Sujet Précédent Sujet Suivant

Rapport malwarebytes

Résolu
lilounet -  
 Utilisateur anonyme -
Bonjour,
voici le rapport malwarebytes :
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1882
Windows 5.1.2600 Service Pack 2

21/03/2009 13:56:27
mbam-log-2009-03-21 (13-56-25).txt

Type de recherche: Examen rapide
Eléments examinés: 89965
Temps écoulé: 49 minute(s), 24 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 54
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 330

Processus mémoire infecté(s):
C:\WINDOWS\Temp\BN4F.tmp (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\Temp\epz51.tmp (Backdoor.Bot) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\yiyizesa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ahjspezp.dll (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\system32\gtuyqke32.dll (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\system32\rzzait.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gtuyqke.dll (Trojan.Fakealert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a81e45f8-284c-40ba-97fb-86cd890b99ad} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a81e45f8-284c-40ba-97fb-86cd890b99ad} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ahjspezp (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gtuyqke (Trojan.Fakealert) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{515a492c-64eb-4dad-ac83-4a2a19ac815f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\slidershow.slidershowctrl (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{96edcf67-4637-4288-9a0d-4282ebf26d62} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{13e3ff74-b861-4e69-b223-43d711686832} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de85a67a-3f04-4aba-a10b-a37b220afb70} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3794345d-c731-4fbb-8471-73ddc8dffdd2} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e2402a0-5f99-4188-b30d-d8743996b340} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5e2402a0-5f99-4188-b30d-d8743996b340} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e2402a0-5f99-4188-b30d-d8743996b340} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\slidershow.slidershowctrl.1 (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati3ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati3ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati3ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati3ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati4ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati4ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati4ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati4ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati5svxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati5svxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati5svxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati5svxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckytender (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nup (Rootkit.SpamTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sewivayuva (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nidle (Virus.Virut) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yiyizesa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yiyizesa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yiyizesa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Vundo.H) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Vundo.H) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efccuvnm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\nidle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\m (Trojan.Agent) -> Delete on reboot.
C:\Program Files\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\LuckyTender (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\Program Files\LuckyTender\1.3.1 (Adware.LuckyTender) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\dscsheua.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\auehscsd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fispnhru.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urhnpsif.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fkrasafk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kfasarkf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ghihbaog.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\goabhihg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hbhkpqem.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meqpkhbh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hbtppgjs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sjgpptbh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hfywfxvn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvxfwyfh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hqawclto.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otlcwaqh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imagtxbk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbxtgami.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lirsjgws.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\swgjsril.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwwpqcgm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mgcqpwwm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ofyudevb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bveduyfo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reglgvsc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csvglger.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sktvsonx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xnosvtks.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\suqtlglh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hlgltqus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tayreojk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kjoeryat.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbtelupt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpuletbv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vryoxvft.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfvxoyrv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xguwwtle.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eltwwugx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtesnwrl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lrwnsetx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zujepalu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sodikoji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\31146692.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\46788388.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\57280112.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yiyizesa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ahjspezp.dll (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\system32\gtuyqke32.dll (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\Temp\BN4F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rzzait.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\Temp\epz51.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gtuyqke.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmon.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\services.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\LuckyTender\1.3.1\LuckyTender.dll (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\WINDOWS\instsp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahjspezp32.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCuVnM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gimemula.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\miluduri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\totanozi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kvoujget.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvUNdCr.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\systemntmi.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati3ehxx.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati4ehxx.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati5svxx.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati6dgxx.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\nup.sys (Rootkit.SpamTool) -> Quarantined and deleted successfully.
C:\cxfagn.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\desae.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\flirxnj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\itamcndf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\jttgds.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ujbptob.exe (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\userinit.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\BN6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\oqu7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\rfv8.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\BNB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\sanD.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\IXP003.TMP\EROIGN~1.EXE (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1094991843exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1294428211exe. 1372 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1692125440exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1766846932exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1817359968exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1886590610exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2070791974exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\316752exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\371961032exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\763647696exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\809754593exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\939979307exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\974286259exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\afb45.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ahb42.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ald43.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hns23.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hnt4B.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\htx4D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hws33.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hxu2C.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iaq24.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\idlF.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ifv34.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ipt21.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iro12.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\itt44.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iuc49.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jax48.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jbc8.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jdw3E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jhhA.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jur10.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jxj1E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kpw2D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\krf19.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kvwA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lzu23.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mgi22.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN20.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN21.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN22.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN23.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN24.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN25.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN26.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN27.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN29.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN30.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN31.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\smk3D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sqo1E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\svf34.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tej49.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tgr9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tjoB.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tobF.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\toe13.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tqrF.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ttw44.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ucb7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ugr1A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\urm17.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BND.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bnf25.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\brm15.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\byc4F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bzm3C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cat15.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cbl4C.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cfb18.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cie2C.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cmb36.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\csxA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dhn19.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dklB.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dnq4A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ecs43.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\emnE.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eru28.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fiv36.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fmz25.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fyn3D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fzc3B.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gko27.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gtp15.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\njw26.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nobE.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nve3A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nwt1E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nxe4E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oea1A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ono40.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\opz35.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\osf26.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\osu2C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pbo4A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pdk35.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pec39.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pey2A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ptu3F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qad20.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qha27.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qmk1D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qoa16.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qxaD.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rgf38.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\riy1B.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sab22.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ayg32.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN32.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hcf8.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\moq4.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uug10.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN33.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN34.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN35.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN36.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN37.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN38.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN39.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN40.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN41.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN42.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN43.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN44.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN45.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN46.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN47.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN48.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN49.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN50.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vgi2F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\viy47.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vje35.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vjg3E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vtx46.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wet2E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wiy52.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wln30.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xab39.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xbzB.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xms3F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xzh6.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ycq16.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ykl2F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ynv42.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yzw2E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\zdk4E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\zhw14.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\zxr41.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\azk3F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bfc1F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN10.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN11.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN12.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN13.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN14.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN15.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN16.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN17.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN18.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN19.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\{0d39b496-0b8a-4dde-94f5-ebe19f923e50} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\{5c255c8a-e604-49b4-9d64-90988571cecb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\CPIF0T2N\installl[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\CPIF0T2N\nyfa32[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\J6FX9KF7\nyfa32[43].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\J6FX9KF7\nyfa32[44].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\1130115.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\1255104.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\1798936.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\1871871.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\350013.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\375009.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\400275.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\408797.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\492337.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\494080.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\496574.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\540186.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\599892.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\605390.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\614763.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\655332.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\714527.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\753132.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\755856.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\856201.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\880866.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\nidle\nidle.exe9ku (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\LuckyTender\uninst.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rs32net.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twex.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN28.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vokowena.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnliFuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\restore.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
A voir également:

38 réponses

Précédent
  • 1
  • 2
Réponse 21 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
--> Télécharge FindyKill (par Chiquitine29) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 1 (Recherche).

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
0
lilounet30 Messages postés 20 Statut Membre
 
Rapport Findykill :


############################## [ FindyKill V4.720 ]

# User : lilou (Administrators) # LILOUNET-MJIZK9
# Update on 22/03/09 by Chiquitine29
# Start at: 15:11:45 | 22/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(TM) XP1700+
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : Kaspersky Anti-Virus 8.0.0.506 [ (!) Disabled | Updated ]

# A:\ # 3 1/2 Inch Floppy Drive
# C:\ # Local Fixed Disk # 31,48 Go (16,07 Go free) # NTFS
# D:\ # Local Fixed Disk # 76,32 Go (43,68 Go free) # NTFS
# E:\ # CD-ROM Disc
# F:\ # CD-ROM Disc # 583,25 Mo (0 Mo free) [New_Compilation] # CDFS

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
D:\iTunesHelper.exe
D:\3.0\Apps\apdproxy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers / Dossiers infectieux C:\ ]

Found ! - "C:\Avenger"

################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\system32 ]


################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\.. Application Data ... ]

Found ! - "C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\drivers"

################## [ Registre / Clés infectieuses ]

Found ! - HKEY_USERS\S-1-5-21-73586283-839522115-1343024091-1003\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_USERS\S-1-5-21-73586283-839522115-1343024091-1003\Software\Local AppWizard-Generated Applications\MsnMsgr
Found ! - HKEY_USERS\S-1-5-21-73586283-839522115-1343024091-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\MsnMsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA


################## [ Recherche dans supports amovibles]


# Contenu de l'autorun : F:\autorun.inf

[AutoRun]
open=setup.exe
icon=setup.exe,0

































# Presence des fichiers :

Found ! [23/08/2001 06:00][-r-------] - F:\autorun.inf

################## [ Registre / Mountpoint2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.720 ! ]
0
Réponse 22 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 2 (Suppression).

/!\ Il y aura un redémarrage, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
0
lilounet30 Messages postés 20 Statut Membre
 
Rapport Findykill apres suppression :


############################## [ FindyKill V4.720 ]

# User : lilou (Administrators) # LILOUNET-MJIZK9
# Update on 22/03/09 by Chiquitine29
# Start at: 15:35:27 | 22/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(TM) XP1700+
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : Kaspersky Anti-Virus 8.0.0.506 [ (!) Disabled | Updated ]

# A:\ # 3 1/2 Inch Floppy Drive
# C:\ # Local Fixed Disk # 31,48 Go (16,07 Go free) # NTFS
# D:\ # Local Fixed Disk # 76,32 Go (43,68 Go free) # NTFS
# E:\ # CD-ROM Disc
# F:\ # CD-ROM Disc # 583,25 Mo (0 Mo free) [New_Compilation] # CDFS

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\iTunesHelper.exe
D:\3.0\Apps\apdproxy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected Files / Folders C:\ ]

Deleted ! - "C:\Avenger\m\shared"
Deleted ! - "C:\Avenger\m"
Deleted ! - "C:\Avenger"

################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\system32 ]


################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\.. Application Data ... ]

Deleted ! - "C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\drivers"

################## [ Registry / Infected keys ]

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\MsnMsgr
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro

################## [ Cleaning Removable drives ]

# Deleting files :

Not deleted !! - F:\autorun.inf

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ Searching Other Infections ]

# -> Nothing found.

################## [ PEH Corrupted ]

C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgemc.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgrsx.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgtray.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgwdsvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\register.exe
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
C:\Program Files\MSN\MSNCoreFiles\update.exe
C:\Program Files\trend micro\hijackthis.exe
C:\Program Files\trend micro\lilou.exe

################## [ ! End of Report # FindyKill V4.720 ! ]
0
Réponse 23 / 38
Utilisateur anonyme
 
:)
0
Réponse 24 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Désinstalle FindyKill.

---> Refais un scan RSIT avec l'option 3 months et poste le rapport log.
0
lilounet30 Messages postés 20 Statut Membre
 
Rapport RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by lilou at 2009-03-22 16:05:30
Microsoft Windows XP Professional Service Pack 2
System drive C: has 17 GB (53%) free of 32 GB
Total RAM: 510 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:35, on 18/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
D:\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Hotbar\bin\10.2.232.0\Weather.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Desktop\RSIT.exe
C:\Program Files\trend micro\lilou.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\10.2.232.0\Weather.exe" -auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher S.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Fais analyser ce fichier : C:\WINDOWS\system32\print.dll

---> Sur VirusTotal et poste le lien de l'analyse.
0
lilounet30 Messages postés 20 Statut Membre
 
rapport virus total :


Fichier print.dll reçu le 2009.03.23 13:00:14 (CET)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.23 -
AhnLab-V3 5.0.0.2 2009.03.23 -
AntiVir 7.9.0.120 2009.03.23 -
Authentium 5.1.2.4 2009.03.23 -
Avast 4.8.1335.0 2009.03.23 -
AVG 8.5.0.283 2009.03.23 -
BitDefender 7.2 2009.03.23 -
CAT-QuickHeal 10.00 2009.03.23 -
ClamAV 0.94.1 2009.03.23 -
Comodo 1080 2009.03.22 -
DrWeb 4.44.0.09170 2009.03.23 -
eSafe 7.0.17.0 2009.03.23 -
eTrust-Vet 31.6.6412 2009.03.23 -
F-Prot 4.4.4.56 2009.03.23 -
F-Secure 8.0.14470.0 2009.03.23 -
Fortinet 3.117.0.0 2009.03.23 -
GData 19 2009.03.23 -
Ikarus T3.1.1.48.0 2009.03.23 -
K7AntiVirus 7.10.678 2009.03.21 -
Kaspersky 7.0.0.125 2009.03.23 -
McAfee 5561 2009.03.22 -
McAfee+Artemis 5561 2009.03.22 -
McAfee-GW-Edition 6.7.6 2009.03.23 -
Microsoft 1.4502 2009.03.23 -
NOD32 3953 2009.03.21 -
Norman 6.00.06 2009.03.20 -
nProtect 2009.1.8.0 2009.03.23 -
Panda 10.0.0.10 2009.03.22 -
PCTools 4.4.2.0 2009.03.23 -
Prevx1 V2 2009.03.23 -
Rising 21.22.02.00 2009.03.23 -
Sophos 4.39.0 2009.03.23 -
Sunbelt 3.2.1858.2 2009.03.22 -
Symantec 1.4.4.12 2009.03.23 -
TheHacker 6.3.3.4.287 2009.03.23 -
TrendMicro 8.700.0.1004 2009.03.23 -
VBA32 3.12.10.1 2009.03.23 -
ViRobot 2009.3.23.1660 2009.03.23 -
VirusBuster 4.6.5.0 2009.03.22 -
Information additionnelle
File size: 179200 bytes
MD5...: 8960a8fef0758cb0faf4d1636bba4f98
SHA1..: 3c453966b55050be7d7cd7a552856f19d4c39c05
SHA256: 8b2a9558db434ea39845b20faffd4ecf1366151791f61fc8822923483808f530
SHA512: 45f718870378195a3c143b28f6be6fc2226c2527b04ea42cbec5efd0708fc64f<br>173359151ceae7d6ffbe40b23bc95eb72be14a00d5a47b59ef2b6e8fb714897e
ssdeep: 3072:B1gzcWtzji4GzA8/NorVhWqzvddVTSBp7W4CmS3zwERsdl2RjO6u8kgDXvV<br>7:qtzjpxjrVhWMmBp7WpFxjO6u8bvV7<br>
PEiD..: -
TrID..: File type identification<br>DOS Executable Generic (100.0%)
PEInfo: -

Antivirus;Version;Dernière mise à jour;Résultat
a-squared;4.0.0.101;2009.03.23;-
AhnLab-V3;5.0.0.2;2009.03.23;-
AntiVir;7.9.0.120;2009.03.23;-
Authentium;5.1.2.4;2009.03.23;-
Avast;4.8.1335.0;2009.03.23;-
AVG;8.5.0.283;2009.03.23;-
BitDefender;7.2;2009.03.23;-
CAT-QuickHeal;10.00;2009.03.23;-
ClamAV;0.94.1;2009.03.23;-
Comodo;1080;2009.03.22;-
DrWeb;4.44.0.09170;2009.03.23;-
eSafe;7.0.17.0;2009.03.23;-
eTrust-Vet;31.6.6412;2009.03.23;-
F-Prot;4.4.4.56;2009.03.23;-
F-Secure;8.0.14470.0;2009.03.23;-
Fortinet;3.117.0.0;2009.03.23;-
GData;19;2009.03.23;-
Ikarus;T3.1.1.48.0;2009.03.23;-
K7AntiVirus;7.10.678;2009.03.21;-
Kaspersky;7.0.0.125;2009.03.23;-
McAfee;5561;2009.03.22;-
McAfee+Artemis;5561;2009.03.22;-
McAfee-GW-Edition;6.7.6;2009.03.23;-
Microsoft;1.4502;2009.03.23;-
NOD32;3953;2009.03.21;-
Norman;6.00.06;2009.03.20;-
nProtect;2009.1.8.0;2009.03.23;-
Panda;10.0.0.10;2009.03.22;-
PCTools;4.4.2.0;2009.03.23;-
Prevx1;V2;2009.03.23;-
Rising;21.22.02.00;2009.03.23;-
Sophos;4.39.0;2009.03.23;-
Sunbelt;3.2.1858.2;2009.03.22;-
Symantec;1.4.4.12;2009.03.23;-
TheHacker;6.3.3.4.287;2009.03.23;-
TrendMicro;8.700.0.1004;2009.03.23;-
VBA32;3.12.10.1;2009.03.23;-
ViRobot;2009.3.23.1660;2009.03.23;-
VirusBuster;4.6.5.0;2009.03.22;-

Information additionnelle
File size: 179200 bytes
MD5...: 8960a8fef0758cb0faf4d1636bba4f98
SHA1..: 3c453966b55050be7d7cd7a552856f19d4c39c05
SHA256: 8b2a9558db434ea39845b20faffd4ecf1366151791f61fc8822923483808f530
SHA512: 45f718870378195a3c143b28f6be6fc2226c2527b04ea42cbec5efd0708fc64f<br>173359151ceae7d6ffbe40b23bc95eb72be14a00d5a47b59ef2b6e8fb714897e
ssdeep: 3072:B1gzcWtzji4GzA8/NorVhWqzvddVTSBp7W4CmS3zwERsdl2RjO6u8kgDXvV<br>7:qtzjpxjrVhWMmBp7WpFxjO6u8bvV7<br>
PEiD..: -
TrID..: File type identification<br>DOS Executable Generic (100.0%)
PEInfo: -
0
Réponse 26 / 38
Utilisateur anonyme
 
cadeau Destrio bonsoir
0
Réponse 27 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ok, fais pareil pour ces fichiers :
- C:\WINDOWS\system32\progman.dll
- C:\WINDOWS\system32\mstinit.dll
0
lilounet30 Messages postés 20 Statut Membre
 
Rapport C:\WINDOWS\system32\progman.dll :


Fichier progman.dll reçu le 2009.03.23 13:13:05 (CET)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.23 -
AhnLab-V3 5.0.0.2 2009.03.23 -
AntiVir 7.9.0.120 2009.03.23 -
Authentium 5.1.2.4 2009.03.23 -
Avast 4.8.1335.0 2009.03.23 -
AVG 8.5.0.283 2009.03.23 -
BitDefender 7.2 2009.03.23 -
CAT-QuickHeal 10.00 2009.03.23 -
ClamAV 0.94.1 2009.03.23 -
Comodo 1080 2009.03.22 -
DrWeb 4.44.0.09170 2009.03.23 -
eSafe 7.0.17.0 2009.03.23 -
eTrust-Vet 31.6.6412 2009.03.23 -
F-Prot 4.4.4.56 2009.03.23 -
F-Secure 8.0.14470.0 2009.03.23 -
Fortinet 3.117.0.0 2009.03.23 -
GData 19 2009.03.23 -
Ikarus T3.1.1.48.0 2009.03.23 -
K7AntiVirus 7.10.678 2009.03.21 -
Kaspersky 7.0.0.125 2009.03.23 -
McAfee 5561 2009.03.22 -
McAfee+Artemis 5561 2009.03.22 -
McAfee-GW-Edition 6.7.6 2009.03.23 -
Microsoft 1.4502 2009.03.23 -
NOD32 3953 2009.03.21 -
Norman 6.00.06 2009.03.20 -
nProtect 2009.1.8.0 2009.03.23 -
Panda 10.0.0.10 2009.03.22 -
PCTools 4.4.2.0 2009.03.23 -
Prevx1 V2 2009.03.23 -
Rising 21.22.02.00 2009.03.23 -
Sophos 4.39.0 2009.03.23 -
Sunbelt 3.2.1858.2 2009.03.22 -
Symantec 1.4.4.12 2009.03.23 -
TheHacker 6.3.3.4.287 2009.03.23 -
TrendMicro 8.700.0.1004 2009.03.23 -
VBA32 3.12.10.1 2009.03.23 -
ViRobot 2009.3.23.1660 2009.03.23 -
VirusBuster 4.6.5.0 2009.03.22 -
Information additionnelle
File size: 179200 bytes
MD5...: 8960a8fef0758cb0faf4d1636bba4f98
SHA1..: 3c453966b55050be7d7cd7a552856f19d4c39c05
SHA256: 8b2a9558db434ea39845b20faffd4ecf1366151791f61fc8822923483808f530
SHA512: 45f718870378195a3c143b28f6be6fc2226c2527b04ea42cbec5efd0708fc64f<br>173359151ceae7d6ffbe40b23bc95eb72be14a00d5a47b59ef2b6e8fb714897e
ssdeep: 3072:B1gzcWtzji4GzA8/NorVhWqzvddVTSBp7W4CmS3zwERsdl2RjO6u8kgDXvV<br>7:qtzjpxjrVhWMmBp7WpFxjO6u8bvV7<br>
PEiD..: -
TrID..: File type identification<br>DOS Executable Generic (100.0%)
PEInfo: -

Antivirus;Version;Dernière mise à jour;Résultat
a-squared;4.0.0.101;2009.03.23;-
AhnLab-V3;5.0.0.2;2009.03.23;-
AntiVir;7.9.0.120;2009.03.23;-
Authentium;5.1.2.4;2009.03.23;-
Avast;4.8.1335.0;2009.03.23;-
AVG;8.5.0.283;2009.03.23;-
BitDefender;7.2;2009.03.23;-
CAT-QuickHeal;10.00;2009.03.23;-
ClamAV;0.94.1;2009.03.23;-
Comodo;1080;2009.03.22;-
DrWeb;4.44.0.09170;2009.03.23;-
eSafe;7.0.17.0;2009.03.23;-
eTrust-Vet;31.6.6412;2009.03.23;-
F-Prot;4.4.4.56;2009.03.23;-
F-Secure;8.0.14470.0;2009.03.23;-
Fortinet;3.117.0.0;2009.03.23;-
GData;19;2009.03.23;-
Ikarus;T3.1.1.48.0;2009.03.23;-
K7AntiVirus;7.10.678;2009.03.21;-
Kaspersky;7.0.0.125;2009.03.23;-
McAfee;5561;2009.03.22;-
McAfee+Artemis;5561;2009.03.22;-
McAfee-GW-Edition;6.7.6;2009.03.23;-
Microsoft;1.4502;2009.03.23;-
NOD32;3953;2009.03.21;-
Norman;6.00.06;2009.03.20;-
nProtect;2009.1.8.0;2009.03.23;-
Panda;10.0.0.10;2009.03.22;-
PCTools;4.4.2.0;2009.03.23;-
Prevx1;V2;2009.03.23;-
Rising;21.22.02.00;2009.03.23;-
Sophos;4.39.0;2009.03.23;-
Sunbelt;3.2.1858.2;2009.03.22;-
Symantec;1.4.4.12;2009.03.23;-
TheHacker;6.3.3.4.287;2009.03.23;-
TrendMicro;8.700.0.1004;2009.03.23;-
VBA32;3.12.10.1;2009.03.23;-
ViRobot;2009.3.23.1660;2009.03.23;-
VirusBuster;4.6.5.0;2009.03.22;-

Information additionnelle
File size: 179200 bytes
MD5...: 8960a8fef0758cb0faf4d1636bba4f98
SHA1..: 3c453966b55050be7d7cd7a552856f19d4c39c05
SHA256: 8b2a9558db434ea39845b20faffd4ecf1366151791f61fc8822923483808f530
SHA512: 45f718870378195a3c143b28f6be6fc2226c2527b04ea42cbec5efd0708fc64f<br>173359151ceae7d6ffbe40b23bc95eb72be14a00d5a47b59ef2b6e8fb714897e
ssdeep: 3072:B1gzcWtzji4GzA8/NorVhWqzvddVTSBp7W4CmS3zwERsdl2RjO6u8kgDXvV<br>7:qtzjpxjrVhWMmBp7WpFxjO6u8bvV7<br>
PEiD..: -
TrID..: File type identification<br>DOS Executable Generic (100.0%)
PEInfo: -
0
lilounet30 Messages postés 20 Statut Membre
 
Et le rapport C:\WINDOWS\system32\mstinit.dll :


Fichier mstinit.dll reçu le 2009.03.23 13:20:44 (CET)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.23 -
AhnLab-V3 5.0.0.2 2009.03.23 -
AntiVir 7.9.0.120 2009.03.23 -
Authentium 5.1.2.4 2009.03.23 -
Avast 4.8.1335.0 2009.03.23 -
AVG 8.5.0.283 2009.03.23 -
BitDefender 7.2 2009.03.23 -
CAT-QuickHeal 10.00 2009.03.23 -
ClamAV 0.94.1 2009.03.23 -
Comodo 1080 2009.03.22 -
DrWeb 4.44.0.09170 2009.03.23 -
eSafe 7.0.17.0 2009.03.23 -
eTrust-Vet 31.6.6412 2009.03.23 -
F-Prot 4.4.4.56 2009.03.23 -
F-Secure 8.0.14470.0 2009.03.23 -
Fortinet 3.117.0.0 2009.03.23 -
GData 19 2009.03.23 -
Ikarus T3.1.1.48.0 2009.03.23 -
K7AntiVirus 7.10.678 2009.03.21 -
Kaspersky 7.0.0.125 2009.03.23 -
McAfee 5561 2009.03.22 -
McAfee+Artemis 5561 2009.03.22 -
McAfee-GW-Edition 6.7.6 2009.03.23 -
Microsoft 1.4502 2009.03.23 -
NOD32 3953 2009.03.21 -
Norman 6.00.06 2009.03.20 -
nProtect 2009.1.8.0 2009.03.23 -
Panda 10.0.0.10 2009.03.22 -
PCTools 4.4.2.0 2009.03.23 -
Prevx1 V2 2009.03.23 -
Rising 21.22.02.00 2009.03.23 -
Sophos 4.39.0 2009.03.23 -
Sunbelt 3.2.1858.2 2009.03.22 -
Symantec 1.4.4.12 2009.03.23 -
TheHacker 6.3.3.4.287 2009.03.23 -
TrendMicro 8.700.0.1004 2009.03.23 -
VBA32 3.12.10.1 2009.03.23 -
ViRobot 2009.3.23.1660 2009.03.23 -
VirusBuster 4.6.5.0 2009.03.22 -
Information additionnelle
File size: 180224 bytes
MD5...: 106d8cc69724bcea7bba8307f26c5e61
SHA1..: f80e5401b304a1fe31b1d42b5f4f0196d4d3ec46
SHA256: 0f4ee3a12199d426479a93d9edaf357fecc58c05215270fac7701c04c9e36668
SHA512: 4900f46b41310a08442da5b84777e6971806659a3949d18b6533dea7655e872c<br>509b250ce222ab8ac9143970e571b82e18d708df1de5101e86d784b709c320b4
ssdeep: 3072:b2Lz3YL9kBv8ugpaQhrdfEfw5GFfpgt6r6pBrlLoDyjjXanQrdMa:KLz3YC<br>qpaqE45GFfKU+pBrl/XeQBd<br>
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -

Antivirus;Version;Dernière mise à jour;Résultat
a-squared;4.0.0.101;2009.03.23;-
AhnLab-V3;5.0.0.2;2009.03.23;-
AntiVir;7.9.0.120;2009.03.23;-
Authentium;5.1.2.4;2009.03.23;-
Avast;4.8.1335.0;2009.03.23;-
AVG;8.5.0.283;2009.03.23;-
BitDefender;7.2;2009.03.23;-
CAT-QuickHeal;10.00;2009.03.23;-
ClamAV;0.94.1;2009.03.23;-
Comodo;1080;2009.03.22;-
DrWeb;4.44.0.09170;2009.03.23;-
eSafe;7.0.17.0;2009.03.23;-
eTrust-Vet;31.6.6412;2009.03.23;-
F-Prot;4.4.4.56;2009.03.23;-
F-Secure;8.0.14470.0;2009.03.23;-
Fortinet;3.117.0.0;2009.03.23;-
GData;19;2009.03.23;-
Ikarus;T3.1.1.48.0;2009.03.23;-
K7AntiVirus;7.10.678;2009.03.21;-
Kaspersky;7.0.0.125;2009.03.23;-
McAfee;5561;2009.03.22;-
McAfee+Artemis;5561;2009.03.22;-
McAfee-GW-Edition;6.7.6;2009.03.23;-
Microsoft;1.4502;2009.03.23;-
NOD32;3953;2009.03.21;-
Norman;6.00.06;2009.03.20;-
nProtect;2009.1.8.0;2009.03.23;-
Panda;10.0.0.10;2009.03.22;-
PCTools;4.4.2.0;2009.03.23;-
Prevx1;V2;2009.03.23;-
Rising;21.22.02.00;2009.03.23;-
Sophos;4.39.0;2009.03.23;-
Sunbelt;3.2.1858.2;2009.03.22;-
Symantec;1.4.4.12;2009.03.23;-
TheHacker;6.3.3.4.287;2009.03.23;-
TrendMicro;8.700.0.1004;2009.03.23;-
VBA32;3.12.10.1;2009.03.23;-
ViRobot;2009.3.23.1660;2009.03.23;-
VirusBuster;4.6.5.0;2009.03.22;-

Information additionnelle
File size: 180224 bytes
MD5...: 106d8cc69724bcea7bba8307f26c5e61
SHA1..: f80e5401b304a1fe31b1d42b5f4f0196d4d3ec46
SHA256: 0f4ee3a12199d426479a93d9edaf357fecc58c05215270fac7701c04c9e36668
SHA512: 4900f46b41310a08442da5b84777e6971806659a3949d18b6533dea7655e872c<br>509b250ce222ab8ac9143970e571b82e18d708df1de5101e86d784b709c320b4
ssdeep: 3072:b2Lz3YL9kBv8ugpaQhrdfEfw5GFfpgt6r6pBrlLoDyjjXanQrdMa:KLz3YC<br>qpaqE45GFfKU+pBrl/XeQBd<br>
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
0
Réponse 28 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
/!\ Seul lilounet30 peut suivre cette procédure. /!\

1/

---> Ouvre le Bloc-notes.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

KillAll::

File::
C:\WINDOWS\system32\nozutiki.dll
C:\WINDOWS\system32\neyikine.dll
C:\WINDOWS\system32\nehalofu.dll
C:\WINDOWS\system32\mofelise.dll
C:\WINDOWS\system32\howiduga.dll
C:\WINDOWS\system32\dudumese.dll
C:\WINDOWS\system32\dahurawa.dll
C:\WINDOWS\system32\gohnkfqb.dll
C:\WINDOWS\system32\2f2d971c-.txt
C:\WINDOWS\system32\honjflnd.dll
C:\WINDOWS\SET11A.tmp
C:\WINDOWS\SET10E.tmp
C:\WINDOWS\SET10B.tmp
C:\WINDOWS\SET11B.tmp
C:\WINDOWS\SET10F.tmp
C:\WINDOWS\SET10C.tmp
C:\WINDOWS\tjbzuwli.exe
C:\WINDOWS\system32\wm16tokl.dll
C:\WINDOWS\system32\sys16u.dll
C:\WINDOWS\jrfbwsrf.exe
C:\WINDOWS\system32\BIT65.tmp
C:\WINDOWS\system32\wagegeda.dll

Folder::
C:\Program Files\AskTBar
C:\Program Files\Registry Easy

--> Colle la sélection dans le Bloc-notes.

--> Enregistre ce fichier sur le Bureau (Impératif).

--> Nom du fichier : CFScript
--> Type du fichier : tous les fichiers
--> Clique sur Enregistrer.
--> Quitte le Bloc-notes.

2/

--> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

--> Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

--> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

--> Une fois le scan achevé, un rapport va s'afficher : poste-le.

--> Si le fichier ne s'ouvre pas, il se trouve ici C:\Combofix.txt
0
lilounet30 Messages postés 20 Statut Membre
 
Fichier Combofix.txt :

ComboFix 09-03-19.02 - lilou 2009-03-23 6:58:06.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.134 [GMT -8:00]
Lancé depuis: c:\documents and settings\lilou.LILOUNET-MJIZK9\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\lilou.LILOUNET-MJIZK9\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\jrfbwsrf.exe
c:\windows\SET10B.tmp
c:\windows\SET10C.tmp
c:\windows\SET10E.tmp
c:\windows\SET10F.tmp
c:\windows\SET11A.tmp
c:\windows\SET11B.tmp
c:\windows\system32\2f2d971c-.txt
c:\windows\system32\BIT65.tmp
c:\windows\system32\dahurawa.dll
c:\windows\system32\dudumese.dll
c:\windows\system32\gohnkfqb.dll
c:\windows\system32\honjflnd.dll
c:\windows\system32\howiduga.dll
c:\windows\system32\mofelise.dll
c:\windows\system32\nehalofu.dll
c:\windows\system32\neyikine.dll
c:\windows\system32\nozutiki.dll
c:\windows\system32\sys16u.dll
c:\windows\system32\wagegeda.dll
c:\windows\system32\wm16tokl.dll
c:\windows\tjbzuwli.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskTBar
c:\program files\AskTBar\bar\2.bin\A5POPSWT.DLL
c:\program files\AskTBar\bar\2.bin\ASKTBAR.DLL
c:\program files\AskTBar\bar\Cache\[u]0/u025EBD3.bin
c:\program files\AskTBar\bar\Cache\[u]0/u025FD78.bin
c:\program files\AskTBar\bar\Cache\[u]0/u025FE86.bin
c:\program files\AskTBar\bar\Cache\[u]0/u025FFBC.bin
c:\program files\AskTBar\bar\Cache\[u]0/u04A74C4
c:\program files\AskTBar\bar\Cache\[u]0/u0D09A55
c:\program files\AskTBar\bar\Cache\files.ini
c:\program files\AskTBar\bar\History\search2
c:\program files\AskTBar\bar\Settings\prevcfg2.htm
c:\program files\AskTBar\PopSwatr\History\allowed
c:\program files\AskTBar\PopSwatr\History\notallow
c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
c:\program files\Registry Easy
c:\program files\Registry Easy\Code
c:\program files\Registry Easy\EasyHelp.chm
c:\program files\Registry Easy\errorlist.txt
c:\program files\Registry Easy\fu.dat
c:\program files\Registry Easy\RE.exe
c:\program files\Registry Easy\RegEasyUpdate.exe
c:\program files\Registry Easy\RegistryEasy.url
c:\program files\Registry Easy\RepairBackup\_20090319_114204.reg
c:\program files\Registry Easy\RepairBackup\_20090319_115418.reg
c:\program files\Registry Easy\RepairBackup\Backup_20090319_134800.reg
c:\program files\Registry Easy\ScanResult
c:\program files\Registry Easy\ScanSection.ini
c:\program files\Registry Easy\soft.dat
c:\program files\Registry Easy\unins000.dat
c:\program files\Registry Easy\unins000.exe
c:\program files\Registry Easy\Update.ini
c:\windows\jrfbwsrf.exe
c:\windows\SET10B.tmp
c:\windows\SET10C.tmp
c:\windows\SET10E.tmp
c:\windows\SET10F.tmp
c:\windows\SET11A.tmp
c:\windows\SET11B.tmp
c:\windows\system32\2f2d971c-.txt
c:\windows\system32\BIT65.tmp
c:\windows\system32\dahurawa.dll
c:\windows\system32\dudumese.dll
c:\windows\system32\gohnkfqb.dll
c:\windows\system32\honjflnd.dll
c:\windows\system32\howiduga.dll
c:\windows\system32\mofelise.dll
c:\windows\system32\nehalofu.dll
c:\windows\system32\neyikine.dll
c:\windows\system32\nozutiki.dll
c:\windows\system32\sys16u.dll
c:\windows\system32\wagegeda.dll
c:\windows\system32\wm16tokl.dll
c:\windows\tjbzuwli.exe

[COLOR=RED] c:\windows\explorer.exe . . . est infecté!!/COLOR

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-23 au 2009-03-23 ))))))))))))))))))))))))))))))))))))
.

2009-03-22 15:11 . 2009-03-22 16:05 <DIR> d-------- c:\program files\FindyKill
2009-03-22 09:27 . 2009-03-22 09:52 <DIR> d-------- C:\Lop SD
2009-03-22 06:42 . 2009-03-22 06:42 <DIR> d-------- c:\windows\ERUNT
2009-03-22 06:33 . 2009-03-22 07:08 <DIR> d-------- C:\SDFix
2009-03-21 14:11 . 2009-03-21 14:11 <DIR> d-------- C:\rsit
2009-03-21 13:19 . 2009-03-21 13:19 180,224 --a------ c:\windows\system32\mstinit.dll
2009-03-21 12:52 . 2009-03-21 12:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-21 12:52 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-21 12:52 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-21 12:00 . 2009-03-21 12:07 <DIR> d-------- c:\documents and settings\lilou.LILOUNET-MJIZK9\.housecall6.6
2009-03-19 13:25 . 2009-03-19 13:25 26,112 --ahs---- c:\windows\system32\drivers\nup.sys.00000BBA.dll
2009-03-19 11:40 . 2009-03-19 11:40 <DIR> d-------- c:\program files\vghd
2009-03-19 11:40 . 2009-03-19 11:40 <DIR> d-------- c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\vghd
2009-03-19 11:40 . 2009-03-19 11:40 152,904 --a------ c:\windows\system32\vghd.scr
2009-03-19 11:39 . 2009-03-19 11:39 42 --a------ c:\windows\system32\RegistryEasy.lie
2009-03-19 10:59 . 2009-03-19 10:59 <DIR> d-------- c:\program files\Premium Booster
2009-03-19 09:41 . 2009-03-19 09:41 <DIR> d-------- c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Uniblue
2009-03-19 09:40 . 2009-03-19 09:40 <DIR> d-------- c:\program files\Uniblue
2009-03-19 06:26 . 2009-03-19 06:27 <DIR> d-------- c:\program files\CCleaner
2009-03-18 08:56 . 2009-03-18 08:56 24,576 --ahs---- c:\windows\system32\drivers\nup.sys.000007D2.dll
2009-03-15 13:32 . 2009-03-15 13:32 24,576 --ahs---- c:\windows\system32\drivers\nup.sys.00000BB9.dll
2009-03-14 10:32 . 2009-03-14 10:32 <DIR> d-------- c:\program files\HDDGURU LLF Tool
2009-03-12 12:36 . 2009-03-12 12:36 47 --a------ C:\Thunbs.db
2009-03-11 13:42 . 2009-03-11 13:42 <DIR> d-------- c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Blancco
2009-03-11 13:39 . 2009-03-11 13:39 <DIR> d-------- c:\program files\Common Files\Blancco
2009-03-11 13:39 . 2009-03-11 13:39 <DIR> d-------- c:\program files\Blancco
2009-03-11 13:39 . 2009-03-11 13:39 <DIR> d--h----- c:\documents and settings\All Users.WINDOWS\Application Data\{BED24E2B-C79C-4948-863F-D211FD6088AA}
2009-03-10 14:55 . 2009-03-10 14:55 18,944 --ahs---- c:\windows\system32\drivers\nup.sys.000003E9.dll
2009-03-08 06:02 . 2009-03-08 06:02 23,552 --ahs---- c:\windows\system32\drivers\nup.sys.00000082.dll
2009-03-07 14:18 . 2009-03-07 14:18 23,552 --ahs---- c:\windows\system32\drivers\nup.sys.0000007D.dll
2009-03-07 11:09 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-03-07 11:09 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-03-07 11:09 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-03-07 11:09 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2009-03-07 07:31 . 2009-03-12 04:37 <DIR> d-------- c:\windows\system32\config\systemprofile\Tracing
2009-03-06 15:18 . 2009-03-06 15:18 22,016 --ahs---- c:\windows\system32\drivers\nup.sys.0000007C.dll
2009-03-05 11:50 . 2009-03-05 11:50 135,584 --a------ c:\windows\system32\drivers\ethdnamh.sys
2009-03-05 08:06 . 2003-04-02 15:54 20,648 -ra------ c:\windows\system32\drivers\netrcacm.sys
2009-03-03 15:17 . 2001-08-23 06:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2009-03-03 15:16 . 2001-08-23 06:00 10,129,408 --a--c--- c:\windows\system32\dllcache\hwxkor.dll
2009-03-03 15:15 . 2001-08-23 06:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-03-03 15:14 . 2004-08-03 16:56 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2009-03-03 15:13 . 2004-08-03 16:56 290,816 --a--c--- c:\windows\system32\dllcache\adsiis51.dll
2009-03-03 15:11 . 2009-03-03 15:11 749 -rah----- c:\windows\WindowsShell.Manifest
2009-03-03 15:11 . 2009-03-03 15:11 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-03 15:11 . 2009-03-03 15:11 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-03-03 15:11 . 2009-03-03 15:11 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-03-03 15:11 . 2009-03-03 15:11 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-03-03 15:11 . 2009-03-03 15:11 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-03-03 15:09 . 2001-08-23 06:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-03-03 14:53 . 2001-08-23 06:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2009-03-03 14:53 . 2001-08-23 06:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2009-03-03 14:53 . 2001-08-23 06:00 13,312 --a------ c:\windows\system32\irclass.dll
2009-03-03 14:53 . 2001-08-23 06:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll
2009-03-03 03:05 . 2009-03-03 03:05 10,311 ---h----- c:\documents and settings\LocalService.NT AUTHORITY.000\.exe
2009-02-27 10:44 . 2005-05-27 01:32 1,317,152 -ra------ c:\windows\system32\drivers\lvcm.sys.bak
2009-02-27 10:44 . 2009-02-27 10:44 136,128 --a------ c:\windows\system32\drivers\bnpcneyc.sys
2009-02-27 10:44 . 2005-05-27 01:31 22,016 -ra------ c:\windows\system32\drivers\lvusbsta.sys.bak
2009-02-27 09:42 . 2009-03-04 14:16 32,768 --a------ c:\windows\system32\drivers\ati5knxx.sys
2009-02-27 02:10 . 2009-02-27 02:10 179,200 --a------ c:\windows\system32\progman.dll
2009-02-27 02:10 . 2009-02-27 02:10 179,200 --a------ c:\windows\system32\print.dll
2009-02-23 13:11 . 2009-02-24 05:09 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 15:03 --------- d-----w c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Skype
2009-03-23 11:56 --------- d-----w c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\skypePM
2009-03-23 00:05 --------- d-----w c:\program files\trend micro
2009-03-21 21:19 360,448 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-03-21 21:18 140,288 ----a-w c:\windows\system32\sfc_os.dll
2009-03-21 21:18 1,134,596 ----a-w c:\windows\explorer.exe
2009-03-21 20:35 14,336 ----a-w c:\windows\system32\svchost.exe
2009-03-12 21:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 22:08 --------- d-----w c:\program files\eMule
2009-03-05 18:20 --------- d-----w c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\MSN6
2009-03-04 18:34 --------- d-----w c:\program files\Common Files\Adobe
2009-03-03 23:06 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-22 13:48 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-22 13:47 --------- d-----w c:\program files\Microsoft
2009-02-22 13:46 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-02-22 13:44 --------- d-----w c:\program files\Windows Live
2009-02-22 13:40 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-08 16:53 --------- d-----w c:\program files\directx
2009-02-07 03:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-07 02:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-07 02:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-29 15:01 --------- d-----w c:\program files\Common Files\Ahead
2009-01-28 20:19 --------- d-----w c:\program files\Ahead
2009-01-25 19:35 --------- d-----w c:\program files\Realtek
2009-01-24 00:02 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Babylon
2009-01-23 23:35 --------- d-----w c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Babylon
2009-01-23 21:29 --------- d-----w c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\LuckyTender
2009-01-23 13:46 --------- d-----w c:\program files\Bonjour
2009-01-13 21:06 3,231,826 ----a-w c:\program files\eMule0.49b-Installer1.exe
2009-01-12 18:45 73,728 ----a-w c:\windows\system32\RtNicProp32.dll
2008-02-23 21:44 32 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\ezsid.dat
.

------- Sigcheck -------

2008-06-20 03:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 03:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
2006-02-18 18:06 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\system32\dllcache\tcpip.sys
2009-03-21 13:19 360448 cd88cca22aea38f67b073cd2c8238340 c:\windows\system32\drivers\tcpip.sys

2009-03-21 13:18 1134596 76d7bd029706b4532282101d5f338317 c:\windows\explorer.exe
2008-04-13 16:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
2009-03-21 13:18 1134596 76d7bd029706b4532282101d5f338317 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-21_15.18.09.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 23:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-03-22 14:43:00 5,226,496 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0/u0000001\ntuser.dat
+ 2009-03-22 14:43:00 184,320 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat
+ 2008-08-07 23:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-03-22 14:42:42 5,226,496 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0/u0000001\ntuser.dat
+ 2009-03-22 14:42:43 184,320 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0/u0000002\UsrClass.dat
- 2009-03-05 16:28:32 62,658 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-22 23:48:29 62,658 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-05 16:28:32 401,378 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-22 23:48:29 401,378 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-23 15:03:28 16,384 ----atw c:\windows\temp\Perflib_Perfdata_f54.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2007-06-27 152872]
"LaCie Backup"="c:\program files\LaCie\Backup Software\\LaCieBackup.exe" [2006-07-06 2596864]
"RegistryBooster 2 d’Uniblue "="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-11-21 1902592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="D:\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Photo Downloader"="d:\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"mule_st_key"="c:\windows\system32\config\systemprofile\Application Data\m\flec006.exe" [2009-03-21 94373]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-10-22 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"d:\\Program Files\\eMule\\emule.exe"=
"d:\\iTunes.exe"=
"d:\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-22 55152]
S0 ati5knxx;ati5knxx;c:\windows\system32\drivers\ati5knxx.sys [2009-02-27 32768]
S0 boldxti;boldxti;c:\windows\system32\drivers\bnpcneyc.sys [2009-02-27 136128]
S1 ethdnamh;ethdnamh;c:\windows\system32\drivers\ethdnamh.sys [2009-03-05 135584]
S2 SeaPort;SeaPort; [x]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-02-27 16512]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-20 33752]
.
Contenu du dossier 'Tâches planifiées'

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2009-03-21 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
HKU-Default-Run-tjbzuwli.exe - c:\windows\tjbzuwli.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: netflama.cc\ssl-hints
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Mozilla\Firefox\Profiles\8a7tvsm1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\mozilla plugins\npitunes.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 07:02:43
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•A~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\LaCie\Backup Software\LacieBackup.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2009-03-23 7:08:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-23 15:08:14
ComboFix2.txt 2009-03-21 23:21:24

Avant-CF: 17 909 952 512 bytes free
Après-CF: 17,891,786,752 bytes free

327 --- E O F --- 2008-12-10 11:03:22
0
lilounet30 Messages postés 20 Statut Membre
 
Hello,
tu as reçu mon fichier ComboFix.txt apres le scan ?
0
Réponse 29 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Tu as un CD d'XP ?
0
lilounet30 Messages postés 20 Statut Membre
 
Oui,
SP2
0
Réponse 30 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
J'ai une autre idée, installe le SP3 :
https://www.clubic.com/telecharger-fiche242026-windows-xp-service-pack-3.html
0
lilounet30
 
Je n'ai pas pu installer SP3 car ma version SP2 est en anglais...
0
Réponse 31 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
http://www.microsoft.com/downloads/details.aspx?FamilyId=2FCDE6CE-B5FB-4488-8C50-FE22559D164E&displaylang=en
0
lilounet30
 
Merci !
0
Réponse 32 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
C'est un fichier ISO pour faire un CD mais tu peux l'extraire avec WinRar pour avoir l'exécutable.
0
lilounet30 Messages postés 20 Statut Membre
 
Impossible d'installer SP3 ; mon ordi bloque systématiquement.
0
Réponse 33 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Voici le fichier explorer.exe :
http://sd-1.archive-host.com/membres/up/3288717712384394/explorer.exe

Remplace celui qui se trouve dans C:\Windows\
0
lilounet30 Messages postés 20 Statut Membre
 
Salut,
desolee, j'ai tarde a repondre mais j'ai un gros probleme : je n'envoie pas ce message de mon pc mais d'un autre, car apres avoir installe explorer.exe sur le mien, j'ai ouvert le fichier, et depuis, mon pc plante et redemarre en boucle apres affichage furtif d'une page bleue. Le bureau n'a meme pas le temps d'etre charge, l'ordi redemarre avant. Et je ne peux pas lancer le mode sans echec, ca plante. Je n'y connais malheureusement rien et j'ai essaye de booter sur le cd mais ca marche pas. je ne sais pas quoi faire...
0
Réponse 34 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
http://www.commentcamarche.net/faq/sujet 5120 installation de windows xp
0
lilounet30 Messages postés 20 Statut Membre
 
Merci !
0
Réponse 35 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
http://www.commentcamarche.net/faq/sujet 15947 sauver vos documents d un windows mort avec un cd live linux
0
lilounet30
 
Merci !
j'ai pu reinstaller XP (mais SP1).
on m'a demande si je voulais formater. Tu penses que ca serait preferable ?
0
Réponse 36 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Oui, il faudrait sauvegarder tous tes documents sur un disque dur externe par exemple puis formater et réinstaller Windows proprement.
0
lilounet30
 
Le formatage elimine toutes les infections ?
0
Réponse 37 / 38
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Oui pour tes infections.
0
lilounet30
 
Genial !
Je te remercie encore pour ton aide ; je ne m'en serais jamais sortie sinon !
Bonne soiree et merci encore
0
Réponse 38 / 38
Utilisateur anonyme
 
bonjour a tous

Oui pour tes infections = sauf Virut.
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
installer malwarebytes gratuit
Frenzel -
MPMP10 -

9 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses