Sujet Précédent Sujet Suivant

Comment supprimé le cheval de troie

mike769 Messages postés 4 Statut Membre -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

j'ai un cheval de troie dans mon ordinateur n'etant pas un grand informaticien je ne sais pas comment le supprimé celui ci se trouvant dan c:/WINDOWS/SYSTEM32...
Pourriez vous m'aidé svp j'espere que je ne devrais pas formater mon pc

merci d'avance :-)

4 réponses

Réponse 1 / 4
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.
0
mike769 Messages postés 4 Statut Membre
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by SABRINA at 2009-04-08 17:31:31
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 63 GB (80%) free of 79 GB
Total RAM: 479 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:54, on 08/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\SABRINA\Application Data\WinButler\WinButler.exe
C:\Documents and Settings\SABRINA\Application Data\nidle\nidle.exe
C:\Documents and Settings\SABRINA\Application Data\Microsoft\Windows\gmdvq.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SABRINA\Bureau\RSIT.exe
C:\Program Files\trend micro\SABRINA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: {c278690e-8d39-a9f8-90c4-e4e694a9b8c6} - {6c8b9a49-6e4e-4c09-8f9a-93d8e096872c} - C:\WINDOWS\system32\afeelr.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C3969953-2FC3-4090-86AD-A4B9E4D132A9} - C:\WINDOWS\system32\cbXqoPFw.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
O2 - BHO: (no name) - {D8CADFE4-81E7-4424-887F-DC661B79EAFF} - C:\WINDOWS\system32\urqRKDtT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [9cf7b5f4] rundll32.exe "C:\WINDOWS\system32\piihvkaj.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\SABRINA\Application Data\WinButler\WinButler.exe
O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\SABRINA\Application Data\nidle\nidle.exe" 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\SABRINA\Application Data\Microsoft\Windows\gmdvq.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?cb3cb88499614243b30325f5732904be
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?cb3cb88499614243b30325f5732904be
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} (ChatRepublicPlayer ActiveX) - http://www.superstarracing.net/miniclip/ChatRepublicPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{148C32B3-A8B5-47DA-AAA1-86BB81935F3B}: NameServer = 193.74.208.65,193.74.208.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{148C32B3-A8B5-47DA-AAA1-86BB81935F3B}: NameServer = 193.74.208.65,193.74.208.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{148C32B3-A8B5-47DA-AAA1-86BB81935F3B}: NameServer = 193.74.208.65,193.74.208.135
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: urqRKDtT - C:\WINDOWS\SYSTEM32\urqRKDtT.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
0
Réponse 2 / 4
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Sans commentaire sur le nombre de fichiers Vundo...

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
0
mike769 Messages postés 4 Statut Membre
 
ComboFix 09-04-04.01 - SABRINA 2009-04-08 17:46:53.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.479.197 [GMT 2:00]
LancÚ depuis: c:\documents and settings\SABRINA\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a ÚtÚ crÚÚ
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\SABRINA\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\SABRINA\Application Data\inst.exe
c:\documents and settings\SABRINA\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\IE4 Error Log.txt
c:\windows\system32\afeelr.dll
c:\windows\system32\agibxose.ini
c:\windows\system32\akqxyhkl.dll
c:\windows\system32\alfpcrsd.ini
c:\windows\system32\almhxtlk.ini
c:\windows\system32\apaxvwae.ini
c:\windows\system32\apxvbxuc.dll
c:\windows\system32\bhqhzd.dll
c:\windows\system32\bjnqglxy.dll
c:\windows\system32\bkprik.dll
c:\windows\system32\boyusksl.ini
c:\windows\system32\cbXqoPFw.dll
c:\windows\system32\cdfiulim.dll
c:\windows\system32\cftfdx.dll
c:\windows\system32\ckcrfhlk.ini
c:\windows\system32\cmnxckdp.ini
c:\windows\system32\cxcasr.dll
c:\windows\system32\cylycsdh.ini
c:\windows\system32\djapqkdw.dll
c:\windows\system32\dymkoxif.ini
c:\windows\system32\ebuoig.dll
c:\windows\system32\esbdspoc.ini
c:\windows\system32\eskyyebx.dll
c:\windows\system32\eyiybi.dll
c:\windows\system32\fjifvp.dll
c:\windows\system32\fwbixe.dll
c:\windows\system32\fxdmcbxc.dll
c:\windows\system32\gamvoxsg.ini
c:\windows\system32\gtmshj.dll
c:\windows\system32\hmojxlnt.dll
c:\windows\system32\hpurey.dll
c:\windows\system32\hvuacfkx.ini
c:\windows\system32\ikjqgqvu.dll
c:\windows\system32\iqcwqagt.ini
c:\windows\system32\isxobn.dll
c:\windows\system32\ivfvhlhf.dll
c:\windows\system32\ivqdgxfs.ini
c:\windows\system32\ixuhfoiu.ini
c:\windows\system32\iyxrcoef.dll
c:\windows\system32\jakvhiip.ini
c:\windows\system32\jfizha.dll
c:\windows\system32\jhqpjbqn.dll
c:\windows\system32\juvogbru.dll
c:\windows\system32\kkpohtes.ini
c:\windows\system32\komudmsn.dll
c:\windows\system32\lfraqdap.ini
c:\windows\system32\lguftmfy.ini
c:\windows\system32\ljrctcow.dll
c:\windows\system32\ljxhlr.dll
c:\windows\system32\lmdkkz.dll
c:\windows\system32\lomnswdi.dll
c:\windows\system32\lqhcmtmn.ini
c:\windows\system32\mfjgnftc.dll
c:\windows\system32\mjdwqg.dll
c:\windows\system32\mksmwqhq.dll
c:\windows\system32\mxetyecb.ini
c:\windows\system32\mxjwtksf.dll
c:\windows\system32\nioehhxc.dll
c:\windows\system32\nlsdmj.dll
c:\windows\system32\nqgybs.dll
c:\windows\system32\nwnomsle.ini
c:\windows\system32\omwvjn.dll
c:\windows\system32\oyydgoac.ini
c:\windows\system32\pfqvie.dll
c:\windows\system32\pgmofuue.dll
c:\windows\system32\pmcdcqqa.dll
c:\windows\system32\psbrvsur.ini
c:\windows\system32\pvxdnlfn.dll
c:\windows\system32\qecymo.dll
c:\windows\system32\qemhwyai.dll
c:\windows\system32\qlvlyicx.dll
c:\windows\system32\qmonbavp.dll
c:\windows\system32\qtqajnrd.ini
c:\windows\system32\qwxnkw.dll
c:\windows\system32\qytrbmsn.ini
c:\windows\system32\qyufrv.dll
c:\windows\system32\rbbcndgg.dll
c:\windows\system32\rbcphqkx.ini
c:\windows\system32\rgquhc.dll
c:\windows\system32\rnxtfenn.ini
c:\windows\system32\rtqnwjen.ini
c:\windows\system32\rvuhlx.dll
c:\windows\system32\rxfdpb.dll
c:\windows\system32\scwtgtpc.ini
c:\windows\system32\sfsfatrc.ini
c:\windows\system32\smsehvca.ini
c:\windows\system32\snmagjsa.dll
c:\windows\system32\soeeqy.dll
c:\windows\system32\sqqgcdjs.ini
c:\windows\system32\tebkiuwf.ini
c:\windows\system32\tevqxv.dll
c:\windows\system32\tfrdshxu.dll
c:\windows\system32\tgnijtgp.ini
c:\windows\system32\tlnwny.dll
c:\windows\system32\tniukott.dll
c:\windows\system32\tqxjitax.ini
c:\windows\system32\tthuhewg.ini
c:\windows\system32\unnsrqpv.dll
c:\windows\system32\unojaocs.ini
c:\windows\system32\upreis.dll
c:\windows\system32\urqRHbXp.dll
c:\windows\system32\urqRKDtT.dll
c:\windows\system32\utertgfy.dll
c:\windows\system32\utnwrijf.dll
c:\windows\system32\uutajw.dll
c:\windows\system32\uyxema.dll
c:\windows\system32\vdcqcn.dll
c:\windows\system32\vdldqtmb.dll
c:\windows\system32\vindcqlk.dll
c:\windows\system32\vnrijt.dll
c:\windows\system32\vsbxnryd.ini
c:\windows\system32\wFPoqXbc.ini
c:\windows\system32\wFPoqXbc.ini2
c:\windows\system32\wjghkfwq.dll
c:\windows\system32\wkchgt.dll
c:\windows\system32\wvxnqrst.ini
c:\windows\system32\xgiuxchw.ini
c:\windows\system32\xgvltxvc.dll
c:\windows\system32\xkrqfg.dll
c:\windows\system32\xqhwkmek.ini
c:\windows\system32\xrornear.ini
c:\windows\system32\xvvjob.dll
c:\windows\system32\ydfcrotm.ini
c:\windows\system32\yfjshucf.dll
c:\windows\system32\yrhvhldx.dll
c:\windows\system32\yxrpmc.dll
c:\windows\system32\znkcfp.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-08 au 2009-04-08 ))))))))))))))))))))))))))))))))))))
.

2009-04-08 17:40 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-08 17:31 . 2009-04-08 17:31 <REP> d-------- C:\rsit
2009-04-08 17:31 . 2009-04-08 17:31 <REP> d-------- c:\program files\trend micro
2009-04-08 16:40 . 2009-04-08 16:40 <REP> d-------- c:\program files\Avira
2009-04-08 16:40 . 2009-04-08 16:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-04-01 17:17 . 2009-04-01 17:17 61,440 --a------ c:\windows\system32\fieguntl.exe
2009-04-01 05:17 . 2009-04-01 05:17 61,440 --a------ c:\windows\system32\jtrpumfp.exe
2009-03-26 09:50 . 2009-03-26 09:50 61,440 --a------ c:\windows\system32\xbruvyqk.exe
2009-03-23 12:41 . 2009-03-23 12:41 <REP> d-------- c:\windows\Sun
2009-03-19 15:58 . 2009-03-19 15:58 <REP> d-------- c:\program files\VSO
2009-03-19 15:58 . 2009-03-19 15:59 <REP> d-------- c:\documents and settings\SABRINA\Application Data\Vso
2009-03-19 15:58 . 2006-05-20 17:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2009-03-19 15:58 . 2006-05-11 20:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2009-03-19 15:58 . 2006-09-29 13:24 217,127 --a------ c:\windows\system32\drv43260.dll
2009-03-19 15:58 . 2006-09-29 13:25 208,935 --a------ c:\windows\system32\drv33260.dll
2009-03-19 15:58 . 2006-09-29 13:26 176,165 --a------ c:\windows\system32\drv23260.dll
2009-03-19 15:58 . 2002-12-10 03:20 102,439 --a------ c:\windows\system32\sipr3260.dll
2009-03-19 15:58 . 2007-03-18 21:37 65,602 --a------ c:\windows\system32\cook3260.dll
2009-03-19 15:58 . 2009-03-19 15:58 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-03-19 15:58 . 2009-03-19 15:58 47,360 --a------ c:\documents and settings\SABRINA\Application Data\pcouffin.sys
2009-03-18 21:16 . 2009-03-18 21:16 <REP> d-------- c:\windows\system32\LogFiles
2009-03-16 15:47 . 2009-04-08 12:59 <REP> d-------- c:\documents and settings\SABRINA\Application Data\WinButler
2009-03-16 15:47 . 2009-03-16 15:47 <REP> d-------- c:\documents and settings\SABRINA\Application Data\nidle
2009-03-16 15:31 . 2009-03-16 15:31 <REP> d-------- c:\program files\Shareaza
2009-03-16 15:31 . 2009-03-16 15:31 <REP> d-------- c:\documents and settings\SABRINA\Application Data\Shareaza
2009-03-16 15:22 . 2009-04-08 18:02 <REP> d-------- c:\program files\DNA
2009-03-16 15:22 . 2009-04-08 18:02 <REP> d-------- c:\documents and settings\SABRINA\Application Data\DNA
2009-03-14 22:06 . 2009-03-17 21:46 <REP> d-------- c:\documents and settings\SABRINA\Application Data\LimeWire
2009-03-14 21:58 . 2009-03-14 21:57 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-14 21:58 . 2009-03-14 21:57 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-14 21:57 . 2009-03-14 21:57 <REP> d-------- c:\program files\Java
2009-03-14 21:55 . 2009-03-15 23:15 <REP> d-------- c:\program files\LimeWire

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 16:00 --------- d-----w c:\program files\Norton Security Scan
2009-03-16 13:18 --------- d-----w c:\program files\eMule
2009-02-27 02:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-20 13:43 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-20 13:41 --------- d-----w c:\program files\Mysteryville
2009-02-20 13:40 --------- d-----w c:\program files\bfgclient
2009-02-20 13:40 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-02-20 13:38 --------- d-----w c:\program files\Boonty
2009-02-20 13:20 --------- d-----w c:\program files\ReflexiveArcade
2008-03-31 19:14 0 ----a-w c:\program files\temp01
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-16 321344]
"WinButler"="c:\documents and settings\SABRINA\Application Data\WinButler\WinButler.exe" [2008-01-28 180736]
"nidle"="c:\documents and settings\SABRINA\Application Data\nidle\nidle.exe" [2009-03-16 56832]
"SfKg6wIPu"="c:\documents and settings\SABRINA\Application Data\Microsoft\Windows\gmdvq.exe" [2008-01-28 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsgCenterExe"="c:\program files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2008-11-20 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-03-03 282624]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-20 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-10-30 262144]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\SABRINA\\Local Settings\\Application Data\\Chat Republic Games\\Superstar Racing\\ChatRepublicPlayer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=

.
Contenu du dossier 'Tâches planifiées'

2009-04-08 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 04:08]

2009-04-08 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{6c8b9a49-6e4e-4c09-8f9a-93d8e096872c} - c:\windows\system32\afeelr.dll
BHO-{C3969953-2FC3-4090-86AD-A4B9E4D132A9} - c:\windows\system32\cbXqoPFw.dll
HKLM-Run-9cf7b5f4 - c:\windows\system32\piihvkaj.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
ShellExecuteHooks-{a6ca484b-fc23-4802-88c2-d07958d84d27} - c:\windows\system32\afeelr.dll


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.be/ig?hl=fr
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?cb3cb88499614243b30325f5732904be
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?cb3cb88499614243b30325f5732904be
TCP: {148C32B3-A8B5-47DA-AAA1-86BB81935F3B} = 193.74.208.65,193.74.208.135
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game14.zylom.com/activex/zylomgamesplayer.cab
DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} - hxxp://www.superstarracing.net/miniclip/ChatRepublicPlayer.cab
.
.
------- Associations de fichier -------
.
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 18:05:53
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-04-08 18:10:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-08 16:10:03

Avant-CF: 66 818 490 368 octets libres
Après-CF: 69,269,045,248 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

295 --- E O F --- 2009-03-12 02:01:38
0
Réponse 3 / 4
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen complet.
---> Clique sur Rechercher. L'analyse démarre, le scan est relativement long, c'est normal.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
mike769 Messages postés 4 Statut Membre
 
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1952
Windows 5.1.2600 Service Pack 2

08/04/2009 19:28:54
mbam-log-2009-04-08 (19-28-54).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 107720
Temps écoulé: 56 minute(s), 21 second(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 167

Processus mémoire infecté(s):
C:\Documents and Settings\SABRINA\Application Data\WinButler\WinButler.exe (Adware.WinButler) -> Unloaded process successfully.
C:\Documents and Settings\SABRINA\Application Data\nidle\nidle.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\SABRINA\Application Data\Microsoft\Windows\gmdvq.exe (Adware.WinButler) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\torrentmanager.webmanager (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\torrentmanager.webmanager.1 (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winbutler (Adware.WinButler) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{970cc246-0d83-4ffa-9832-62f19b4505cb} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3ffbbd07-eb2d-4305-982b-21da43ded39c} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinButler (Adware.WinButler) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winbutler (Adware.WinButler) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nidle (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipu (Adware.WinButler) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\SABRINA\Application Data\nidle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Skins (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Support (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\ZM (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Documents and Settings\SABRINA\Application Data\WinButler (Adware.WinButler) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\SABRINA\Application Data\WinButler\WinButler.exe (Adware.WinButler) -> Quarantined and deleted successfully.
C:\Documents and Settings\SABRINA\Application Data\nidle\nidle.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SABRINA\Application Data\Microsoft\Windows\gmdvq.exe (Adware.WinButler) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP683\A0230730.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP683\A0231730.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP684\A0236731.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP684\A0238730.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP684\A0238731.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP685\A0239730.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP686\A0241730.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP687\A0244760.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP688\A0245761.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP689\A0247761.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP690\A0248760.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP692\A0251760.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP693\A0255761.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP693\A0253760.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP693\A0255760.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP693\A0257760.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP695\A0258760.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP695\A0258761.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP695\A0258762.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP695\A0260760.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP696\A0261760.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP698\A0264760.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP698\A0272760.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP698\A0272761.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP699\A0280769.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP699\A0281769.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP701\A0283772.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP702\A0291774.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP703\A0293774.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295803.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295826.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295828.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295837.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295838.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295844.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295846.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295848.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295849.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295850.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295851.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295858.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295860.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295861.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295866.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295868.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295873.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295874.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295876.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295878.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295879.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295880.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295882.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295883.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295884.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295834.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295942.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295889.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295890.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295891.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295894.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295896.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295897.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295899.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295901.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295907.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295908.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295912.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295916.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295917.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295919.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295923.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295926.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295929.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295930.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295931.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295932.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295934.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295937.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295938.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295945.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295947.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295948.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE3DF577-261B-4A56-8657-0264F27F4BCD}\RP705\A0295949.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fieguntl.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jtrpumfp.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pldmwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uowmcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fyvgdyau.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bfvfdg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ikxditsh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\somsbahp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xbruvyqk.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ykijyowt.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\SABRINA\Application Data\WinButler\WinBuninstaller.exe (Adware.WinButler) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\afeelr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\akqxyhkl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bjnqglxy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXqoPFw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cdfiulim.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\djapqkdw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ebuoig.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\eskyyebx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\eyiybi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fjifvp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fwbixe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hmojxlnt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ikjqgqvu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\isxobn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ivfvhlhf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jfizha.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\juvogbru.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ljrctcow.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ljxhlr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lomnswdi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mfjgnftc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mjdwqg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mksmwqhq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mxjwtksf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nioehhxc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nlsdmj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pfqvie.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pgmofuue.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmcdcqqa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qecymo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qlvlyicx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qmonbavp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qwxnkw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qyufrv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rvuhlx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rxfdpb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\snmagjsa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tevqxv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tfrdshxu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tlnwny.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\unnsrqpv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\urqRHbXp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uutajw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uyxema.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vdcqcn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vdldqtmb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vnrijt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wjghkfwq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wkchgt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xkrqfg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xvvjob.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yfjshucf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yrhvhldx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yxrpmc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\BitDownload.exe (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\BitDownload.TRC (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\settings.ini (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\settings.stp (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\SkinCrafterDll.dll (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\TorrentManager.dll (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\unins000.dat (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\unins000.exe (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Skins\Stylish.skf (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Support\default.htm (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Support\dots.gif (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Support\logo.jpg (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Support\porttest_error.htm (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Support\porttest_start.htm (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Documents and Settings\SABRINA\Application Data\WinButler\config.cfg (Adware.WinButler) -> Quarantined and deleted successfully.
0
Réponse 4 / 4
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Menu Démarrer > Exécuter > Tape combofix /u et valide.

---> Refais un scan RSIT et poste le rapport log.
0

Discussions similaires

Supprime sur snap mais comment être re ajouté
Nini -
Hirao -

10 réponses
Que se passe-t-il quand on supprime un ami sur snapchat
Lilob7 -
kemani06 -

1 réponse
Supprimer compte facebook sans mail
Joris77 -
Mollygwen -

24 réponses
PIX
plart -
jordane45 -

1 réponse
quel difference entre supprimer et bloquer un contact
marie -
mlleal88 -

2 réponses