Sujet Précédent Sujet Suivant

[Virus] Infecté par spy sheriff

Fermé
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010 - 17 mai 2006 à 12:08
 bernie61 - 20 mai 2006 à 20:12
Bonjour à tous me revoilà dans le monde de la misère ! Voila j'ai acheté un nouveau pc ! j'installe ma connexion et je dl 2 ou 3 trucs et le fameux Spysheriff s'immisce sournoisement. Je crois que j'ai un Backoor - haxdoor un truc comme ça que je n'ai pas vraiment pu identifier !

Vous aviez été ultra performant la dernière fois ! Merci de bien vouloir m'aider a nouveau !

28 réponses

  • 1
  • 2
Réponse 1 / 28
aranjuez31 Messages postés 8052 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 354
17 mai 2006 à 12:19
hello

Spyaxe, Spysheriff, Antivirus Gold, détournement de bureau (desktop hijack) ?
Télécharger ceci (merci a S!RI pour ce petit programme) :
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
L'exécuter, puis double-cliquer sur Smitfraudfix.cmd
Choisir l’option 1, il va générer un rapport
Copier-coller ce dernier dans un message sur le forum.
En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du PC sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, redémarre en mode normal, copie-colle le rapport sauvegardé sur le forum.
=============
puis
7/ - Hijackthis - Outil de diagnostic et réparation
lire démo
http://pageperso.aol.fr/balltrap34/Hijenr.gif
http://pageperso.aol.fr/balltrap34/demohijack.htm
Télécharge version française ici
http://telechargement.zebulon.fr/160-patch-francais-pour-hijackthis-1991.html
Au boulot – Bon courage

0
Réponse 2 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
17 mai 2006 à 15:38
SmitFraudFix v2.44

Rapport fait à 15:38:28,85, 17/05/2006
Executé à partir de C:\Documents and Settings\gilou\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\secure32.html PRESENT !
C:\uniq PRESENT !
C:\winstall.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\gilou\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\gilou\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\secure32.html PRESENT !
C:\Program Files\SpySheriff\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 3 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
17 mai 2006 à 15:47
SmitFraudFix v2.44

Rapport fait à 15:43:21,48, 17/05/2006
Executé à partir de C:\Documents and Settings\gilou\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\secure32.html supprimé
C:\uniq supprimé
C:\winstall.exe supprimé
C:\Program Files\secure32.html supprimé
C:\Program Files\SpySheriff\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin

et celui de hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15:44:43, on 17/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00006.exe"
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Microsoft (R) Windows TCP/IP Socket Driver] C:\WINDOWS\winsock\csrss.exe
O4 - HKLM\..\Run: [ed95706d.exe] C:\WINDOWS\System32\ed95706d.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
0
Réponse 4 / 28
aranjuez31 Messages postés 8052 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 354
17 mai 2006 à 16:10
re
ya encore des merdes d un autre genre
========
Installer L2mfix là (nettoie ligne O20 de Hijackthis)

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
http://users.skynet.be/BernieClub/tools.html

A/ Phase1
1. extraire le fichier sur le bureau
2. désactiver l'antivirus (car process est détecté faussement comme virus malware par certains antivirus)
3. lancer l2mfix.bat et sélectionner l'option #1 et faire Enter pour faire apparaître le log (cela prend qqs minutes)
4. Copie le log et colle sur un FORUM approprié pour une aide (par ex CMC sécurité/virus)

B/ Phase 2
5. Ferme toutes tes fenêtres windows
6. Relances l2mfix.bat et sélectionne l'option #2
7. l'ordi va redémarrer automatiquement sinon le faire manuellement
8. Recopie le log et colle-le à nouveau sur un FORUM approprié pour une aide
9. Lances un Hijackthis http://www.merijn.org/files/hijackthis.zip ou là http://users.skynet.be/BernieClub/tools.html
tu le lances " Do a system scan and save log " et tu copie/colle le rapport sur un FORUM approprié pour une aide (avec cliq droit de la souris).

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
17 mai 2006 à 16:19
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xptptt]
"secureUID"="[148769881904254464]"
"DllName"=hex(2):78,00,70,00,74,00,70,00,74,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"Startup"="MmPageScan"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
"MaxWait"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extension de l'interpr‚teur de commande pour Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

No matches found.
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 50A0-2F7C

R‚pertoire de C:\WINDOWS\System32

16/05/2006 22:53 <REP> dllcache
16/05/2006 22:02 174ÿ592 inetsec.exe
16/05/2006 22:00 <REP> Microsoft
16/05/2006 21:46 174ÿ592 wnsec.exe
2 fichier(s) 349ÿ184 octets
2 R‚p(s) 128ÿ982ÿ511ÿ616 octets libres
0
Réponse 6 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
17 mai 2006 à 16:27
L2mfix 051206
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (804)
Killing 'winlogon.exe'
winlogon.exe (876)
Killing 'explorer.exe'
explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00011.exe" (1844)
Killing 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xptptt]
"secureUID"="[148769881904254464]"
"DllName"=hex(2):78,00,70,00,74,00,70,00,74,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"Startup"="MmPageScan"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
"MaxWait"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
0
Réponse 7 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
17 mai 2006 à 16:30
Logfile of HijackThis v1.99.1
Scan saved at 16:31:38, on 17/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\0mcamcap.exe
C:\Program Files\mkwi.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\gilou\Local Settings\Application Data\ed95706d.exe
C:\WINDOWS\system32\inetsec.exe
C:\WINDOWS\system32\wnsec.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\qvmd.exe
c:\Program Files\mkwi.exe
C:\WINDOWS\System32\wuauclt.exe
c:\Program Files\mkwi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\mkwi.exe
c:\Program Files\mkwi.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00016.exe"
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Microsoft (R) Windows TCP/IP Socket Driver] C:\WINDOWS\winsock\csrss.exe
O4 - HKLM\..\Run: [ed95706d.exe] C:\WINDOWS\System32\ed95706d.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\Run: [SysTray] c:\Program Files\mkwi.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ed95706d.exe] C:\Documents and Settings\gilou\Local Settings\Application Data\ed95706d.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O17 - HKLM\System\CCS\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 84.103.237.146 86.64.145.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 84.103.237.146 86.64.145.146
O17 - HKLM\System\CS2\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 84.103.237.143 86.64.145.143
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
0
Réponse 8 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
17 mai 2006 à 17:42
Je vois que le travail me concernant est colossal ! :)
0
Réponse 9 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
17 mai 2006 à 18:39
bon j'ai installé spysweeper ! Il a bien nettoyé mais j'ai encore spysheriff et un trojan backdoor
0
Réponse 10 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
17 mai 2006 à 18:56
Voila mon dernier Kijack ! Please HOO grand shaman ! 2coute mes prière ! LOL

Bon ben si quelqu'un peut m'aider je promet de bruler plusieurs cièrge a la grande prophetesse Candy the great ! :)


Logfile of HijackThis v1.99.1
Scan saved at 18:55:02, on 17/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\inetsec.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wnsec.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\adv.exe
c:\egmk.exe
C:\WINDOWS\TEMP\adv.exe
c:\egmk.exe
c:\qvmd.exe
c:\qvmd.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00035.exe"
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Microsoft (R) Windows TCP/IP Socket Driver] C:\WINDOWS\winsock\csrss.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O17 - HKLM\System\CCS\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 84.103.237.144 86.64.145.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 84.103.237.144 86.64.145.144
O17 - HKLM\System\CS2\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 84.103.237.146 86.64.145.146
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
0
Utilisateur anonyme
17 mai 2006 à 19:21
Salut,

Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X, pour le faire fonctionner,
une fois qu'il a terminé colle le rapport ici stp avec un nouveau rapport hijackthis

https://www.bitdefender.com/toolbox/
0
Réponse 11 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
17 mai 2006 à 19:58
Salut et Merci de bien vouloir m'aider !

Le scan bitdefender:

Scanned File


Status

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\kbaih[1].txt


Infected with: GenPack:Trojan.Startpage.LM

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\kbaih[1].txt


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\kbaih[1].txt


Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\ltbmlkw[1].htm


Infected with: Trojan.SpySheriff.C

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\ltbmlkw[1].htm


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\ltbmlkw[1].htm


Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\ltbmlkw[2].htm


Infected with: Trojan.SpySheriff.C

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\ltbmlkw[2].htm


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\ltbmlkw[2].htm


Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\rphaj[1].txt


Suspected of: BehavesLike:Trojan.ShellStartup

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\rphaj[1].txt


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\rphaj[1].txt


Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\ltbmlkw[1].htm


Infected with: Trojan.SpySheriff.C

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\ltbmlkw[1].htm


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\ltbmlkw[1].htm


Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\kbaih[1].txt


Infected with: GenPack:Trojan.Startpage.LM

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\kbaih[1].txt


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\kbaih[1].txt


Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\loadadv496[1].exe


Suspected of: BehavesLike:Trojan.Downloader

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\loadadv496[1].exe


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\loadadv496[1].exe


Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\loadadv496[2].exe


Suspected of: BehavesLike:Trojan.Downloader

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\loadadv496[2].exe


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\loadadv496[2].exe


Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\kbaih[1].txt


Infected with: GenPack:Trojan.Startpage.LM

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\kbaih[1].txt


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\kbaih[1].txt


Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\lctfamlw[1].txt


Infected with: Win32.Worm.Mytob.FR

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\lctfamlw[1].txt


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\lctfamlw[1].txt


Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\ltbmlkw[1].htm


Infected with: Trojan.SpySheriff.C

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\ltbmlkw[1].htm


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\ltbmlkw[1].htm


Deleted

C:\egmk.exe


Suspected of: BehavesLike:Trojan.ShellStartup

C:\egmk.exe


Disinfection failed

C:\egmk.exe


Delete failed

C:\Program Files\ibyxmjll.exe


Infected with: GenPack:Trojan.Startpage.LM

C:\Program Files\ibyxmjll.exe


Disinfection failed

C:\Program Files\ibyxmjll.exe


Deleted

C:\Program Files\mkwi.exe


Infected with: GenPack:Trojan.Startpage.LM

C:\Program Files\mkwi.exe


Disinfection failed

C:\Program Files\mkwi.exe


Delete failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1E965070.exe


Infected with: Win32.Sality.E

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1E965070.exe


Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1E965070.exe


Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42E05C8A.exe


Infected with: Win32.Sality.E

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42E05C8A.exe


Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42E05C8A.exe


Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55374C2C.exe


Infected with: Win32.Sality.E

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55374C2C.exe


Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55374C2C.exe


Deleted

C:\Program Files\secure32.html


Infected with: Trojan.SpySheriff.C

C:\Program Files\secure32.html


Disinfection failed

C:\Program Files\secure32.html


Deleted

C:\read1write.exe


Suspected of: BehavesLike:Trojan.Downloader

C:\read1write.exe


Disinfection failed

C:\read1write.exe


Deleted

C:\secure32.html


Infected with: Trojan.SpySheriff.C

C:\secure32.html


Disinfection failed

C:\secure32.html


Deleted

C:\WINDOWS\system32\bios.rom


Infected with: Backdoor.BotGet.FtpB.Gen

C:\WINDOWS\system32\bios.rom


Deleted

C:\WINDOWS\system32\i


Infected with: Backdoor.BotGet.FtpB.Gen

C:\WINDOWS\system32\i


Deleted

C:\WINDOWS\system32\inetsec.exe


Infected with: GenPack:Backdoor.SDBot.F3D4DA9D

C:\WINDOWS\system32\inetsec.exe


Disinfection failed

C:\WINDOWS\system32\inetsec.exe


Delete failed

C:\WINDOWS\system32\net.ini


Infected with: Backdoor.BotGet.FtpB.Gen

C:\WINDOWS\system32\net.ini


Deleted

C:\WINDOWS\system32\noise.eng


Clean

C:\WINDOWS\system32\noise.enu


Clean

C:\WINDOWS\system32\noise.esn


Clean

C:\WINDOWS\system32\noise.fra


Clean

C:\WINDOWS\system32\noise.ita


Clean

C:\WINDOWS\system32\noise.nld


Clean

C:\WINDOWS\system32\noise.sve


Clean

C:\WINDOWS\system32\noise.tha


Clean

C:\WINDOWS\system32\notepad.exe


Clean

C:\WINDOWS\system32\npp\ndisnpp.dll


Clean

C:\WINDOWS\system32\npp\nppagent.exe


Clean

C:\WINDOWS\system32\npptools.dll


Clean

C:\WINDOWS\system32\nscompat.tlb


Clean

C:\WINDOWS\system32\nslookup.exe


Clean

C:\WINDOWS\system32\ntbackup.exe


Clean

C:\WINDOWS\system32\ntdll.dll


Clean

C:\WINDOWS\system32\ntdos.sys


Clean

C:\WINDOWS\system32\ntdos404.sys


Clean

C:\WINDOWS\system32\ntdos411.sys


Clean

C:\WINDOWS\system32\ntdos412.sys


Clean

C:\WINDOWS\system32\ntdos804.sys


Clean

C:\WINDOWS\system32\ntdsapi.dll


Clean

C:\WINDOWS\system32\ntdsbcli.dll


Clean

C:\WINDOWS\system32\ntimage.gif


Clean

C:\WINDOWS\system32\ntio.sys


Clean

C:\WINDOWS\system32\ntio404.sys


Clean

C:\WINDOWS\system32\ntio411.sys


Clean

C:\WINDOWS\system32\ntio412.sys


Clean

C:\WINDOWS\system32\ntio804.sys


Clean

C:\WINDOWS\system32\ntkrnlpa.exe


Clean

C:\WINDOWS\system32\ntlanman.dll


Clean

C:\WINDOWS\system32\ntlanui.dll


Clean

C:\WINDOWS\system32\ntlanui2.dll


Clean

C:\WINDOWS\system32\ntlsapi.dll


Clean

C:\WINDOWS\system32\ntmarta.dll


Clean

C:\WINDOWS\system32\ntmsapi.dll


Clean

C:\WINDOWS\system32\ntmsdba.dll


Clean

C:\WINDOWS\system32\ntmsevt.dll


Clean

C:\WINDOWS\system32\ntmsmgr.dll


Clean

C:\WINDOWS\system32\ntmsmgr.msc


Clean

C:\WINDOWS\system32\ntmsoprq.msc


Clean

C:\WINDOWS\system32\ntmssvc.dll


Clean

C:\WINDOWS\system32\ntoskrnl.exe


Clean

C:\WINDOWS\system32\ntprint.dll


Clean

C:\WINDOWS\system32\ntsd.exe


Clean

C:\WINDOWS\system32\ntsdexts.dll


Clean

C:\WINDOWS\system32\ntshrui.dll


Clean

C:\WINDOWS\system32\ntvdm.exe


Clean

C:\WINDOWS\system32\ntvdmd.dll


Clean

C:\WINDOWS\system32\nusrmgr.cpl


Clean

C:\WINDOWS\system32\nw16.exe


Clean

C:\WINDOWS\system32\nwapi16.dll


Clean

C:\WINDOWS\system32\nwapi32.dll


Clean

C:\WINDOWS\system32\nwc.cpl


Clean

C:\WINDOWS\system32\nwc.cpl.manifest


Clean

C:\WINDOWS\system32\nwcfg.dll


Clean

C:\WINDOWS\system32\nwevent.dll


Clean

C:\WINDOWS\system32\nwprovau.dll


Clean

C:\WINDOWS\system32\nwscript.exe


Clean

C:\WINDOWS\system32\nwwks.dll


Clean

C:\WINDOWS\system32\oakley.dll


Clean

C:\WINDOWS\system32\objsel.dll


Clean

C:\WINDOWS\system32\occache.dll


Clean

C:\WINDOWS\system32\ocmanage.dll


Clean

C:\WINDOWS\system32\odbc16gt.dll


Clean

C:\WINDOWS\system32\odbc32.dll


Clean

C:\WINDOWS\system32\odbc32gt.dll


Clean

C:\WINDOWS\system32\odbcad32.exe


Clean

C:\WINDOWS\system32\odbcbcp.dll


Clean

C:\WINDOWS\system32\odbcconf.dll


Clean

C:\WINDOWS\system32\odbcconf.exe


Clean

C:\WINDOWS\system32\odbcconf.rsp


Clean

C:\WINDOWS\system32\odbccp32.cpl


Clean

C:\WINDOWS\system32\odbccp32.dll


Clean

C:\WINDOWS\system32\odbccr32.dll


Clean

C:\WINDOWS\system32\odbccu32.dll


Clean

C:\WINDOWS\system32\odbcint.dll


Clean

C:\WINDOWS\system32\odbcji32.dll


Clean

C:\WINDOWS\system32\odbcjt32.dll


Clean

C:\WINDOWS\system32\odbcp32r.dll


Clean

C:\WINDOWS\system32\odbctrac.dll


Clean

C:\WINDOWS\system32\oddbse32.dll


Clean

C:\WINDOWS\system32\odexl32.dll


Clean

C:\WINDOWS\system32\odfox32.dll


Clean

C:\WINDOWS\system32\odpdx32.dll


Clean

C:\WINDOWS\system32\odtext32.dll


Clean

C:\WINDOWS\system32\oembios.bin


Clean

C:\WINDOWS\system32\oembios.dat


Clean

C:\WINDOWS\system32\oembios.sig


Clean

C:\WINDOWS\system32\Oemdspif.dll


Clean

C:\WINDOWS\system32\offfilt.dll


Clean

C:\WINDOWS\system32\ole2.dll


Clean

C:\WINDOWS\system32\ole2disp.dll


Clean

C:\WINDOWS\system32\ole2nls.dll


Clean

C:\WINDOWS\system32\ole32.dll


Clean

C:\WINDOWS\system32\oleacc.dll


Clean

C:\WINDOWS\system32\oleaccrc.dll


Clean

C:\WINDOWS\system32\oleaut32.dll


Clean

C:\WINDOWS\system32\olecli.dll


Clean

C:\WINDOWS\system32\olecli32.dll


Clean

C:\WINDOWS\system32\olecnv32.dll


Clean

C:\WINDOWS\system32\oledlg.dll


Clean

C:\WINDOWS\system32\oleprn.dll


Clean

C:\WINDOWS\system32\olepro32.dll


Clean

C:\WINDOWS\system32\olesvr.dll


Clean

C:\WINDOWS\system32\olesvr32.dll


Clean

C:\WINDOWS\system32\olethk32.dll


Clean

C:\WINDOWS\system32\oobe\actsetup\actconn.htm


Clean

C:\WINDOWS\system32\oobe\actsetup\actdone.htm


Clean

C:\WINDOWS\system32\oobe\actsetup\activ.htm


Clean

C:\WINDOWS\system32\oobe\actsetup\activerr.htm


Clean

C:\WINDOWS\system32\oobe\actsetup\activsvc.htm


Clean

C:\WINDOWS\system32\oobe\actsetup\actlan.htm


Clean

C:\WINDOWS\system32\oobe\actsetup\adeskerr.htm


Clean

C:\WINDOWS\system32\oobe\actsetup\adrdyreg.htm


Clean

C:\WINDOWS\system32\oobe\actsetup\apolicy.htm


Clean

C:\WINDOWS\system32\oobe\actsetup\aprvcyms.htm


Clean

C:\WINDOWS\system32\oobe\actsetup\areg1.htm


Clean

C:\WINDOWS\system32\oobe\actsetup\aregdial.htm


Clean

C:\WINDOWS\system32\oobe\actsetup\aregdone.htm


Clean

C:\WINDOWS\system32\oobe\actsetup\aregsty2.css


Clean

C:\WINDOWS\system32\oobe\actsetup\aregstyl.css


Clean

C:\WINDOWS\system32\oobe\actsetup\ausrinfo.htm


Clean

C:\WINDOWS\system32\oobe\actshell.htm


Clean

C:\WINDOWS\system32\oobe\agtcore.js


Clean

C:\WINDOWS\system32\oobe\agtscrpt.js


Clean

C:\WINDOWS\system32\oobe\dialmgr.js


Clean

C:\WINDOWS\system32\oobe\dslmain.js


Clean

C:\WINDOWS\system32\oobe\dtsgnup.htm


Clean

C:\WINDOWS\system32\oobe\error\cnncterr.htm


Clean

C:\WINDOWS\system32\oobe\error\dialtone.htm


Clean

C:\WINDOWS\system32\oobe\error\hndshake.htm


Clean

C:\WINDOWS\system32\oobe\error\isp2busy.htm


Clean

C:\WINDOWS\system32\oobe\error\noanswer.htm


Clean

C:\WINDOWS\system32\oobe\error\pberr.htm


Clean

C:\WINDOWS\system32\oobe\error\pulse.htm


Clean

C:\WINDOWS\system32\oobe\error\toobusy.htm


Clean

C:\WINDOWS\system32\oobe\error.js


Clean

C:\WINDOWS\system32\oobe\html\dslmain\dslmain.htm


Clean

C:\WINDOWS\system32\oobe\html\dslmain\dsl_a.htm


Clean

C:\WINDOWS\system32\oobe\html\dslmain\dsl_b.htm


Clean

C:\WINDOWS\system32\oobe\html\iconnect\icntlast.htm


Clean

C:\WINDOWS\system32\oobe\html\iconnect\iconnect.htm


Clean

C:\WINDOWS\system32\oobe\html\isptype\isptype.htm


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\bulzano.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\bulzanom.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\but1_dwn.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\but1_idl.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\but1_up.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\but2_dwn.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\but2_idl.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\but2_up.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\but3_dwn.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\but3_idl.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\but3_up.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\but4_dwn.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\but4_idl.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\but4_up.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\clicking.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\desktop3.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\heidelb.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\heidelbm.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\mouse4.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\mouseimg.gif


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\paris.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\parism.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\pisa.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\pisam.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\prague.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\praguem.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\tyrol.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\tyrolm.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\venice.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\venicem.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\verona.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\images\veronam.jpg


Clean

C:\WINDOWS\system32\oobe\html\mouse\mouse.htm


Clean

C:\WINDOWS\system32\oobe\html\mouse\mouse_a.htm


Clean

C:\WINDOWS\system32\oobe\html\mouse\mouse_b.htm


Clean

C:\WINDOWS\system32\oobe\html\mouse\mouse_c.htm


Clean

C:\WINDOWS\system32\oobe\html\mouse\mouse_d.htm


Clean

C:\WINDOWS\system32\oobe\html\mouse\mouse_e.htm


Clean

C:\WINDOWS\system32\oobe\html\mouse\mouse_f.htm


Clean

C:\WINDOWS\system32\oobe\html\mouse\mouse_g.htm


Clean

C:\WINDOWS\system32\oobe\html\mouse\mouse_h.htm


Clean

C:\WINDOWS\system32\oobe\html\mouse\mouse_i.htm


Clean

C:\WINDOWS\system32\oobe\html\mouse\mouse_j.htm


Clean

C:\WINDOWS\system32\oobe\html\mouse\mouse_k.htm


Clean

C:\WINDOWS\system32\oobe\html\sconnect\scntlast.htm


Clean

C:\WINDOWS\system32\oobe\html\sconnect\sconnect.htm


Clean

C:\WINDOWS\system32\oobe\iconnect.js


Clean

C:\WINDOWS\system32\oobe\icserror\icsdc.htm


Clean

C:\WINDOWS\system32\oobe\icsmgr.js


Clean

C:\WINDOWS\system32\oobe\images\arrow.gif


Clean

C:\WINDOWS\system32\oobe\images\backdown.jpg


Clean

C:\WINDOWS\system32\oobe\images\backoff.jpg


Clean

C:\WINDOWS\system32\oobe\images\backover.jpg


Clean

C:\WINDOWS\system32\oobe\images\backup.jpg


Clean

C:\WINDOWS\system32\oobe\images\btn1.gif


Clean

C:\WINDOWS\system32\oobe\images\btn2.gif


Clean

C:\WINDOWS\system32\oobe\images\btn3.gif


Clean

C:\WINDOWS\system32\oobe\images\bullet1.gif


Clean

C:\WINDOWS\system32\oobe\images\clickerx.wav


Clean

C:\WINDOWS\system32\oobe\images\clickhr.gif


Clean

C:\WINDOWS\system32\oobe\images\dialtone.gif


Clean

C:\WINDOWS\system32\oobe\images\dialup.gif


Clean

C:\WINDOWS\system32\oobe\images\grn_btn.gif


Clean

C:\WINDOWS\system32\oobe\images\hand1.gif


Clean

C:\WINDOWS\system32\oobe\images\hand2.gif


Clean

C:\WINDOWS\system32\oobe\images\intro.wmv


Clean

C:\WINDOWS\system32\oobe\images\magnify.gif


Clean

C:\WINDOWS\system32\oobe\images\merlin.gif


Clean

C:\WINDOWS\system32\oobe\images\monitor.gif


Clean

C:\WINDOWS\system32\oobe\images\monitor2.gif


Clean

C:\WINDOWS\system32\oobe\images\mouse.gif


Clean

C:\WINDOWS\system32\oobe\images\mousewn1.gif


Clean

C:\WINDOWS\system32\oobe\images\mslogo.jpg


Clean

C:\WINDOWS\system32\oobe\images\newbtm1.jpg


Clean

C:\WINDOWS\system32\oobe\images\newbtm8.jpg


Clean

C:\WINDOWS\system32\oobe\images\newmark1.jpg


Clean

C:\WINDOWS\system32\oobe\images\newmark8.jpg


Clean

C:\WINDOWS\system32\oobe\images\newtop1.jpg


Clean

C:\WINDOWS\system32\oobe\images\newtop8.jpg


Clean

C:\WINDOWS\system32\oobe\images\nextdown.jpg


Clean

C:\WINDOWS\system32\oobe\images\nextoff.jpg


Clean

C:\WINDOWS\system32\oobe\images\nextover.jpg


Clean

C:\WINDOWS\system32\oobe\images\nextup.jpg


Clean

C:\WINDOWS\system32\oobe\images\oemcoa.jpg


Clean

C:\WINDOWS\system32\oobe\images\oemlogo.gif


Clean

C:\WINDOWS\system32\oobe\images\prodkey.gif


Clean

C:\WINDOWS\system32\oobe\images\progress.gif


Clean

C:\WINDOWS\system32\oobe\images\qmark.acs


Clean

C:\WINDOWS\system32\oobe\images\qmark.gif


Clean

C:\WINDOWS\system32\oobe\images\skipdown.jpg


Clean

C:\WINDOWS\system32\oobe\images\skipoff.jpg


Clean

C:\WINDOWS\system32\oobe\images\skipover.jpg


Clean

C:\WINDOWS\system32\oobe\images\skipup.jpg


Clean

C:\WINDOWS\system32\oobe\images\thanks10.png


Clean

C:\WINDOWS\system32\oobe\images\thanks8.png


Clean

C:\WINDOWS\system32\oobe\images\title.wma


Clean

C:\WINDOWS\system32\oobe\images\wpaback.jpg


Clean

C:\WINDOWS\system32\oobe\images\wpabtm.jpg


Clean

C:\WINDOWS\system32\oobe\images\wpaflag.jpg


Clean

C:\WINDOWS\system32\oobe\images\wpakey.jpg


Clean

C:\WINDOWS\system32\oobe\images\wpatop.jpg


Clean

C:\WINDOWS\system32\oobe\isperror\ispcnerr.htm


Clean

C:\WINDOWS\system32\oobe\isperror\ispdtone.htm


Clean

C:\WINDOWS\system32\oobe\isperror\isphdshk.htm


Clean

C:\WINDOWS\system32\oobe\isperror\ispins.htm


Clean

C:\WINDOWS\system32\oobe\isperror\ispnoanw.htm


Clean

C:\WINDOWS\system32\oobe\isperror\isppberr.htm


Clean

C:\WINDOWS\system32\oobe\isperror\ispphbsy.htm


Clean

C:\WINDOWS\system32\oobe\isperror\ispsbusy.htm


Clean

C:\WINDOWS\system32\oobe\isptype.js


Clean

C:\WINDOWS\system32\oobe\migip.dun


Clean

C:\WINDOWS\system32\oobe\migrate.isp


Clean

C:\WINDOWS\system32\oobe\migrate.js


Clean

C:\WINDOWS\system32\oobe\migrate.obe


Clean

C:\WINDOWS\system32\oobe\migx25a.dun


Clean

C:\WINDOWS\system32\oobe\migx25b.dun


Clean

C:\WINDOWS\system32\oobe\migx25c.dun


Clean

C:\WINDOWS\system32\oobe\mousetut.js


Clean

C:\WINDOWS\system32\oobe\msobcomm.dll


Clean

C:\WINDOWS\system32\oobe\msobdl.dll


Clean

C:\WINDOWS\system32\oobe\msobe.isp


Clean

C:\WINDOWS\system32\oobe\msobmain.dll


Clean

C:\WINDOWS\system32\oobe\msobshel.dll


Clean

C:\WINDOWS\system32\oobe\msobshel.htm


Clean

C:\WINDOWS\system32\oobe\msobweb.dll


Clean

C:\WINDOWS\system32\oobe\msoobe.exe


Clean

C:\WINDOWS\system32\oobe\obeip.dun


Clean

C:\WINDOWS\system32\oobe\oobebaln.exe


Clean

C:\WINDOWS\system32\oobe\oobeinfo.ini


Clean

C:\WINDOWS\system32\oobe\oobeutil.js


Clean

C:\WINDOWS\system32\oobe\phone.inf


Clean

C:\WINDOWS\system32\oobe\phone.obe


Clean

C:\WINDOWS\system32\oobe\reg.isp


Clean

C:\WINDOWS\system32\oobe\regerror\rcnterr.htm


Clean

C:\WINDOWS\system32\oobe\regerror\rdtone.htm


Clean

C:\WINDOWS\system32\oobe\regerror\rhndshk.htm


Clean

C:\WINDOWS\system32\oobe\regerror\rnoansw.htm


Clean

C:\WINDOWS\system32\oobe\regerror\rnomdm.htm


Clean

C:\WINDOWS\system32\oobe\regerror\rpberr.htm


Clean

C:\WINDOWS\system32\oobe\regerror\rpulse.htm


Clean

C:\WINDOWS\system32\oobe\regerror\rtoobusy.htm


Clean

C:\WINDOWS\system32\oobe\sconnect.js


Clean

C:\WINDOWS\system32\oobe\setup\acterror.htm


Clean

C:\WINDOWS\system32\oobe\setup\activate.htm


Clean

C:\WINDOWS\system32\oobe\setup\act_plcy.htm


Clean

C:\WINDOWS\system32\oobe\setup\badeula.htm


Clean

C:\WINDOWS\system32\oobe\setup\badpkey.htm


Clean

C:\WINDOWS\system32\oobe\setup\compname.htm


Clean

C:\WINDOWS\system32\oobe\setup\dialup.htm


Clean

C:\WINDOWS\system32\oobe\setup\drdyisp.htm


Clean

C:\WINDOWS\system32\oobe\setup\drdymig.htm


Clean

C:\WINDOWS\system32\oobe\setup\drdyoem.htm


Clean

C:\WINDOWS\system32\oobe\setup\drdyref.htm


Clean

C:\WINDOWS\system32\oobe\setup\dtiwait.htm


Clean

C:\WINDOWS\system32\oobe\setup\fini.htm


Clean

C:\WINDOWS\system32\oobe\setup\hnwprmpt.htm


Clean

C:\WINDOWS\system32\oobe\setup\iconn.htm


Clean

C:\WINDOWS\system32\oobe\setup\ics.htm


Clean

C:\WINDOWS\system32\oobe\setup\ident1.htm


Clean

C:\WINDOWS\system32\oobe\setup\ident2.htm


Clean

C:\WINDOWS\system32\oobe\setup\isp.htm


Clean

C:\WINDOWS\system32\oobe\setup\ispwait.htm


Clean

C:\WINDOWS\system32\oobe\setup\jndomain.htm


Clean

C:\WINDOWS\system32\oobe\setup\jndom_a.htm


Clean

C:\WINDOWS\system32\oobe\setup\keybd.htm


Clean

C:\WINDOWS\system32\oobe\setup\keybdcmt.htm


Clean

C:\WINDOWS\system32\oobe\setup\migdial.htm


Clean

C:\WINDOWS\system32\oobe\setup\miglist.htm


Clean

C:\WINDOWS\system32\oobe\setup\migpage.htm


Clean

C:\WINDOWS\system32\oobe\setup\neweula.htm


Clean

C:\WINDOWS\system32\oobe\setup\neweula2.htm


Clean

C:\WINDOWS\system32\oobe\setup\oempriv.htm


Clean

C:\WINDOWS\system32\oobe\setup\oobestyl.css


Clean

C:\WINDOWS\system32\oobe\setup\prodkey.htm


Clean

C:\WINDOWS\system32\oobe\setup\prvcyms.htm


Clean

C:\WINDOWS\system32\oobe\setup\refdial.htm


Clean

C:\WINDOWS\system32\oobe\setup\reg1.htm


Clean

C:\WINDOWS\system32\oobe\setup\reg3.htm


Clean

C:\WINDOWS\system32\oobe\setup\regdial.htm


Clean

C:\WINDOWS\system32\oobe\setup\security.htm


Clean

C:\WINDOWS\system32\oobe\setup\timezone.htm


Clean

C:\WINDOWS\system32\oobe\setup\username.htm


Clean

C:\WINDOWS\system32\oobe\setup\welcome.htm


Clean

C:\WINDOWS\system32\openfiles.exe


Clean

C:\WINDOWS\system32\opengl32.dll


Clean

C:\WINDOWS\system32\osk.exe


Clean

C:\WINDOWS\system32\osuninst.dll


Clean

C:\WINDOWS\system32\osuninst.exe


Clean

C:\WINDOWS\system32\packager.exe


Clean

C:\WINDOWS\system32\pagefileconfig.vbs


Clean

C:\WINDOWS\system32\panmap.dll


Clean

C:\WINDOWS\system32\paqsp.dll


Clean

C:\WINDOWS\system32\pathping.exe


Clean

C:\WINDOWS\system32\pautoenr.dll


Clean

C:\WINDOWS\system32\pcl.sep


Clean

C:\WINDOWS\system32\pdh.dll


Clean

C:\WINDOWS\system32\pentnt.exe


Clean

C:\WINDOWS\system32\perfc009.dat


Clean

C:\WINDOWS\system32\perfc00C.dat


Clean

C:\WINDOWS\system32\perfci.h


Clean

C:\WINDOWS\system32\perfci.ini


Clean

C:\WINDOWS\system32\perfctrs.dll


Clean

C:\WINDOWS\system32\perfd009.dat


Clean

C:\WINDOWS\system32\perfd00C.dat


Clean

C:\WINDOWS\system32\vbnet.ini


Infected with: Backdoor.BotGet.FtpB.Gen

C:\WINDOWS\system32\vbnet.ini


Deleted

C:\WINDOWS\system32\wnsec.exe


Infected with: GenPack:Backdoor.SDBot.4E890FF4

C:\WINDOWS\system32\wnsec.exe


Disinfection failed

C:\WINDOWS\system32\wnsec.exe


Delete failed

C:\WINDOWS\Temp\adv.exe


Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\Temp\adv.exe


Disinfection failed

C:\WINDOWS\Temp\adv.exe


Deleted

C:\xxxjya.exe


Infected with: Win32.Worm.Mytob.FR

C:\xxxjya.exe


Disinfection failed

C:\xxxjya.exe


Deleted


Et celui de Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 19:55:45, on 17/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\inetsec.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wnsec.exe
c:\qvmd.exe
c:\egmk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
c:\Program Files\mkwi.exe
c:\Program Files\mkwi.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00038.exe"
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Microsoft (R) Windows TCP/IP Socket Driver] C:\WINDOWS\winsock\csrss.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O17 - HKLM\System\CCS\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 86.64.145.140 84.103.237.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 86.64.145.140 84.103.237.140
O17 - HKLM\System\CS2\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 86.64.145.144 84.103.237.144
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Merci d'avance !!!
0
Utilisateur anonyme
17 mai 2006 à 20:11
Fait ce nettoyage (à faire réguliérement)

¤Telecharges et installes ceci, dans la colonne de gauche cliques sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs

CCleaner:
Ccleaner

¤Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis cliques sur "lancer le nettoyage"


Clique sur demarrer, rechercher, cherche et supprime ces fichiers:

wnsec.exe
qvmd.exe
egmk.exe
csrss.exe <pas celui qu ise trouve dans /system32/
ibm00038.exe
inetsec.exe

si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui ci tapotes la touche f8, à l'ecran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers, vides ta corbeille et redemarres normalement


Puis remets un rapport hijackthis, pense à redemarrer ton Pc avant de remettre un rapport hijackthis
0
Réponse 12 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
17 mai 2006 à 20:41
Voila le rapport et encore merci !

Je n'ai pas trouvé le fichier ibm00038.exe sinon j'ai tout viré !

Logfile of HijackThis v1.99.1
Scan saved at 20:40:40, on 17/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\inetsec.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wnsec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\egmk.exe
c:\egmk.exe
C:\WINDOWS\System32\wuauclt.exe
c:\qvmd.exe
c:\Program Files\mkwi.exe
c:\Program Files\mkwi.exe
c:\jrhowp.exe
C:\WINDOWS\System32\0mcamcap.exe
C:\WINDOWS\System32\TheMatrixHasYou.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00040.exe"
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SysTray] c:\Program Files\mkwi.exe
O4 - HKLM\..\Run: [ed95706d.exe] C:\WINDOWS\System32\ed95706d.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O17 - HKLM\System\CCS\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 86.64.145.143 84.103.237.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 86.64.145.143 84.103.237.143
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
0
Utilisateur anonyme
17 mai 2006 à 20:46
c'est grade !!

Telecharge, installe puis mets à jour ce logiciel, une fois que c'est fait, fais un scan complet de ton systeme et colle le rapport ici
Ewido:
Ewido Security Suite


ensuite, redemarre ton Pc puis remets un nouveau rapport hijackthis
0
abadon Messages postés 1 Date d'inscription mercredi 17 mai 2006 Statut Membre Dernière intervention 17 mai 2006
17 mai 2006 à 20:48
VOICI LE RAPPORT SI QUELQU'UN VEUT BIEN M'AIDER


SmitFraudFix v2.44

Rapport fait à 20:41:48,71, 17/05/2006
Executé à partir de C:\Documents and Settings\MARC ANDRE\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MARC ANDRE\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARCAN~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Utilisateur anonyme > abadon Messages postés 1 Date d'inscription mercredi 17 mai 2006 Statut Membre Dernière intervention 17 mai 2006
17 mai 2006 à 20:55
Mais ça sur ton post stp pas ici MERCI!
0
Réponse 13 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
17 mai 2006 à 21:53
Et voila maitre ! Ewido m'envoie pas mal d'alertes la :)


Logfile of HijackThis v1.99.1
Scan saved at 21:53:51, on 17/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\inetsec.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wnsec.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: xptptt - xptptt.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\System32\kgejohci.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
0
Utilisateur anonyme
17 mai 2006 à 22:40
j'aurai bien voulu le rapport Ewio :-(
0
Réponse 14 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
18 mai 2006 à 09:44
Désolé pour le retard !

Voici le rapport ewido suivit de celui de hijack :


ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 09:37:29, 18/05/2006
+ Somme de contrôle: B253A405

+ Résultats du scan:

:mozilla.8:C:\Documents and Settings\gilou\Application Data\Mozilla\Firefox\Profiles\f7utyney.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.9:C:\Documents and Settings\gilou\Application Data\Mozilla\Firefox\Profiles\f7utyney.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.10:C:\Documents and Settings\gilou\Application Data\Mozilla\Firefox\Profiles\f7utyney.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.11:C:\Documents and Settings\gilou\Application Data\Mozilla\Firefox\Profiles\f7utyney.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.12:C:\Documents and Settings\gilou\Application Data\Mozilla\Firefox\Profiles\f7utyney.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.13:C:\Documents and Settings\gilou\Application Data\Mozilla\Firefox\Profiles\f7utyney.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Application Data\ed95706d.exe -> Downloader.Small.csn : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\hsamlkiu[1].txt -> Proxy.Small.bo : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\lgkjvgc[1].txt -> Downloader.Small.csn : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\upxwut[1].txt -> Hijacker.Small.kr : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\lkfecbamt[1].txt -> Not-A-Virus.Hoax.Win32.Renos.dc : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\mhcbl[1].txt -> Trojan.Sinowal.m : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\rmhtf[1].txt -> Not-A-Virus.Hoax.Win32.Renos.bw : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.dll -> Trojan.Snap : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe -> Trojan.Snap : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Snap : Nettoyer et sauvegarder
C:\Program Files\__delete_on_reboot__ksjedvj.exe -> Not-A-Virus.Hoax.Win32.Renos.dc : Nettoyer et sauvegarder
C:\WINDOWS\system32\0mcamcap.exe -> Proxy.Small.bo : Nettoyer et sauvegarder
C:\WINDOWS\system32\ed95706d.exe -> Downloader.Small.csn : Nettoyer et sauvegarder


::Fin du rapport

--------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 09:43:21, on 18/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\inetsec.exe
C:\WINDOWS\system32\wnsec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SysTray] c:\Program Files\ksjedvj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: xptptt - xptptt.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\System32\kgejohci.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe


MErci d'avance !
0
Utilisateur anonyme
18 mai 2006 à 10:31
Salut,

1.Refais un nettoyage avec Ccleaner

2.Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O20 - Winlogon Notify: xptptt - xptptt.dll (file missing)

3.Clique sur demarrer, panneau de configuration, connexions et reseau internet, option internet, dans l'onglet "general" entre ce lien: https://www.google.fr/?gws_rd=ssl

4.Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X, pour le faire fonctionner,
une fois qu'il a terminé colle le rapport ici stp

_Online Scanner
_Kaspersky Online Scanner
_My Computer

https://www.kaspersky.fr/downloads

0
Réponse 15 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
18 mai 2006 à 11:34
Merci Boulepate ! Je suis au boulot la, ce midi je rentre et je fais tout ça !

Bonne journée !
0
Réponse 16 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
18 mai 2006 à 13:10
Et voila ! Je suppose que je dois fix les problemes ???

Merci.

Scan Statistics
Total number of scanned objects 21213
Number of viruses found 18
Number of infected objects 303
Number of suspicious objects 0
Duration of the scan process 00:06:58

Infected Object Name Virus Name Last Action
C:\Documents and Settings\LocalService\Local Settings\Application Data\ed95706d.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\lkfecbamt[2].txt Infected: not-virus:Hoax.Win32.Renos.dc skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\mhcbl[1].txt Infected: Trojan-PSW.Win32.Sinowal.m skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\upxwut[1].txt Infected: Trojan-Clicker.Win32.Small.kr skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\cxwivnm[1].txt Infected: Trojan-Spy.Win32.Goldun.jz skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\hsamlkiu[2].txt Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\lgkjvgc[1].txt Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\ltbmlkw[1].htm Infected: Trojan.Win32.Harnig.a skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\rmhtf[1].txt Infected: not-virus:Hoax.Win32.Renos.cn skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\jezxjvuwr[1].htm Infected: Trojan.Win32.Harnig.a skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\015664BB.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\015D38B4.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\015D38B4.sys Infected: Backdoor.Win32.Haxdoor.im skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\018E2E7E.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01A87E61.exe Infected: Backdoor.Win32.SdBot.anx skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01B86FB8.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01BB7A4C.exe Infected: Backdoor.Win32.PoeBot.c skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0312461F.txt Infected: Trojan-Proxy.Win32.Wopla.r skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05770A4D.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0588688F.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\058C0419.sys Infected: Backdoor.Win32.Haxdoor.im skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05DD0054.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06626524.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06A96C63.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06D12ABA.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07A369CC.exe Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07A369CC.txt Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07CB61A1.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07CB61A1.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07EE2F79.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07EE2F79.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08127D52.exe Infected: Net-Worm.Win32.Bobic.n skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0816274E.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0816274E.txt Infected: Trojan-Proxy.Win32.Wopla.r skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0826793C.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08292339.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\082C4D35.EXE Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0833212E.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\083A7527.EXE Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\083D1F23.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0843731C.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\084D7111.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0854450A.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\085D42FF.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08616CFC.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\086740F4.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\086B6AF1.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\086E14ED.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08713EEA.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\087468E6.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\087B3CDF.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\088110D8.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08853AD4.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\088B0ECD.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\089262C6.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\089836BE.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\089C60BB.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08A234B4.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08A908AC.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08AC32A9.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08AF5CA5.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08B6309E.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08B95A9A.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08BC0497.EXE Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08C35890.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08CC5685.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08D00081.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08D32A7E.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08D6547A.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08DD2873.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08E0526F.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08E37C6C.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08E72668.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08EA5065.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08ED7A61.EXE Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08F0245D.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08F44E5A.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08F77856.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08FA2253.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08FD4C4F.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0901764B.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09042048.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\090B7441.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\090E1E3D.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09114839.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09147236.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09181C32.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\091B462F.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\091E702B.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09211A27.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09254424.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09286E20.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\092B181D.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\092E4219.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09326C16.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09351612.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\093C6A0B.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09423E04.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09456800.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\094911FC.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\094C3BF9.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\094F65F5.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\095639EE.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\095963EA.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\095C0DE7.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\095F37E3.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\096361E0.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09660BDC.EXE Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\096935D8.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\096D5FD5.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\097009D1.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\097333CE.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09765DCA.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\097A07C6.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\097D31C3.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09805BBF.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\098305BC.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09872FB8.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\098A59B4.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\098D03B1.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09902DAD.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\099457AA.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\099701A6.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\099A2BA3.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\099D559F.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09A42998.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09A75394.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09AB7D91.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09AE278D.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09B15189.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09B47B86.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09B82582.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09BB4F7F.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09BE797B.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09C12377.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09C54D74.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09C87770.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09CB216D.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09CE4B69.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09D27565.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09D51F62.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09D8495E.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09DF1D57.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09E24753.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09E91B4C.exe Infected: Net-Worm.Win32.Bobic.n skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09E91B4C.tmp Infected: Net-Worm.Win32.Bobic.n skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A6B2ABD.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A727EB5.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A7528B2.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A7F26A7.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A8250A3.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A8C4E99.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A8F7895.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AA61E7C.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AA94878.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AAD7275.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AAD7275.txt Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AC06E5F.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AC3185C.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AC74258.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0ACA6C54.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AF40E26.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B0B340C.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B501E44.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CF223F5.exe Infected: Trojan-Proxy.Win32.Wopla.r skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CFF4BE7.exe Infected: Trojan-Proxy.Win32.Wopla.r skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0D823720.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DAF2725.exe Infected: Trojan-Proxy.Win32.Wopla.r skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DC3230F.dll Infected: Trojan-Proxy.Win32.Wopla.s skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DC3230F.exe Infected: Trojan-Proxy.Win32.Wopla.r skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DD61EF9.dll Infected: Backdoor.Win32.Haxdoor.im skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DF418D9.dll Infected: Virus.Win32.Sality.k skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DFA6CD2.dll Infected: Backdoor.Win32.Haxdoor.im skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DFE16CE.tmp Infected: Net-Worm.Win32.Bobic.n skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0EE25693.tmp Infected: Net-Worm.Win32.Bobic.n skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1107464B.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11090C04.exe Infected: Net-Worm.Win32.Bobic.n skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\117E1A95.txt Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11A47ECB.dll Infected: Trojan-Proxy.Win32.Wopla.s skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\123A2862.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12707040.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12ED741F.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\13061471.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\136C0A78.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\13D20080.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\14387688.EXE Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\149D2DA7.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\156B589E.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\175E2960.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C98024A.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1DCA6460.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1FE2491A.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\202F288E.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\23820DDF.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27DF1B2E.exe Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27DF1B2E.txt Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27E56F27.exe Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27E56F27.txt Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27E91923.exe Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27E91923.txt Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27EF6D1C.exe Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27EF6D1C.txt Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27F31718.exe Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27F31718.txt Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27F64115.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27F64115.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27F96B11.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27F96B11.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27FC150E.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27FC150E.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28003F0A.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28003F0A.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28036906.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28036906.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28061303.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28061303.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28093CFF.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28093CFF.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28271B6C.tmp Infected: Net-Worm.Win32.Bobic.n skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28907A09.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\289F1292.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\289F1292.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\295A205F.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29C01667.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A037F0F.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A270C6E.EXE Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2C3517EA.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E6730C6.tmp Infected: Net-Worm.Win32.Bobic.n skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2FAA0270.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\342F4E91.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\36E92A83.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3ADD7105.txt Infected: Trojan-PSW.Win32.Sinowal.m skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BD37700.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3D4A6820.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3DFC703A.tmp Infected: Net-Worm.Win32.Bobic.n skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3EEC5863.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3FE40135.exe Infected: Net-Worm.Win32.Bobic.n skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\40147F79.exe Infected: Trojan-Proxy.Win32.Wopla.r skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\40152255.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\407D6CB6.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\419A68DE.dll Infected: Backdoor.Win32.Haxdoor.im skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\41CB3F3A.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\41CE6937.exe Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4213707B.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42AC1042.txt Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42AF3A3F.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42B3643B.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\43465291.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\44123EA0.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\44EE17C6.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\46C90AB3.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\46F874F5.TXT Infected: Trojan-PSW.Win32.Sinowal.m skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\48DA241F.exe Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4B50468E.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4DA42C79.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4E097FA4.exe Infected: Trojan-Proxy.Win32.Wopla.r skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F4D2A6C.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\500870A6.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\536D5C1B.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\54802741.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\579C105A.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58020661.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\59346878.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\596E6061.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\59EE6C94.exe Infected: Net-Worm.Win32.Bobic.n skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5A005487.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5B992CA5.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C3533EE.txt Infected: Backdoor.Win32.Haxdoor.il skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C7405E3.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C8701CE.exe Infected: Trojan-Clicker.Win32.Small.kr skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C8B2BCA.txt Infected: Trojan-Clicker.Win32.Small.kr skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\623E7B84.txt Infected: Trojan-PSW.Win32.Sinowal.m skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\62422580.exe Infected: Trojan-PSW.Win32.Sinowal.m skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\62422580.txt Infected: Trojan-PSW.Win32.Sinowal.m skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\632C4C58.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63924260.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\645F2B91.tmp Infected: Net-Worm.Win32.Bobic.n skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\652B1A7E.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\655B66CA.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\66AA1C02.tmp Infected: Net-Worm.Win32.Bobic.n skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\672968A4.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6DF01C48.tmp Infected: Net-Worm.Win32.Bobic.n skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6FEF6A6E.EXE Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\70BB567D.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71835B5A.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71ED3893.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\72BA24A2.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\779739C3.txt Infected: Trojan-Proxy.Win32.Wopla.r skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79DF3E3C.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79F82C90.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B193065.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7BE51C74.exe Infected: Virus.Win32.Sality.l skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7FB158BE.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\Program Files\secure32.html Infected: Trojan.Win32.Harnig.a skipped

C:\Program Files\__delete_on_reboot__ksjedvj.exe Infected: not-virus:Hoax.Win32.Renos.dc skipped

C:\qmnvlvvh.exe Infected: Trojan-Spy.Win32.Goldun.jz skipped

C:\secure32.html Infected: Trojan.Win32.Harnig.a skipped

C:\WINDOWS\system32\drivers\etc\1.hosts Infected: Trojan.Win32.Qhost skipped

C:\WINDOWS\system32\ed95706d.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

C:\WINDOWS\system32\TheMatrixHasYou.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\WINDOWS\system32\__delete_on_reboot__0mcamcap.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

C:\WINDOWS\system32\__delete_on_reboot__mmxeroxk.dll Infected: Trojan-Spy.Win32.Goldun.jz skipped

C:\winstall.exe Infected: not-virus:Hoax.Win32.Renos.cn skipped

Scan process completed.
0
Réponse 17 / 28
aranjuez31 Messages postés 8052 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 354
18 mai 2006 à 14:37
hello
1/ vide la quarantaine de Norton

2/ pour ceci :
C:\Documents and Settings\LocalService\Local Settings\Application Data\ed95706d.exe <==suis chemin et détruis cette terminologie

3/ pour ceux-là : vire fichiers temporaires

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\lkfecbamt[2].txt
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\mhcbl[1].txt
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\upxwut[1].txt
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\cxwivnm[1].txt
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\hsamlkiu[2].txt
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\lgkjvgc[1].txt
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\ltbmlkw[1].htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\rmhtf[1].txt
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\jezxjvuwr[1].htm
0
Réponse 18 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
18 mai 2006 à 14:41
Merci Aranjuez !

Je t'aurais bien dédicacé un solo de guitare sèche si j'avais su en jouer ! :)

Je ne pourrais pas avant ce soir car je bosse !

Quand j'aurais fait ça ce sera fini ou il faut que je renvoi un rapport hijackthis aprés ???
0
Réponse 19 / 28
aranjuez31 Messages postés 8052 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 354
18 mai 2006 à 14:50
oui c est préférable
0
Réponse 20 / 28
donguyl Messages postés 35 Date d'inscription vendredi 28 octobre 2005 Statut Membre Dernière intervention 4 septembre 2010
18 mai 2006 à 20:20
Logfile of HijackThis v1.99.1
Scan saved at 20:20:31, on 18/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\inetsec.exe
C:\WINDOWS\system32\wnsec.exe
C:\WINDOWS\TEMP\adv.exe
C:\WINDOWS\TEMP\adv.exe
C:\WINDOWS\System32\wuauclt.exe
c:\nkmcjtlg.exe
c:\Program Files\ksjedvj.exe
c:\Program Files\ksjedvj.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe"
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SysTray] c:\Program Files\ksjedvj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKCU\..\Run: [ed95706d.exe] C:\Documents and Settings\gilou\Local Settings\Application Data\ed95706d.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 86.64.145.145 84.103.237.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 86.64.145.145 84.103.237.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mmxeroxk - mmxeroxk.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\System32\kgejohci.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

Voici le dernier Hijack !

J'ai le message "Your computer is infected" ect...Et Ewido me trouve des hoax et malware...

:((
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses