rapport malwarebytes Résolu

Question

Bonjour,
voici le rapport malwarebytes :
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1882
Windows 5.1.2600 Service Pack 2

21/03/2009 13:56:27
mbam-log-2009-03-21 (13-56-25).txt

Type de recherche: Examen rapide
Eléments examinés: 89965
Temps écoulé: 49 minute(s), 24 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 54
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 330

Processus mémoire infecté(s):
C:\WINDOWS\Temp\BN4F.tmp (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\Temp\epz51.tmp (Backdoor.Bot) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\yiyizesa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ahjspezp.dll (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\system32\gtuyqke32.dll (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\system32\rzzait.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gtuyqke.dll (Trojan.Fakealert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a81e45f8-284c-40ba-97fb-86cd890b99ad} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a81e45f8-284c-40ba-97fb-86cd890b99ad} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ahjspezp (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gtuyqke (Trojan.Fakealert) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{515a492c-64eb-4dad-ac83-4a2a19ac815f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\slidershow.slidershowctrl (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{96edcf67-4637-4288-9a0d-4282ebf26d62} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{13e3ff74-b861-4e69-b223-43d711686832} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de85a67a-3f04-4aba-a10b-a37b220afb70} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3794345d-c731-4fbb-8471-73ddc8dffdd2} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e2402a0-5f99-4188-b30d-d8743996b340} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5e2402a0-5f99-4188-b30d-d8743996b340} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e2402a0-5f99-4188-b30d-d8743996b340} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\slidershow.slidershowctrl.1 (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati3ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati3ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati3ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati3ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati4ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati4ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati4ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati4ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati5svxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati5svxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati5svxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati5svxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckytender (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nup (Rootkit.SpamTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sewivayuva (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nidle (Virus.Virut) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yiyizesa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yiyizesa.dll  -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yiyizesa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Vundo.H) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Vundo.H) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efccuvnm  -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\nidle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\m (Trojan.Agent) -> Delete on reboot.
C:\Program Files\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\LuckyTender (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\Program Files\LuckyTender\1.3.1 (Adware.LuckyTender) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\dscsheua.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\auehscsd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fispnhru.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urhnpsif.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fkrasafk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kfasarkf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ghihbaog.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\goabhihg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hbhkpqem.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meqpkhbh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hbtppgjs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sjgpptbh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hfywfxvn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvxfwyfh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hqawclto.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otlcwaqh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imagtxbk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbxtgami.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lirsjgws.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\swgjsril.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwwpqcgm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mgcqpwwm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ofyudevb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bveduyfo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reglgvsc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csvglger.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sktvsonx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xnosvtks.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\suqtlglh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hlgltqus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tayreojk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kjoeryat.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbtelupt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpuletbv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vryoxvft.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfvxoyrv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xguwwtle.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eltwwugx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtesnwrl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lrwnsetx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zujepalu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sodikoji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\31146692.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\46788388.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\57280112.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yiyizesa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ahjspezp.dll (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\system32\gtuyqke32.dll (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\Temp\BN4F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rzzait.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\Temp\epz51.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gtuyqke.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmon.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\services.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\LuckyTender\1.3.1\LuckyTender.dll (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\WINDOWS\instsp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahjspezp32.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCuVnM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gimemula.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\miluduri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\totanozi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kvoujget.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvUNdCr.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\systemntmi.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati3ehxx.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati4ehxx.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati5svxx.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati6dgxx.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\nup.sys (Rootkit.SpamTool) -> Quarantined and deleted successfully.
C:\cxfagn.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\desae.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\flirxnj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\itamcndf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\jttgds.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ujbptob.exe (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\userinit.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\BN6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\oqu7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\rfv8.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\BNB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\sanD.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\IXP003.TMP\EROIGN~1.EXE (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1094991843exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1294428211exe. 1372 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1692125440exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1766846932exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1817359968exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1886590610exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2070791974exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\316752exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\371961032exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\763647696exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\809754593exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\939979307exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\974286259exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\afb45.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ahb42.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ald43.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hns23.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hnt4B.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\htx4D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hws33.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hxu2C.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iaq24.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\idlF.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ifv34.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ipt21.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iro12.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\itt44.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iuc49.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jax48.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jbc8.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jdw3E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jhhA.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jur10.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jxj1E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kpw2D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\krf19.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kvwA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lzu23.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mgi22.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN20.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN21.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN22.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN23.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN24.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN25.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN26.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN27.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN29.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN30.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN31.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\smk3D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sqo1E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\svf34.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tej49.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tgr9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tjoB.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tobF.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\toe13.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tqrF.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ttw44.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ucb7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ugr1A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\urm17.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BND.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bnf25.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\brm15.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\byc4F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bzm3C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cat15.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cbl4C.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cfb18.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cie2C.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cmb36.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\csxA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dhn19.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dklB.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dnq4A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ecs43.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\emnE.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eru28.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fiv36.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fmz25.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fyn3D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fzc3B.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gko27.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gtp15.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\njw26.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nobE.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nve3A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nwt1E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nxe4E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oea1A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ono40.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\opz35.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\osf26.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\osu2C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pbo4A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pdk35.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pec39.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pey2A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ptu3F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qad20.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qha27.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qmk1D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qoa16.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qxaD.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rgf38.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\riy1B.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sab22.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ayg32.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN32.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hcf8.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\moq4.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uug10.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN33.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN34.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN35.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN36.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN37.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN38.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN39.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN40.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN41.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN42.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN43.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN44.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN45.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN46.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN47.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN48.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN49.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN50.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vgi2F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\viy47.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vje35.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vjg3E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vtx46.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wet2E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wiy52.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wln30.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xab39.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xbzB.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xms3F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xzh6.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ycq16.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ykl2F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ynv42.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yzw2E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\zdk4E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\zhw14.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\zxr41.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\azk3F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bfc1F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN10.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN11.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN12.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN13.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN14.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN15.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN16.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN17.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN18.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN19.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\{0d39b496-0b8a-4dde-94f5-ebe19f923e50} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\{5c255c8a-e604-49b4-9d64-90988571cecb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\CPIF0T2N\installl[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\CPIF0T2N\nyfa32[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\J6FX9KF7\nyfa32[43].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\J6FX9KF7\nyfa32[44].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\1130115.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\1255104.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\1798936.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\1871871.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\350013.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\375009.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\400275.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\408797.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\492337.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\494080.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\496574.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\540186.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\599892.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\605390.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\614763.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\655332.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\714527.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\753132.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\755856.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\856201.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\880866.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\nidle\nidle.exe9ku (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\LuckyTender\uninst.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rs32net.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twex.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN28.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vokowena.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnliFuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\restore.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Destrio5 · Accepted Answer

Salut,

Tu collectionnes les infections ?

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

loloetseb · Answer

Jamais vu autant d'infection sur un rapport Mbam

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau. 

-> http://images.malwareremoval.com/random/RSIT.exe 

! Déconnecte toi et ferme toutes tes applications en cours ! 

Double-clique sur " RSIT.exe " pour le lancer . 

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " . 

* Devant l'option "List files/folders created ..." , tu choisis : 2 months 

* clique ensuite sur " Continue " pour lancer l'analyse ... 


-> laisse faire le scan et ne touche pas au PC ... 


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note). 

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ... 

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum 


( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

lilounet · Answer

voici le rapport info.txt :
info.txt logfile of random's system information tool 1.06 2009-03-21 14:11:51

======Uninstall list======

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->D:\Program Files\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe MPEG Encoder-->MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe Premiere 6.0-->C:\WINDOWS\UNIN040C.EXE -f"d:\adobe 6.0\DeIsL1.isu" -c"d:\adobe 6.0\Uninst.dll"
Adobe Premiere 6.5-->C:\WINDOWS\UNIN040C.EXE -f"d:\program files\DeIsL1.isu" -c"d:\program files\Uninst.dll"
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Advanced RealMedia Export Plug-in for Premiere 6.0-->d:\adobe 6.0\Plug-ins\RNCompilernuninst.exe RealNetworks|RNCompiler|6.0
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c 
Ask Toolbar-->rundll32 C:\PROGRA~1\AskTBar\bar\2.bin\AskTBar.dll,O 
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Blancco - File Shredder-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{BED24E2B-C79C-4948-863F-D211FD6088AA}\Blancco_File_Shredder.exe" REMOVE=TRUE MODIFY=FALSE
Blancco - File Shredder-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{BED24E2B-C79C-4948-863F-D211FD6088AA}\Blancco_File_Shredder.exe
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x000c
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
eMule Plus 1.2d-->"D:\eMule\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FeedReader-->"C:\Program Files\FeedReader30\unins000.exe"
Free Mp3 Wma Converter V 1.7.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
FUJIFILM FinePixViewer S Ver.2.1-->C:\Program Files\InstallShield Installation Information\{88B32652-CAE0-4909-A463-5840D2689D93}\SETUP.EXE -runfromtemp -l0x040c -removeonly
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LaCie Backup Software v1.5.2378-->MsiExec.exe /I{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}
Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c 
Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 7 Ultra Edition-->MsiExec.exe /X{847CAE64-4CD2-4B2D-AF00-978FF5431036}
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="8M01-20CX-4294-TL10-U4U0-UKE2-MMT7-AHWX"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Premium Booster-->C:\Program Files\Premium Booster\Uninstall Premium Booster.exe
Programme de gestion Camera de Logitech®-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QUAD Registry Cleaner v.1.5.67-->C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly
Registry Easy v4.9-->"C:\Program Files\Registry Easy\unins000.exe"
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
TC Native Essentials 2.02-->C:\PROGRA~1\TCWorks\TCNATI~1\UninstallTCEssentials.exe C:\PROGRA~1\TCWorks\TCNATI~1\INSTALL.LOG
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VirtuaGirl HD-->C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Start Menu\Programs\VirtuaGirl HD\uninstall.lnk
VLC media player 0.9.6-->D:\VLC\uninstall.exe
Win AVI HelixSDK-->"D:\WinAVI Video Converter\HelixSDK\unins000.exe"
WinAVI Video Converter 8.0-->"D:\WinAVI Video Converter\unins000.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: Kaspersky Anti-Virus (disabled)

======System event log======

Computer Name: LILOUNET-MJIZK9
Event Code: 7001
Message: The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 4924
Source Name: Service Control Manager
Time Written: 20090319090126.000000-480
Event Type: error
User: 

Computer Name: LILOUNET-MJIZK9
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the ICF service to connect.

Record Number: 4923
Source Name: Service Control Manager
Time Written: 20090319090126.000000-480
Event Type: error
User: 

Computer Name: LILOUNET-MJIZK9
Event Code: 10010
Message: The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register with DCOM within the required timeout.

Record Number: 4905
Source Name: DCOM
Time Written: 20090319075253.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 10010
Message: The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register with DCOM within the required timeout.

Record Number: 4904
Source Name: DCOM
Time Written: 20090319075145.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 10010
Message: The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register with DCOM within the required timeout.

Record Number: 4903
Source Name: DCOM
Time Written: 20090319074821.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: LILOUNET-MJIZK9
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 42
Source Name: WinMgmt
Time Written: 20090124082642.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 41
Source Name: WinMgmt
Time Written: 20090124082637.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 40
Source Name: WinMgmt
Time Written: 20090124082637.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 1000
Message: Faulting application rundll32.exe, version 5.1.2600.2180, faulting module , version 0.0.0.0, fault address 0x00000000.

Record Number: 7
Source Name: Application Error
Time Written: 20090123054630.000000-480
Event Type: error
User: 

Computer Name: LILOUNET-MJIZK9
Event Code: 1002
Message: Hanging application emule.exe, version 0.49.1.27, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3
Source Name: Application Hang
Time Written: 20090123051820.000000-480
Event Type: error
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=DSREPAIR

-----------------EOF-----------------

lilounet · Answer

et le rapport log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by lilou at 2009-03-21 14:20:26
Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (45%) free of 32 GB
Total RAM: 510 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:35, on 18/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
D:\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Hotbar\bin\10.2.232.0\Weather.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Desktop\RSIT.exe
C:\Program Files	rend micro\lilou.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\LaCieBackup.exe /background
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\10.2.232.0\Weather.exe" -auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher S.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

gen-hackman · Answer

bonsoir c'est bien ca dresse toute la liste de l'infection Vundo (les dlls , les fichiers .ini.....etc.....)

:)

Destrio5 · Answer

Olala...

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

loloetseb · Answer

T'as vu genhackman,je t'ai pas mis le lien pour rien.J'ai jamais vu autant d'infection sur un rapport mbam.Bon Destrio,je te laisse le topic.Bon combofix

loloetseb · Answer

ah ben faut en fermer 2 alors

loloetseb · Answer

tu fermes les deux autres nathandre

Destrio5 · Answer

Le rapport est trop long, upload-le sur MediaFire :
http://www.commentcamarche.net/faq/sujet 16106 uploader un fichier sur mediafir

gen-hackman · Answer

:)

Destrio5 · Answer

Le lien est bloqué, envoie-le moi en mp.

loloetseb · Answer

Mp : message privé.Tu cliques sur le pseudo de destrio et tu lui envoies en message privé

Destrio5 · Answer

J'ai bien reçu le rapport.

---> Fais analyser ce fichier : c:\windows\explorer.exe

---> Sur VirusTotal et poste le lien de l'analyse.

Destrio5 · Answer

Regarde si tu as un explorer.exe dans le dossier suivant : c:\windows\ServicePackFiles\i386\

Destrio5 · Answer

https://astwinds.pagesperso-orange.fr/astuces/fichiers_caches.html

Destrio5 · Answer

---> Télécharge SDFix (créé par AndyManchesta) sur ton Bureau.
- Double-clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. 
- Redémarre ton ordinateur en mode sans échec.

---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.

---> Déroule la liste des instructions ci-dessous :
- Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer le script.
- Appuie sur Y pour commencer le processus de nettoyage.
- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
- Appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
- Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
- Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.

Destrio5 · Answer

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Choisis 3 months, clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Destrio5 · Answer

--> Télécharge Lop S&D (par Eric_71 & Angeldark) sur ton Bureau.

--> Double-clique dessus pour lancer l'installation.

--> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur)

--> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).

--> Patiente jusqu'à la fin du scan.

--> Poste le rapport généré (C:\lopR.txt).

Destrio5 · Answer

--> Double-clique sur le raccourci de Lop S&D pour le lancer.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur) 

--> Choisis cette fois-ci l'option 2 (Suppression).

--> Ne ferme pas la fenêtre lors de la suppression !

--> Poste le rapport généré (C:\lopR.txt).

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Destrio5 · Answer

--> Télécharge FindyKill (par Chiquitine29) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 1 (Recherche).

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Destrio5 · Answer

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 2 (Suppression).

/!\ Il y aura un redémarrage, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

gen-hackman · Answer

:)

Destrio5 · Answer

---> Désinstalle FindyKill.

---> Refais un scan RSIT avec l'option 3 months et poste le rapport log.

Destrio5 · Answer

---> Fais analyser ce fichier : C:\WINDOWS\system32\print.dll     

---> Sur VirusTotal et poste le lien de l'analyse.

gen-hackman · Answer

cadeau Destrio bonsoir

Destrio5 · Answer

Ok, fais pareil pour ces fichiers : 
- C:\WINDOWS\system32\progman.dll
- C:\WINDOWS\system32\mstinit.dll

Destrio5 · Answer

/!\ Seul lilounet30 peut suivre cette procédure. /!\


1/

---> Ouvre le Bloc-notes.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :







KillAll::

File::
C:\WINDOWS\system32
ozutiki.dll        
C:\WINDOWS\system32
eyikine.dll        
C:\WINDOWS\system32
ehalofu.dll        
C:\WINDOWS\system32\mofelise.dll      
C:\WINDOWS\system32\howiduga.dll      
C:\WINDOWS\system32\dudumese.dll     
C:\WINDOWS\system32\dahurawa.dll   
C:\WINDOWS\system32\gohnkfqb.dll   
C:\WINDOWS\system32\2f2d971c-.txt  
C:\WINDOWS\system32\honjflnd.dll  
C:\WINDOWS\SET11A.tmp     
C:\WINDOWS\SET10E.tmp     
C:\WINDOWS\SET10B.tmp  
C:\WINDOWS\SET11B.tmp     
C:\WINDOWS\SET10F.tmp     
C:\WINDOWS\SET10C.tmp     
C:\WINDOWS	jbzuwli.exe     
C:\WINDOWS\system32\wm16tokl.dll     
C:\WINDOWS\system32\sys16u.dll     
C:\WINDOWS\jrfbwsrf.exe           
C:\WINDOWS\system32\BIT65.tmp 
C:\WINDOWS\system32\wagegeda.dll 

Folder::
C:\Program Files\AskTBar
C:\Program Files\Registry Easy 







--> Colle la sélection dans le Bloc-notes.

--> Enregistre ce fichier sur le Bureau (Impératif).

--> Nom du fichier : CFScript
--> Type du fichier : tous les fichiers
--> Clique sur Enregistrer.
--> Quitte le Bloc-notes.


2/

--> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

--> Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

--> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

--> Une fois le scan achevé, un rapport va s'afficher : poste-le.

--> Si le fichier ne s'ouvre pas, il se trouve ici C:\Combofix.txt

Destrio5 · Answer

Tu as un CD d'XP ?

Destrio5 · Answer

J'ai une autre idée, installe le SP3 :
https://www.clubic.com/telecharger-fiche242026-windows-xp-service-pack-3.html

Destrio5 · Answer

http://www.microsoft.com/downloads/details.aspx?FamilyId=2FCDE6CE-B5FB-4488-8C50-FE22559D164E&displaylang=en

Destrio5 · Answer

C'est un fichier ISO pour faire un CD mais tu peux l'extraire avec WinRar pour avoir l'exécutable.

Destrio5 · Answer

Voici le fichier explorer.exe :
http://sd-1.archive-host.com/membres/up/3288717712384394/explorer.exe

Remplace celui qui se trouve dans C:\Windows\

Destrio5 · Answer

http://www.commentcamarche.net/faq/sujet 5120 installation de windows xp

Destrio5 · Answer

http://www.commentcamarche.net/faq/sujet 15947 sauver vos documents d un windows mort avec un cd live linux

Destrio5 · Answer

Oui, il faudrait sauvegarder tous tes documents sur un disque dur externe par exemple puis formater et réinstaller Windows proprement.

Destrio5 · Answer

Oui pour tes infections.

gen-hackman · Answer

bonjour a tous

Oui pour tes infections = sauf Virut.

Rapport malwarebytes

38 réponses

Votre réponse

Discussions similaires

Newsletters