:\windows\system32\Machnm64.sys
c:\windows\system32\118290.54
c:\windows\118294.78
c:\windows\system32\Machnm32.sys
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
<graomboFix 09-03-01.01 - benedicte 2009-03-02 14:25:37.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.176 [GMT 1:00]
Lancé depuis: c:\documents and settings\benedicte\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\benedicte\Bureau\CFscript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
* Un nouveau point de restauration a été créé
FILE ::
c:\program files\Defenza
c:\windows\118294.78
c:\windows\system32\118290.54
c:\windows\system32\Machnm32.sys
c:\windows\system32\Machnm64.sys
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\118294.78
c:\windows\system32\118290.54
c:\windows\system32\Machnm32.sys
c:\windows\system32\Machnm64.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 ))))))))))))))))))))))))))))))))))))
.
2009-03-02 13:14 . 2009-03-02 13:15 <REP> d-------- C:\rsit
2009-03-02 13:14 . 2009-03-02 13:15 <REP> d-------- c:\program files\trend micro
2009-03-02 12:52 . 2009-03-02 12:52 578,048 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-03-02 12:50 . 2009-03-02 12:50 <REP> d-------- c:\windows\ERUNT
2009-03-02 12:43 . 2009-03-02 13:04 <REP> d-------- C:\SDFix
2009-03-01 23:59 . 2009-03-02 13:57 <REP> d-------- c:\program files\Defenza
2009-03-01 23:15 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-01 23:14 . 2009-03-01 23:14 <REP> d-------- c:\program files\Panda Security
2009-02-28 11:53 . 2009-02-28 11:53 <REP> dr------- c:\documents and settings\LocalService\Favoris
2009-02-27 11:21 . 2009-02-27 11:21 <REP> d-------- c:\windows\system32\fr
2009-02-27 11:21 . 2009-02-27 11:21 <REP> d-------- c:\windows\system32\bits
2009-02-27 11:21 . 2009-02-27 11:21 <REP> d-------- c:\windows\l2schemas
2009-02-27 11:18 . 2009-02-27 11:21 <REP> d-------- c:\windows\ServicePackFiles
2009-02-24 19:28 . 2009-02-24 19:28 <REP> d-------- c:\program files\MSXML 6.0
2009-02-24 10:31 . 2004-08-04 00:38 327,168 --------- c:\windows\system32\drivers\ati2mtaa.sys
2009-02-24 10:06 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-24 10:06 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-24 10:06 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-24 10:06 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-24 10:06 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-24 10:06 . 2008-06-14 18:33 272,768 --------- c:\windows\system32\drivers\bthport.sys
2009-02-24 10:06 . 2008-06-14 18:33 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-24 10:05 . 2008-12-12 18:02 3,088,896 --------- c:\windows\system32\SET1483.tmp
2009-02-24 10:05 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-24 10:05 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-24 10:05 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-24 10:04 . 2008-10-16 02:01 3,088,896 --------- c:\windows\system32\SET1471.tmp
2009-02-24 10:04 . 2008-12-12 18:02 3,088,896 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-02-24 10:04 . 2008-10-16 02:01 1,499,648 --------- c:\windows\system32\SET1470.tmp
2009-02-24 10:04 . 2008-10-16 02:01 1,499,648 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-02-24 10:04 . 2008-04-11 20:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-24 10:04 . 2008-10-16 02:01 670,208 --------- c:\windows\system32\SET146E.tmp
2009-02-24 10:04 . 2008-10-16 02:01 670,208 -----c--- c:\windows\system32\dllcache\wininet.dll
2009-02-24 10:04 . 2008-10-16 02:01 620,544 --------- c:\windows\system32\SET146F.tmp
2009-02-24 10:04 . 2008-10-16 02:01 620,544 -----c--- c:\windows\system32\dllcache\urlmon.dll
2009-02-24 10:00 . 2009-02-27 15:13 <REP> d--h----- c:\windows\$hf_mig$
2009-02-24 10:00 . 2008-09-04 18:16 1,106,944 --a------ c:\windows\system32\SET144C.tmp
2009-02-24 10:00 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\SET1479.tmp
2009-02-24 10:00 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-16 18:59 . 2009-02-27 19:30 3 --a------ c:\windows\switch.inf
2009-02-08 01:11 . 2009-02-08 01:12 21,637 --a------ c:\windows\system32\16.scr
2009-02-06 17:55 . 2009-02-06 17:55 <REP> d-------- c:\documents and settings\benedicte\Application Data\dvdcss
2009-02-06 17:42 . 2009-02-06 17:42 <REP> d-------- c:\program files\Zinf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 13:24 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-01 22:59 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 22:59 --------- d-----w c:\program files\Fichiers communs\InstallShield
2009-01-26 12:31 --------- d-----w c:\documents and settings\benedicte\Application Data\Canneverbe_Limited
2009-01-26 12:30 --------- d-----w c:\program files\CDBurnerXP
2009-01-26 12:25 --------- d-----w c:\program files\MSBuild
2009-01-26 12:21 --------- d-----w c:\program files\Reference Assemblies
2009-01-26 12:01 --------- d-----w c:\program files\Real
2009-01-26 12:01 --------- d-----w c:\program files\Fichiers communs\xing shared
2009-01-26 12:01 --------- d-----w c:\program files\Fichiers communs\Real
2009-01-26 11:53 --------- d-----w c:\documents and settings\benedicte\Application Data\vlc
2009-01-26 11:52 --------- d-----w c:\program files\VideoLAN
2009-01-26 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-26 08:33 --------- d-----w c:\documents and settings\benedicte\Application Data\OpenOffice.org
2009-01-26 08:31 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-26 08:27 --------- d-----w c:\program files\IZArc
2009-01-22 12:02 --------- d-----w c:\program files\Analog Devices
2009-01-21 10:04 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-21 10:04 8,014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-21 10:04 48,768 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-21 10:04 110,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-21 10:04 --------- d-----w c:\program files\Symantec
2009-01-21 10:04 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-01-21 10:04 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-21 09:46 --------- d-----w c:\program files\microsoft frontpage
2009-01-21 09:45 --------- d-----w c:\program files\Services en ligne
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-05-04 126000]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-26 185872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2003-05-30 09:42 585728 c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2003-05-29 16:28 790528 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-01-26 13:01 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-01 28544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-05-04 119856]
.
.
------- Examen supplémentaire -------
.
FF - ProfilePath - c:\documents and settings\benedicte\Application Data\Mozilla\Firefox\Profiles\yjgspbot.default\
FF - prefs.js: browser.startup.homepage - google.fr
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 14:27:01
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-03-02 14:27:55
ComboFix-quarantined-files.txt 2009-03-02 13:27:52
ComboFix2.txt 2009-03-02 13:00:02
Avant-CF: 191 082 639 360 octets libres
Après-CF: 191,070,781,440 octets libres
147 --- E O F --- 2009-02-27 15:59:29
s>nouveau rapport ComboFix</gras>
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.176 [GMT 1:00]
Lancé depuis: c:\documents and settings\benedicte\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\benedicte\Bureau\CFscript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
* Un nouveau point de restauration a été créé
FILE ::
c:\program files\Defenza
c:\windows\118294.78
c:\windows\system32\118290.54
c:\windows\system32\Machnm32.sys
c:\windows\system32\Machnm64.sys
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\118294.78
c:\windows\system32\118290.54
c:\windows\system32\Machnm32.sys
c:\windows\system32\Machnm64.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 ))))))))))))))))))))))))))))))))))))
.
2009-03-02 13:14 . 2009-03-02 13:15 <REP> d-------- C:\rsit
2009-03-02 13:14 . 2009-03-02 13:15 <REP> d-------- c:\program files\trend micro
2009-03-02 12:52 . 2009-03-02 12:52 578,048 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-03-02 12:50 . 2009-03-02 12:50 <REP> d-------- c:\windows\ERUNT
2009-03-02 12:43 . 2009-03-02 13:04 <REP> d-------- C:\SDFix
2009-03-01 23:59 . 2009-03-02 13:57 <REP> d-------- c:\program files\Defenza
2009-03-01 23:15 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-01 23:14 . 2009-03-01 23:14 <REP> d-------- c:\program files\Panda Security
2009-02-28 11:53 . 2009-02-28 11:53 <REP> dr------- c:\documents and settings\LocalService\Favoris
2009-02-27 11:21 . 2009-02-27 11:21 <REP> d-------- c:\windows\system32\fr
2009-02-27 11:21 . 2009-02-27 11:21 <REP> d-------- c:\windows\system32\bits
2009-02-27 11:21 . 2009-02-27 11:21 <REP> d-------- c:\windows\l2schemas
2009-02-27 11:18 . 2009-02-27 11:21 <REP> d-------- c:\windows\ServicePackFiles
2009-02-24 19:28 . 2009-02-24 19:28 <REP> d-------- c:\program files\MSXML 6.0
2009-02-24 10:31 . 2004-08-04 00:38 327,168 --------- c:\windows\system32\drivers\ati2mtaa.sys
2009-02-24 10:06 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-24 10:06 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-24 10:06 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-24 10:06 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-24 10:06 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-24 10:06 . 2008-06-14 18:33 272,768 --------- c:\windows\system32\drivers\bthport.sys
2009-02-24 10:06 . 2008-06-14 18:33 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-24 10:05 . 2008-12-12 18:02 3,088,896 --------- c:\windows\system32\SET1483.tmp
2009-02-24 10:05 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-24 10:05 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-24 10:05 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-24 10:04 . 2008-10-16 02:01 3,088,896 --------- c:\windows\system32\SET1471.tmp
2009-02-24 10:04 . 2008-12-12 18:02 3,088,896 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-02-24 10:04 . 2008-10-16 02:01 1,499,648 --------- c:\windows\system32\SET1470.tmp
2009-02-24 10:04 . 2008-10-16 02:01 1,499,648 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-02-24 10:04 . 2008-04-11 20:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-24 10:04 . 2008-10-16 02:01 670,208 --------- c:\windows\system32\SET146E.tmp
2009-02-24 10:04 . 2008-10-16 02:01 670,208 -----c--- c:\windows\system32\dllcache\wininet.dll
2009-02-24 10:04 . 2008-10-16 02:01 620,544 --------- c:\windows\system32\SET146F.tmp
2009-02-24 10:04 . 2008-10-16 02:01 620,544 -----c--- c:\windows\system32\dllcache\urlmon.dll
2009-02-24 10:00 . 2009-02-27 15:13 <REP> d--h----- c:\windows\$hf_mig$
2009-02-24 10:00 . 2008-09-04 18:16 1,106,944 --a------ c:\windows\system32\SET144C.tmp
2009-02-24 10:00 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\SET1479.tmp
2009-02-24 10:00 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-16 18:59 . 2009-02-27 19:30 3 --a------ c:\windows\switch.inf
2009-02-08 01:11 . 2009-02-08 01:12 21,637 --a------ c:\windows\system32\16.scr
2009-02-06 17:55 . 2009-02-06 17:55 <REP> d-------- c:\documents and settings\benedicte\Application Data\dvdcss
2009-02-06 17:42 . 2009-02-06 17:42 <REP> d-------- c:\program files\Zinf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 13:24 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-01 22:59 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 22:59 --------- d-----w c:\program files\Fichiers communs\InstallShield
2009-01-26 12:31 --------- d-----w c:\documents and settings\benedicte\Application Data\Canneverbe_Limited
2009-01-26 12:30 --------- d-----w c:\program files\CDBurnerXP
2009-01-26 12:25 --------- d-----w c:\program files\MSBuild
2009-01-26 12:21 --------- d-----w c:\program files\Reference Assemblies
2009-01-26 12:01 --------- d-----w c:\program files\Real
2009-01-26 12:01 --------- d-----w c:\program files\Fichiers communs\xing shared
2009-01-26 12:01 --------- d-----w c:\program files\Fichiers communs\Real
2009-01-26 11:53 --------- d-----w c:\documents and settings\benedicte\Application Data\vlc
2009-01-26 11:52 --------- d-----w c:\program files\VideoLAN
2009-01-26 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-26 08:33 --------- d-----w c:\documents and settings\benedicte\Application Data\OpenOffice.org
2009-01-26 08:31 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-26 08:27 --------- d-----w c:\program files\IZArc
2009-01-22 12:02 --------- d-----w c:\program files\Analog Devices
2009-01-21 10:04 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-21 10:04 8,014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-21 10:04 48,768 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-21 10:04 110,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-21 10:04 --------- d-----w c:\program files\Symantec
2009-01-21 10:04 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-01-21 10:04 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-21 09:46 --------- d-----w c:\program files\microsoft frontpage
2009-01-21 09:45 --------- d-----w c:\program files\Services en ligne
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-05-04 126000]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-26 185872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2003-05-30 09:42 585728 c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2003-05-29 16:28 790528 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-01-26 13:01 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-01 28544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-05-04 119856]
.
.
------- Examen supplémentaire -------
.
FF - ProfilePath - c:\documents and settings\benedicte\Application Data\Mozilla\Firefox\Profiles\yjgspbot.default\
FF - prefs.js: browser.startup.homepage - google.fr
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 14:27:01
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-03-02 14:27:55
ComboFix-quarantined-files.txt 2009-03-02 13:27:52
ComboFix2.txt 2009-03-02 13:00:02
Avant-CF: 191 082 639 360 octets libres
Après-CF: 191,070,781,440 octets libres
147 --- E O F --- 2009-02-27 15:59:29
s>nouveau rapport ComboFix</gras>
scan rapide avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______
remets un rapport rsit et dis tes soucis actuels
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______
remets un rapport rsit et dis tes soucis actuels
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1814
Windows 5.1.2600 Service Pack 3
02/03/2009 15:39:39
mbam-log-2009-03-02 (15-39-39).txt
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 156401
Temps écoulé: 41 minute(s), 46 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Merci pour tout !!
une dernière question : comment éviter que cela se reproduise ??
A bientôt !?
Version de la base de données: 1814
Windows 5.1.2600 Service Pack 3
02/03/2009 15:39:39
mbam-log-2009-03-02 (15-39-39).txt
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 156401
Temps écoulé: 41 minute(s), 46 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Merci pour tout !!
une dernière question : comment éviter que cela se reproduise ??
A bientôt !?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
remets un rapport rsit et dis tes soucis actuels
Logfile of random's system information tool 1.05 (written by random/random)
Run by benedicte at 2009-03-02 15:51:15
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 182 GB (62%) free of 295 GB
Total RAM: 511 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:19, on 02/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\benedicte\Bureau\RSIT.exe
C:\Program Files\trend micro\benedicte.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Run by benedicte at 2009-03-02 15:51:15
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 182 GB (62%) free of 295 GB
Total RAM: 511 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:19, on 02/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\benedicte\Bureau\RSIT.exe
C:\Program Files\trend micro\benedicte.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
vire le fichier defenza si présent en allant dans poste de travail puis
C:\Program Files\Defenza
___________________
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
___________________
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
_____________________
pour verifier:
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
C:\Program Files\Defenza
___________________
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
___________________
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
_____________________
pour verifier:
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\SDFIX: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\benedicte\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\benedicte\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\benedicte\Bureau\Rsit.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
Corbeille vidée!
Fichiers temporaires nettoyés !
---------------------------------
-->- Suppression:
C:\Documents and Settings\benedicte\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\benedicte\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\benedicte\Bureau\Rsit.exe: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\Rsit: supprimé !
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\SDFIX: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\benedicte\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\benedicte\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\benedicte\Bureau\Rsit.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
Corbeille vidée!
Fichiers temporaires nettoyés !
---------------------------------
-->- Suppression:
C:\Documents and Settings\benedicte\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\benedicte\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\benedicte\Bureau\Rsit.exe: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\Rsit: supprimé !
ok vire combofix manuellement de ton bureau et colle le scan en ligne
Statistics
Time
00:58:21
Files
346836
Folders
7501
Boot Sectors
0
Archives
8946
Packed Files
10933
Results
Identified Viruses
8
Infected Files
84
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
137
Engines Info
Virus Definitions
2699793
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins
17
Archive plugins
45
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Backups\backups.zip=>backups/734.exe
Infected with: Win32.Worm.Slenfbot.CH
C:\Backups\backups.zip=>backups/734.exe
Disinfection failed
C:\Backups\backups.zip=>backups/734.exe
Deleted
C:\Backups\backups.zip
Updated
C:\Backups\backups.zip=>backups/system.exe
Infected with: Win32.Worm.Slenfbot.CH
C:\Backups\backups.zip=>backups/system.exe
Disinfection failed
C:\Backups\backups.zip=>backups/system.exe
Deleted
C:\Backups\backups.zip
Updated
C:\Backups\HOSTS
Infected with: Trojan.QHosts.ASH
C:\Backups\HOSTS
Disinfection failed
C:\Backups\HOSTS
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00840000\49AFA9A7.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00840000\49AFA9A7.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00840000\49AFA9A7.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04D00000\4DFB8613.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04D00000\4DFB8613.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04D00000\4DFB8613.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800001\4FABEC7D.VBN=>(Quarantine-PE)
Infected with: Backdoor.Agent.AADH
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800001\4FABEC7D.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800001\4FABEC7D.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800002\4FABEC8A.VBN=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.40639C8A8A
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800002\4FABEC8A.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800002\4FABEC8A.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800002\4FABEC8A.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800003\4FABEC96.VBN=>(Quarantine-PE)
Detected with: Dialer.Generic.38047
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800003\4FABEC96.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800003\4FABEC96.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800003\4FABEC96.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800005\4FABECAF.VBN=>(Quarantine-PE)
Detected with: Dialer.Generic.38047
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800005\4FABECAF.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800005\4FABECAF.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800005\4FABECAF.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800006\4FABECBB.VBN=>(Quarantine-PE)
Detected with: Dialer.Generic.38047
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800006\4FABECBB.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800006\4FABECBB.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800006\4FABECBB.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800007\4FABECC7.VBN=>(Quarantine-PE)
Detected with: Dialer.Generic.38047
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800007\4FABECC7.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800007\4FABECC7.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800007\4FABECC7.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000B\4FABECFE.VBN=>(Quarantine-PE)
Detected with: Dialer.Generic.38047
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000B\4FABECFE.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000B\4FABECFE.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000B\4FABECFE.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000D\4FABED1B.VBN=>(Quarantine-PE)
Infected with: Trojan.Delf.Inject.Z
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000D\4FABED1B.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000D\4FABED1B.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000D\4FABED1B.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09B40000\49BCA725.VBN=>(Quarantine-PE)
Infected with: Trojan.Peed.Gen
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09B40000\49BCA725.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09B40000\49BCA725.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09B40000\49BCA725.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09CC0000\49CF0D62.VBN=>(Quarantine-PE)
Infected with: Trojan.Peed.Gen
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09CC0000\49CF0D62.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09CC0000\49CF0D62.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09CC0000\49CF0D62.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4BAD14B9.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4BAD14B9.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4BAD14B9.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000\4BEEEBB6.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000\4BEEEBB6.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000\4BEEEBB6.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001\4BEEEBC9.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001\4BEEEBC9.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001\4BEEEBC9.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480000\4BE9941E.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480000\4BE9941E.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480000\4BE9941E.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480001\4BE9A2E4.VBN=>(Quarantine-PE)
Infected with: Trojan.Delf.Inject.Z
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480001\4BE9A2E4.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480001\4BE9A2E4.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480001\4BE9A2E4.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B600000\4BF74944.VBN=>(Quarantine-PE)
Infected with: Trojan.Peed.Gen
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B600000\4BF74944.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B600000\4BF74944.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B600000\4BF74944.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B680000\4BEBACE3.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B680000\4BEBACE3.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B680000\4BEBACE3.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC40000\4BEFBD3C.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC40000\4BEFBD3C.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC40000\4BEFBD3C.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000\4BFF0495.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000\4BFF0495.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000\4BFF0495.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040000\4DAFA881.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040000\4DAFA881.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040000\4DAFA881.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040001\4DAFA88C.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040001\4DAFA88C.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040001\4DAFA88C.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040002\4DAFA894.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040002\4DAFA894.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040002\4DAFA894.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040003\4DAFA89C.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040003\4DAFA89C.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040003\4DAFA89C.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D1C0000\4DBF226B.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D1C0000\4DBF226B.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D1C0000\4DBF226B.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D200000\4DA91875.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D200000\4DA91875.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D200000\4DA91875.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000\4DF916B5.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000\4DF916B5.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000\4DF916B5.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0000\4DAE65E1.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0000\4DAE65E1.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0000\4DAE65E1.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF00000\4DF922C7.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF00000\4DF922C7.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF00000\4DF922C7.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140000\4FBD178A.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140000\4FBD178A.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140000\4FBD178A.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0000\4FBD1105.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0000\4FBD1105.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0000\4FBD1105.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0001\4FBD1118.VBN=>(Quarantine-PE)
Infected with: Trojan.Delf.Inject.Z
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0001\4FBD1118.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0001\4FBD1118.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0001\4FBD1118.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0000\4FEFA7AB.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0000\4FEFA7AB.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0000\4FEFA7AB.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0001\4FEFA7B7.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0001\4FEFA7B7.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0001\4FEFA7B7.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0002\4FEFA7C2.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0002\4FEFA7C2.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0002\4FEFA7C2.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0003\4FEFA7CA.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0003\4FEFA7CA.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0003\4FEFA7CA.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0004\4FEFA7D4.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0004\4FEFA7D4.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0004\4FEFA7D4.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940009\4FBD1D80.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940009\4FBD1D80.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940009\4FBD1D80.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000A\4FBD1D86.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000A\4FBD1D86.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000A\4FBD1D86.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000B\4FBD1D8D.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000B\4FBD1D8D.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000B\4FBD1D8D.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000C\4FBD1D93.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000C\4FBD1D93.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000C\4FBD1D93.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000D\4FBD1D9A.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000D\4FBD1D9A.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000D\4FBD1D9A.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000E\4FBD1DA0.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000E\4FBD1DA0.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000E\4FBD1DA0.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000F\4FBD1DA7.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000F\4FBD1DA7.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000F\4FBD1DA7.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940010\4FBD1DAD.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940010\4FBD1DAD.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940010\4FBD1DAD.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940011\4FBD1DB4.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940011\4FBD1DB4.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940011\4FBD1DB4.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940014\4FBD210C.VBN=>(Quarantine-PE)
Infected with: Trojan.Delf.Inject.Z
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940014\4FBD210C.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940014\4FBD210C.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940014\4FBD210C.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940015\4FBD2156.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940015\4FBD2156.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940015\4FBD2156.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00000\4FFB8FA3.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00000\4FFB8FA3.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00000\4FFB8FA3.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F0C0000\4FAF9652.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F0C0000\4FAF9652.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F0C0000\4FAF9652.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F4C0000\4FEF878E.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F4C0000\4FEF878E.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F4C0000\4FEF878E.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F940000\4FBF94E6.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F940000\4FBF94E6.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F940000\4FBF94E6.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FB80000\4FBBADFE.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FB80000\4FBBADFE.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FB80000\4FBBADFE.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40000\4FFFAD7E.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40000\4FFFAD7E.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40000\4FFFAD7E.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40001\4FFFAF02.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40001\4FFFAF02.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40001\4FFFAF02.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FFC0000\4FFFAF9D.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FFC0000\4FFFAF9D.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FFC0000\4FFFAF9D.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FFC0001\4FFFB43D.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FFC0001\4FFFB43D.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FFC0001\4FFFB43D.VBN
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001128.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001128.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001128.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001156.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001156.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001156.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001162.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001162.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001162.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001168.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001168.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001168.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001174.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001174.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001174.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001180.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001180.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001180.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001186.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001186.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001186.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001193.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001193.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001193.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001199.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001199.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001199.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001205.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001205.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001205.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0002205.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0002205.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0002205.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0002511.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0002511.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0002511.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP16\A0002527.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP16\A0002527.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP16\A0002527.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP16\A0002537.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP16\A0002537.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP16\A0002537.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP17\A0003537.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP17\A0003537.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP17\A0003537.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP19\A0006706.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP19\A0006706.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP19\A0006706.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP20\A0006863.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP20\A0006863.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP20\A0006863.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007139.exe
Infected with: Win32.Worm.Slenfbot.CH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007139.exe
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007139.exe
Delete failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007141.exe
Infected with: Win32.Worm.Slenfbot.CH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007141.exe
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007141.exe
Delete failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007145.exe
Infected with: Win32.Worm.Slenfbot.CH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007145.exe
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007145.exe
Delete failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007147.exe
Infected with: Win32.Worm.Slenfbot.CH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007147.exe
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007147.exe
Delete failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP23\A0007201.exe
Infected with: Win32.Worm.Slenfbot.CH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP23\A0007201.exe
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP23\A0007201.exe
Delete failed
C:\WINDOWS\system32\drivers\etc\hosts.sam
Infected with: Trojan.QHosts.ASH
C:\WINDOWS\system32\drivers\etc\hosts.sam
Disinfection failed
C:\WINDOWS\system32\drivers\etc\hosts.sam
Deleted
Time
00:58:21
Files
346836
Folders
7501
Boot Sectors
0
Archives
8946
Packed Files
10933
Results
Identified Viruses
8
Infected Files
84
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
137
Engines Info
Virus Definitions
2699793
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins
17
Archive plugins
45
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Backups\backups.zip=>backups/734.exe
Infected with: Win32.Worm.Slenfbot.CH
C:\Backups\backups.zip=>backups/734.exe
Disinfection failed
C:\Backups\backups.zip=>backups/734.exe
Deleted
C:\Backups\backups.zip
Updated
C:\Backups\backups.zip=>backups/system.exe
Infected with: Win32.Worm.Slenfbot.CH
C:\Backups\backups.zip=>backups/system.exe
Disinfection failed
C:\Backups\backups.zip=>backups/system.exe
Deleted
C:\Backups\backups.zip
Updated
C:\Backups\HOSTS
Infected with: Trojan.QHosts.ASH
C:\Backups\HOSTS
Disinfection failed
C:\Backups\HOSTS
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00840000\49AFA9A7.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00840000\49AFA9A7.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00840000\49AFA9A7.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04D00000\4DFB8613.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04D00000\4DFB8613.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04D00000\4DFB8613.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800001\4FABEC7D.VBN=>(Quarantine-PE)
Infected with: Backdoor.Agent.AADH
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800001\4FABEC7D.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800001\4FABEC7D.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800002\4FABEC8A.VBN=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.40639C8A8A
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800002\4FABEC8A.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800002\4FABEC8A.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800002\4FABEC8A.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800003\4FABEC96.VBN=>(Quarantine-PE)
Detected with: Dialer.Generic.38047
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800003\4FABEC96.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800003\4FABEC96.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800003\4FABEC96.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800005\4FABECAF.VBN=>(Quarantine-PE)
Detected with: Dialer.Generic.38047
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800005\4FABECAF.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800005\4FABECAF.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800005\4FABECAF.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800006\4FABECBB.VBN=>(Quarantine-PE)
Detected with: Dialer.Generic.38047
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800006\4FABECBB.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800006\4FABECBB.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800006\4FABECBB.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800007\4FABECC7.VBN=>(Quarantine-PE)
Detected with: Dialer.Generic.38047
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800007\4FABECC7.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800007\4FABECC7.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06800007\4FABECC7.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000B\4FABECFE.VBN=>(Quarantine-PE)
Detected with: Dialer.Generic.38047
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000B\4FABECFE.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000B\4FABECFE.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000B\4FABECFE.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000D\4FABED1B.VBN=>(Quarantine-PE)
Infected with: Trojan.Delf.Inject.Z
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000D\4FABED1B.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000D\4FABED1B.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0680000D\4FABED1B.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09B40000\49BCA725.VBN=>(Quarantine-PE)
Infected with: Trojan.Peed.Gen
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09B40000\49BCA725.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09B40000\49BCA725.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09B40000\49BCA725.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09CC0000\49CF0D62.VBN=>(Quarantine-PE)
Infected with: Trojan.Peed.Gen
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09CC0000\49CF0D62.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09CC0000\49CF0D62.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09CC0000\49CF0D62.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4BAD14B9.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4BAD14B9.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4BAD14B9.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000\4BEEEBB6.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000\4BEEEBB6.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000\4BEEEBB6.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001\4BEEEBC9.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001\4BEEEBC9.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001\4BEEEBC9.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480000\4BE9941E.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480000\4BE9941E.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480000\4BE9941E.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480001\4BE9A2E4.VBN=>(Quarantine-PE)
Infected with: Trojan.Delf.Inject.Z
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480001\4BE9A2E4.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480001\4BE9A2E4.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480001\4BE9A2E4.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B600000\4BF74944.VBN=>(Quarantine-PE)
Infected with: Trojan.Peed.Gen
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B600000\4BF74944.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B600000\4BF74944.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B600000\4BF74944.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B680000\4BEBACE3.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B680000\4BEBACE3.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B680000\4BEBACE3.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC40000\4BEFBD3C.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC40000\4BEFBD3C.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC40000\4BEFBD3C.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000\4BFF0495.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000\4BFF0495.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000\4BFF0495.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040000\4DAFA881.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040000\4DAFA881.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040000\4DAFA881.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040001\4DAFA88C.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040001\4DAFA88C.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040001\4DAFA88C.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040002\4DAFA894.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040002\4DAFA894.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040002\4DAFA894.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040003\4DAFA89C.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040003\4DAFA89C.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040003\4DAFA89C.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D1C0000\4DBF226B.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D1C0000\4DBF226B.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D1C0000\4DBF226B.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D200000\4DA91875.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D200000\4DA91875.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D200000\4DA91875.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000\4DF916B5.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000\4DF916B5.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000\4DF916B5.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0000\4DAE65E1.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0000\4DAE65E1.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0000\4DAE65E1.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF00000\4DF922C7.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF00000\4DF922C7.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF00000\4DF922C7.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140000\4FBD178A.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140000\4FBD178A.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140000\4FBD178A.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0000\4FBD1105.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0000\4FBD1105.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0000\4FBD1105.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0001\4FBD1118.VBN=>(Quarantine-PE)
Infected with: Trojan.Delf.Inject.Z
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0001\4FBD1118.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0001\4FBD1118.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0001\4FBD1118.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0000\4FEFA7AB.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0000\4FEFA7AB.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0000\4FEFA7AB.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0001\4FEFA7B7.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0001\4FEFA7B7.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0001\4FEFA7B7.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0002\4FEFA7C2.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0002\4FEFA7C2.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0002\4FEFA7C2.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0003\4FEFA7CA.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0003\4FEFA7CA.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0003\4FEFA7CA.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0004\4FEFA7D4.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0004\4FEFA7D4.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E6C0004\4FEFA7D4.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940009\4FBD1D80.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940009\4FBD1D80.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940009\4FBD1D80.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000A\4FBD1D86.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000A\4FBD1D86.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000A\4FBD1D86.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000B\4FBD1D8D.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000B\4FBD1D8D.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000B\4FBD1D8D.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000C\4FBD1D93.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000C\4FBD1D93.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000C\4FBD1D93.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000D\4FBD1D9A.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000D\4FBD1D9A.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000D\4FBD1D9A.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000E\4FBD1DA0.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000E\4FBD1DA0.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000E\4FBD1DA0.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000F\4FBD1DA7.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000F\4FBD1DA7.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000F\4FBD1DA7.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940010\4FBD1DAD.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940010\4FBD1DAD.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940010\4FBD1DAD.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940011\4FBD1DB4.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940011\4FBD1DB4.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940011\4FBD1DB4.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940014\4FBD210C.VBN=>(Quarantine-PE)
Infected with: Trojan.Delf.Inject.Z
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940014\4FBD210C.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940014\4FBD210C.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940014\4FBD210C.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940015\4FBD2156.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940015\4FBD2156.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940015\4FBD2156.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00000\4FFB8FA3.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00000\4FFB8FA3.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00000\4FFB8FA3.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F0C0000\4FAF9652.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F0C0000\4FAF9652.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F0C0000\4FAF9652.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F4C0000\4FEF878E.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F4C0000\4FEF878E.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F4C0000\4FEF878E.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F940000\4FBF94E6.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F940000\4FBF94E6.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F940000\4FBF94E6.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FB80000\4FBBADFE.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FB80000\4FBBADFE.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FB80000\4FBBADFE.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40000\4FFFAD7E.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40000\4FFFAD7E.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40000\4FFFAD7E.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40001\4FFFAF02.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40001\4FFFAF02.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40001\4FFFAF02.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FFC0000\4FFFAF9D.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FFC0000\4FFFAF9D.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FFC0000\4FFFAF9D.VBN
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FFC0001\4FFFB43D.VBN=>(Quarantine-PE)
Infected with: Rootkit.13214
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FFC0001\4FFFB43D.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FFC0001\4FFFB43D.VBN
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001128.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001128.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001128.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001156.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001156.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001156.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001162.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001162.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001162.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001168.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001168.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001168.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001174.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001174.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001174.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001180.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001180.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001180.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001186.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001186.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP13\A0001186.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001193.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001193.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001193.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001199.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001199.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001199.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001205.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001205.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0001205.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0002205.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0002205.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0002205.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0002511.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0002511.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP14\A0002511.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP16\A0002527.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP16\A0002527.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP16\A0002527.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP16\A0002537.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP16\A0002537.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP16\A0002537.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP17\A0003537.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP17\A0003537.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP17\A0003537.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP19\A0006706.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP19\A0006706.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP19\A0006706.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP20\A0006863.sam
Infected with: Trojan.QHosts.ASH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP20\A0006863.sam
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP20\A0006863.sam
Deleted
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007139.exe
Infected with: Win32.Worm.Slenfbot.CH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007139.exe
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007139.exe
Delete failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007141.exe
Infected with: Win32.Worm.Slenfbot.CH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007141.exe
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007141.exe
Delete failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007145.exe
Infected with: Win32.Worm.Slenfbot.CH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007145.exe
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007145.exe
Delete failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007147.exe
Infected with: Win32.Worm.Slenfbot.CH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007147.exe
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP22\A0007147.exe
Delete failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP23\A0007201.exe
Infected with: Win32.Worm.Slenfbot.CH
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP23\A0007201.exe
Disinfection failed
C:\System Volume Information\_restore{67430B2F-5566-4159-AFD4-3C4780873B3F}\RP23\A0007201.exe
Delete failed
C:\WINDOWS\system32\drivers\etc\hosts.sam
Infected with: Trojan.QHosts.ASH
C:\WINDOWS\system32\drivers\etc\hosts.sam
Disinfection failed
C:\WINDOWS\system32\drivers\etc\hosts.sam
Deleted
ok
vire ce qui est en quarantaine dans norton
__________________
Désactive ta restauration systeme puis redemarre ton ordi puis réactive là comme ceci:
https://www.informatruc.com
____________________
encore des soucis?
vire ce qui est en quarantaine dans norton
__________________
Désactive ta restauration systeme puis redemarre ton ordi puis réactive là comme ceci:
https://www.informatruc.com
____________________
encore des soucis?
BitDefender Online Scanner - Real Time Virus Report
Generated at: Mon, Mar 02, 2009 - 23:22:20
Scan Info
Scanned Files
341705
Infected Files
0
Virus Detected
No virus found.
Bien, je crois que le problème est résolu ...
Mille fois merci, je ne sais comment te remercier .. peut être si tu passes à Lyon un de ces quatre, je serai ravi de partager un petit apéro dinatoire : voici mon mail : gilles_cros@hotmail.com
A+
Generated at: Mon, Mar 02, 2009 - 23:22:20
Scan Info
Scanned Files
341705
Infected Files
0
Virus Detected
No virus found.
Bien, je crois que le problème est résolu ...
Mille fois merci, je ne sais comment te remercier .. peut être si tu passes à Lyon un de ces quatre, je serai ravi de partager un petit apéro dinatoire : voici mon mail : gilles_cros@hotmail.com
A+
parfait pour virer ce dont tu n'as plus besoin:
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
ps : pas besoin de m´envoyer le rapport si tout a été supprimé
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
ps : pas besoin de m´envoyer le rapport si tout a été supprimé
Voici les rapports :
SDFIX :
[b]SDFix: Version 1.240 [/b]
Run by benedicte on 02/03/2009 at 12:53
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\734.exe - Deleted
C:\WINDOWS\system32\msvcrt2.dll - Deleted
C:\WINDOWS\system32\system.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 13:02:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\system.exe"="C:\\WINDOWS\\system32\\system.exe:*:Enabled:Mozillacorp"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sat 22 Sep 2007 4,348 A.SH. --- "C:\Documents and Settings\benedicte\Bureau\recup disque portable\partition 1\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 8 Jan 2007 0 A.SH. --- "C:\Documents and Settings\benedicte\Bureau\recup disque portable\partition 1\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 31 Oct 2006 69,120 A..H. --- "C:\Documents and Settings\benedicte\Bureau\recup disque portable\partition 2\B‚n‚dicte\EMPLOI 2006\emploi\Candidatures spontan‚es\~WRL0496.tmp"
Tue 31 Oct 2006 278,016 A..H. --- "C:\Documents and Settings\benedicte\Bureau\recup disque portable\partition 1\Documents and Settings\bene\Application Data\Microsoft\Word\~WRL0307.tmp"
Thu 2 Oct 2008 92,160 A..H. --- "C:\Documents and Settings\benedicte\Bureau\recup disque portable\partition 1\Documents and Settings\bene\Application Data\Microsoft\Word\~WRL3742.tmp"
[b]Finished![/b]
LOG
Logfile of random's system information tool 1.05 (written by random/random)
Run by benedicte at 2009-03-02 13:14:47
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 182 GB (62%) free of 295 GB
Total RAM: 511 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:03, on 02/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Defenza\pcd-as.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\benedicte\Bureau\RSIT.exe
C:\Program Files\trend micro\benedicte.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\system.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe