[Virus] Infecté par spy sheriff

donguyl Messages postés 36 Statut Membre -  
 bernie61 -
Bonjour à tous me revoilà dans le monde de la misère ! Voila j'ai acheté un nouveau pc ! j'installe ma connexion et je dl 2 ou 3 trucs et le fameux Spysheriff s'immisce sournoisement. Je crois que j'ai un Backoor - haxdoor un truc comme ça que je n'ai pas vraiment pu identifier !

Vous aviez été ultra performant la dernière fois ! Merci de bien vouloir m'aider a nouveau !
Configuration: Pentium 4 3.2
1go de ram
cm P5RD1-VM
Xp pro

28 réponses

  • 1
  • 2
  1. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    hello

    Spyaxe, Spysheriff, Antivirus Gold, détournement de bureau (desktop hijack) ?
    Télécharger ceci (merci a S!RI pour ce petit programme) :
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    L'exécuter, puis double-cliquer sur Smitfraudfix.cmd
    Choisir l’option 1, il va générer un rapport
    Copier-coller ce dernier dans un message sur le forum.
    En image :
    http://siri.urz.free.fr/Fix/SmitfraudFix.php
    ----------------------------------------------------------------------------
    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du PC sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    Relance le programme Smitfraud,
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, redémarre en mode normal, copie-colle le rapport sauvegardé sur le forum.
    =============
    puis
    7/ - Hijackthis - Outil de diagnostic et réparation
    lire démo
    http://pageperso.aol.fr/balltrap34/Hijenr.gif
    http://pageperso.aol.fr/balltrap34/demohijack.htm
    Télécharge version française ici
    http://telechargement.zebulon.fr/160-patch-francais-pour-hijackthis-1991.html
    Au boulot – Bon courage

    0
  2. donguyl Messages postés 36 Statut Membre
     
    SmitFraudFix v2.44

    Rapport fait à 15:38:28,85, 17/05/2006
    Executé à partir de C:\Documents and Settings\gilou\Mes documents\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    C:\secure32.html PRESENT !
    C:\uniq PRESENT !
    C:\winstall.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\gilou\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\gilou\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\secure32.html PRESENT !
    C:\Program Files\SpySheriff\ PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  3. donguyl Messages postés 36 Statut Membre
     
    SmitFraudFix v2.44

    Rapport fait à 15:43:21,48, 17/05/2006
    Executé à partir de C:\Documents and Settings\gilou\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\secure32.html supprimé
    C:\uniq supprimé
    C:\winstall.exe supprimé
    C:\Program Files\secure32.html supprimé
    C:\Program Files\SpySheriff\ supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    et celui de hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:44:43, on 17/05/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00006.exe"
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Microsoft (R) Windows TCP/IP Socket Driver] C:\WINDOWS\winsock\csrss.exe
    O4 - HKLM\..\Run: [ed95706d.exe] C:\WINDOWS\System32\ed95706d.exe
    O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
    O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
    O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
    O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    0
  4. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    re
    ya encore des merdes d un autre genre
    ========
    Installer L2mfix là (nettoie ligne O20 de Hijackthis)

    http://www.atribune.org/downloads/l2mfix.exe
    http://www.downloads.subratam.org/l2mfix.exe
    http://users.skynet.be/BernieClub/tools.html

    A/ Phase1
    1. extraire le fichier sur le bureau
    2. désactiver l'antivirus (car process est détecté faussement comme virus malware par certains antivirus)
    3. lancer l2mfix.bat et sélectionner l'option #1 et faire Enter pour faire apparaître le log (cela prend qqs minutes)
    4. Copie le log et colle sur un FORUM approprié pour une aide (par ex CMC sécurité/virus)

    B/ Phase 2
    5. Ferme toutes tes fenêtres windows
    6. Relances l2mfix.bat et sélectionne l'option #2
    7. l'ordi va redémarrer automatiquement sinon le faire manuellement
    8. Recopie le log et colle-le à nouveau sur un FORUM approprié pour une aide
    9. Lances un Hijackthis http://www.merijn.org/files/hijackthis.zip ou là http://users.skynet.be/BernieClub/tools.html
    tu le lances " Do a system scan and save log " et tu copie/colle le rapport sur un FORUM approprié pour une aide (avec cliq droit de la souris).

    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. donguyl Messages postés 36 Statut Membre
     
    L2MFIX find log 051206
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    "DLLName"="Ati2evxx.dll"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000001
    "Lock"="AtiLockEvent"
    "Logoff"="AtiLogoffEvent"
    "Logon"="AtiLogonEvent"
    "Disconnect"="AtiDisConnectEvent"
    "Reconnect"="AtiReConnectEvent"
    "Safe"=dword:00000000
    "Shutdown"="AtiShutdownEvent"
    "StartScreenSaver"="AtiStartScreenSaverEvent"
    "StartShell"="AtiStartShellEvent"
    "Startup"="AtiStartupEvent"
    "StopScreenSaver"="AtiStopScreenSaverEvent"
    "Unlock"="AtiUnLockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xptptt]
    "secureUID"="[148769881904254464]"
    "DllName"=hex(2):78,00,70,00,74,00,70,00,74,00,74,00,2e,00,64,00,6c,00,6c,00,\
    00,00
    "Startup"="MmPageScan"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    "MaxWait"=dword:00000001

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extension de l'interpr‚teur de commande pour Windows Script Host"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
    "{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    **********************************************************************************
    Files Found are not all bad files:

    No matches found.
    Locate .tmp files:

    No matches found.
    **********************************************************************************
    Directory Listing of system files:
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 50A0-2F7C

    R‚pertoire de C:\WINDOWS\System32

    16/05/2006 22:53 <REP> dllcache
    16/05/2006 22:02 174ÿ592 inetsec.exe
    16/05/2006 22:00 <REP> Microsoft
    16/05/2006 21:46 174ÿ592 wnsec.exe
    2 fichier(s) 349ÿ184 octets
    2 R‚p(s) 128ÿ982ÿ511ÿ616 octets libres
    0
  7. donguyl Messages postés 36 Statut Membre
     
    L2mfix 051206
    Creating Account.
    La commande s'est termin‚e correctement.

    Adding Administrative privleges.
    Checking for L2MFix account(0=no 1=yes):
    1
    Granting SeDebugPrivilege to L2MFIX ... successful

    Running From:
    C:\WINDOWS\system32

    Killing Processes!
    Killing 'smss.exe'
    \SystemRoot\System32\smss.exe (804)
    Killing 'winlogon.exe'
    winlogon.exe (876)
    Killing 'explorer.exe'
    explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00011.exe" (1844)
    Killing 'rundll32.exe'
    Restoring Sedebugprivilege:
    Granting SeDebugPrivilege to Administrateurs ... successful

    Scanning First Pass. Please Wait!

    First Pass Completed

    Second Pass Scanning

    Second pass Completed!

    Restoring Windows Update Certificates.:

    The following Is the Current Export of the Winlogon notify key:
    ****************************************************************************
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    "DLLName"="Ati2evxx.dll"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000001
    "Lock"="AtiLockEvent"
    "Logoff"="AtiLogoffEvent"
    "Logon"="AtiLogonEvent"
    "Disconnect"="AtiDisConnectEvent"
    "Reconnect"="AtiReConnectEvent"
    "Safe"=dword:00000000
    "Shutdown"="AtiShutdownEvent"
    "StartScreenSaver"="AtiStartScreenSaverEvent"
    "StartShell"="AtiStartShellEvent"
    "Startup"="AtiStartupEvent"
    "StopScreenSaver"="AtiStopScreenSaverEvent"
    "Unlock"="AtiUnLockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xptptt]
    "secureUID"="[148769881904254464]"
    "DllName"=hex(2):78,00,70,00,74,00,70,00,74,00,74,00,2e,00,64,00,6c,00,6c,00,\
    00,00
    "Startup"="MmPageScan"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    "MaxWait"=dword:00000001

    The following are the files found:
    ****************************************************************************

    Registry Entries that were Deleted:
    Please verify that the listing looks ok.
    If there was something deleted wrongly there are backups in the backreg folder.
    ****************************************************************************
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    ****************************************************************************
    Desktop.ini Contents:
    ****************************************************************************

    ****************************************************************************
    Checking for L2MFix account(0=no 1=yes):
    0
    Zipping up files for submission:
    zip warning: name not matched: dlls\*.*

    zip error: Nothing to do! (backup.zip)
    adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
    adding: backregs/shell.reg (164 bytes security) (deflated 73%)
    0
  8. donguyl Messages postés 36 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 16:31:38, on 17/05/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ULi5287\ULi5287.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\0mcamcap.exe
    C:\Program Files\mkwi.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\gilou\Local Settings\Application Data\ed95706d.exe
    C:\WINDOWS\system32\inetsec.exe
    C:\WINDOWS\system32\wnsec.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    c:\qvmd.exe
    c:\Program Files\mkwi.exe
    C:\WINDOWS\System32\wuauclt.exe
    c:\Program Files\mkwi.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    c:\Program Files\mkwi.exe
    c:\Program Files\mkwi.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00016.exe"
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Microsoft (R) Windows TCP/IP Socket Driver] C:\WINDOWS\winsock\csrss.exe
    O4 - HKLM\..\Run: [ed95706d.exe] C:\WINDOWS\System32\ed95706d.exe
    O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
    O4 - HKLM\..\Run: [SysTray] c:\Program Files\mkwi.exe
    O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ed95706d.exe] C:\Documents and Settings\gilou\Local Settings\Application Data\ed95706d.exe
    O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
    O17 - HKLM\System\CCS\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 84.103.237.146 86.64.145.146
    O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
    O17 - HKLM\System\CS1\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 84.103.237.146 86.64.145.146
    O17 - HKLM\System\CS2\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 84.103.237.143 86.64.145.143
    O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    0
  9. donguyl Messages postés 36 Statut Membre
     
    Je vois que le travail me concernant est colossal ! :)
    0
  10. donguyl Messages postés 36 Statut Membre
     
    bon j'ai installé spysweeper ! Il a bien nettoyé mais j'ai encore spysheriff et un trojan backdoor
    0
  11. donguyl Messages postés 36 Statut Membre
     
    Voila mon dernier Kijack ! Please HOO grand shaman ! 2coute mes prière ! LOL

    Bon ben si quelqu'un peut m'aider je promet de bruler plusieurs cièrge a la grande prophetesse Candy the great ! :)

    Logfile of HijackThis v1.99.1
    Scan saved at 18:55:02, on 17/05/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ULi5287\ULi5287.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\system32\inetsec.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wnsec.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\TEMP\adv.exe
    c:\egmk.exe
    C:\WINDOWS\TEMP\adv.exe
    c:\egmk.exe
    c:\qvmd.exe
    c:\qvmd.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00035.exe"
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Microsoft (R) Windows TCP/IP Socket Driver] C:\WINDOWS\winsock\csrss.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
    O17 - HKLM\System\CCS\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 84.103.237.144 86.64.145.144
    O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
    O17 - HKLM\System\CS1\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 84.103.237.144 86.64.145.144
    O17 - HKLM\System\CS2\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 84.103.237.146 86.64.145.146
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    0
    1. Utilisateur anonyme
       
      Salut,

      Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X, pour le faire fonctionner,
      une fois qu'il a terminé colle le rapport ici stp avec un nouveau rapport hijackthis

      https://www.bitdefender.com/toolbox/
      0
  12. donguyl Messages postés 36 Statut Membre
     
    Salut et Merci de bien vouloir m'aider !

    Le scan bitdefender:

    Scanned File

    Status

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\kbaih[1].txt

    Infected with: GenPack:Trojan.Startpage.LM

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\kbaih[1].txt

    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\kbaih[1].txt

    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\ltbmlkw[1].htm

    Infected with: Trojan.SpySheriff.C

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\ltbmlkw[1].htm

    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\ltbmlkw[1].htm

    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\ltbmlkw[2].htm

    Infected with: Trojan.SpySheriff.C

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\ltbmlkw[2].htm

    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\ltbmlkw[2].htm

    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\rphaj[1].txt

    Suspected of: BehavesLike:Trojan.ShellStartup

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\rphaj[1].txt

    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\rphaj[1].txt

    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\ltbmlkw[1].htm

    Infected with: Trojan.SpySheriff.C

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\ltbmlkw[1].htm

    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\ltbmlkw[1].htm

    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\kbaih[1].txt

    Infected with: GenPack:Trojan.Startpage.LM

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\kbaih[1].txt

    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\kbaih[1].txt

    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\loadadv496[1].exe

    Suspected of: BehavesLike:Trojan.Downloader

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\loadadv496[1].exe

    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\loadadv496[1].exe

    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\loadadv496[2].exe

    Suspected of: BehavesLike:Trojan.Downloader

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\loadadv496[2].exe

    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\loadadv496[2].exe

    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\kbaih[1].txt

    Infected with: GenPack:Trojan.Startpage.LM

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\kbaih[1].txt

    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\kbaih[1].txt

    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\lctfamlw[1].txt

    Infected with: Win32.Worm.Mytob.FR

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\lctfamlw[1].txt

    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\lctfamlw[1].txt

    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\ltbmlkw[1].htm

    Infected with: Trojan.SpySheriff.C

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\ltbmlkw[1].htm

    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\ltbmlkw[1].htm

    Deleted

    C:\egmk.exe

    Suspected of: BehavesLike:Trojan.ShellStartup

    C:\egmk.exe

    Disinfection failed

    C:\egmk.exe

    Delete failed

    C:\Program Files\ibyxmjll.exe

    Infected with: GenPack:Trojan.Startpage.LM

    C:\Program Files\ibyxmjll.exe

    Disinfection failed

    C:\Program Files\ibyxmjll.exe

    Deleted

    C:\Program Files\mkwi.exe

    Infected with: GenPack:Trojan.Startpage.LM

    C:\Program Files\mkwi.exe

    Disinfection failed

    C:\Program Files\mkwi.exe

    Delete failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1E965070.exe

    Infected with: Win32.Sality.E

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1E965070.exe

    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1E965070.exe

    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42E05C8A.exe

    Infected with: Win32.Sality.E

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42E05C8A.exe

    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42E05C8A.exe

    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55374C2C.exe

    Infected with: Win32.Sality.E

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55374C2C.exe

    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55374C2C.exe

    Deleted

    C:\Program Files\secure32.html

    Infected with: Trojan.SpySheriff.C

    C:\Program Files\secure32.html

    Disinfection failed

    C:\Program Files\secure32.html

    Deleted

    C:\read1write.exe

    Suspected of: BehavesLike:Trojan.Downloader

    C:\read1write.exe

    Disinfection failed

    C:\read1write.exe

    Deleted

    C:\secure32.html

    Infected with: Trojan.SpySheriff.C

    C:\secure32.html

    Disinfection failed

    C:\secure32.html

    Deleted

    C:\WINDOWS\system32\bios.rom

    Infected with: Backdoor.BotGet.FtpB.Gen

    C:\WINDOWS\system32\bios.rom

    Deleted

    C:\WINDOWS\system32\i

    Infected with: Backdoor.BotGet.FtpB.Gen

    C:\WINDOWS\system32\i

    Deleted

    C:\WINDOWS\system32\inetsec.exe

    Infected with: GenPack:Backdoor.SDBot.F3D4DA9D

    C:\WINDOWS\system32\inetsec.exe

    Disinfection failed

    C:\WINDOWS\system32\inetsec.exe

    Delete failed

    C:\WINDOWS\system32\net.ini

    Infected with: Backdoor.BotGet.FtpB.Gen

    C:\WINDOWS\system32\net.ini

    Deleted

    C:\WINDOWS\system32\noise.eng

    Clean

    C:\WINDOWS\system32\noise.enu

    Clean

    C:\WINDOWS\system32\noise.esn

    Clean

    C:\WINDOWS\system32\noise.fra

    Clean

    C:\WINDOWS\system32\noise.ita

    Clean

    C:\WINDOWS\system32\noise.nld

    Clean

    C:\WINDOWS\system32\noise.sve

    Clean

    C:\WINDOWS\system32\noise.tha

    Clean

    C:\WINDOWS\system32\notepad.exe

    Clean

    C:\WINDOWS\system32\npp\ndisnpp.dll

    Clean

    C:\WINDOWS\system32\npp\nppagent.exe

    Clean

    C:\WINDOWS\system32\npptools.dll

    Clean

    C:\WINDOWS\system32\nscompat.tlb

    Clean

    C:\WINDOWS\system32\nslookup.exe

    Clean

    C:\WINDOWS\system32\ntbackup.exe

    Clean

    C:\WINDOWS\system32\ntdll.dll

    Clean

    C:\WINDOWS\system32\ntdos.sys

    Clean

    C:\WINDOWS\system32\ntdos404.sys

    Clean

    C:\WINDOWS\system32\ntdos411.sys

    Clean

    C:\WINDOWS\system32\ntdos412.sys

    Clean

    C:\WINDOWS\system32\ntdos804.sys

    Clean

    C:\WINDOWS\system32\ntdsapi.dll

    Clean

    C:\WINDOWS\system32\ntdsbcli.dll

    Clean

    C:\WINDOWS\system32\ntimage.gif

    Clean

    C:\WINDOWS\system32\ntio.sys

    Clean

    C:\WINDOWS\system32\ntio404.sys

    Clean

    C:\WINDOWS\system32\ntio411.sys

    Clean

    C:\WINDOWS\system32\ntio412.sys

    Clean

    C:\WINDOWS\system32\ntio804.sys

    Clean

    C:\WINDOWS\system32\ntkrnlpa.exe

    Clean

    C:\WINDOWS\system32\ntlanman.dll

    Clean

    C:\WINDOWS\system32\ntlanui.dll

    Clean

    C:\WINDOWS\system32\ntlanui2.dll

    Clean

    C:\WINDOWS\system32\ntlsapi.dll

    Clean

    C:\WINDOWS\system32\ntmarta.dll

    Clean

    C:\WINDOWS\system32\ntmsapi.dll

    Clean

    C:\WINDOWS\system32\ntmsdba.dll

    Clean

    C:\WINDOWS\system32\ntmsevt.dll

    Clean

    C:\WINDOWS\system32\ntmsmgr.dll

    Clean

    C:\WINDOWS\system32\ntmsmgr.msc

    Clean

    C:\WINDOWS\system32\ntmsoprq.msc

    Clean

    C:\WINDOWS\system32\ntmssvc.dll

    Clean

    C:\WINDOWS\system32\ntoskrnl.exe

    Clean

    C:\WINDOWS\system32\ntprint.dll

    Clean

    C:\WINDOWS\system32\ntsd.exe

    Clean

    C:\WINDOWS\system32\ntsdexts.dll

    Clean

    C:\WINDOWS\system32\ntshrui.dll

    Clean

    C:\WINDOWS\system32\ntvdm.exe

    Clean

    C:\WINDOWS\system32\ntvdmd.dll

    Clean

    C:\WINDOWS\system32\nusrmgr.cpl

    Clean

    C:\WINDOWS\system32\nw16.exe

    Clean

    C:\WINDOWS\system32\nwapi16.dll

    Clean

    C:\WINDOWS\system32\nwapi32.dll

    Clean

    C:\WINDOWS\system32\nwc.cpl

    Clean

    C:\WINDOWS\system32\nwc.cpl.manifest

    Clean

    C:\WINDOWS\system32\nwcfg.dll

    Clean

    C:\WINDOWS\system32\nwevent.dll

    Clean

    C:\WINDOWS\system32\nwprovau.dll

    Clean

    C:\WINDOWS\system32\nwscript.exe

    Clean

    C:\WINDOWS\system32\nwwks.dll

    Clean

    C:\WINDOWS\system32\oakley.dll

    Clean

    C:\WINDOWS\system32\objsel.dll

    Clean

    C:\WINDOWS\system32\occache.dll

    Clean

    C:\WINDOWS\system32\ocmanage.dll

    Clean

    C:\WINDOWS\system32\odbc16gt.dll

    Clean

    C:\WINDOWS\system32\odbc32.dll

    Clean

    C:\WINDOWS\system32\odbc32gt.dll

    Clean

    C:\WINDOWS\system32\odbcad32.exe

    Clean

    C:\WINDOWS\system32\odbcbcp.dll

    Clean

    C:\WINDOWS\system32\odbcconf.dll

    Clean

    C:\WINDOWS\system32\odbcconf.exe

    Clean

    C:\WINDOWS\system32\odbcconf.rsp

    Clean

    C:\WINDOWS\system32\odbccp32.cpl

    Clean

    C:\WINDOWS\system32\odbccp32.dll

    Clean

    C:\WINDOWS\system32\odbccr32.dll

    Clean

    C:\WINDOWS\system32\odbccu32.dll

    Clean

    C:\WINDOWS\system32\odbcint.dll

    Clean

    C:\WINDOWS\system32\odbcji32.dll

    Clean

    C:\WINDOWS\system32\odbcjt32.dll

    Clean

    C:\WINDOWS\system32\odbcp32r.dll

    Clean

    C:\WINDOWS\system32\odbctrac.dll

    Clean

    C:\WINDOWS\system32\oddbse32.dll

    Clean

    C:\WINDOWS\system32\odexl32.dll

    Clean

    C:\WINDOWS\system32\odfox32.dll

    Clean

    C:\WINDOWS\system32\odpdx32.dll

    Clean

    C:\WINDOWS\system32\odtext32.dll

    Clean

    C:\WINDOWS\system32\oembios.bin

    Clean

    C:\WINDOWS\system32\oembios.dat

    Clean

    C:\WINDOWS\system32\oembios.sig

    Clean

    C:\WINDOWS\system32\Oemdspif.dll

    Clean

    C:\WINDOWS\system32\offfilt.dll

    Clean

    C:\WINDOWS\system32\ole2.dll

    Clean

    C:\WINDOWS\system32\ole2disp.dll

    Clean

    C:\WINDOWS\system32\ole2nls.dll

    Clean

    C:\WINDOWS\system32\ole32.dll

    Clean

    C:\WINDOWS\system32\oleacc.dll

    Clean

    C:\WINDOWS\system32\oleaccrc.dll

    Clean

    C:\WINDOWS\system32\oleaut32.dll

    Clean

    C:\WINDOWS\system32\olecli.dll

    Clean

    C:\WINDOWS\system32\olecli32.dll

    Clean

    C:\WINDOWS\system32\olecnv32.dll

    Clean

    C:\WINDOWS\system32\oledlg.dll

    Clean

    C:\WINDOWS\system32\oleprn.dll

    Clean

    C:\WINDOWS\system32\olepro32.dll

    Clean

    C:\WINDOWS\system32\olesvr.dll

    Clean

    C:\WINDOWS\system32\olesvr32.dll

    Clean

    C:\WINDOWS\system32\olethk32.dll

    Clean

    C:\WINDOWS\system32\oobe\actsetup\actconn.htm

    Clean

    C:\WINDOWS\system32\oobe\actsetup\actdone.htm

    Clean

    C:\WINDOWS\system32\oobe\actsetup\activ.htm

    Clean

    C:\WINDOWS\system32\oobe\actsetup\activerr.htm

    Clean

    C:\WINDOWS\system32\oobe\actsetup\activsvc.htm

    Clean

    C:\WINDOWS\system32\oobe\actsetup\actlan.htm

    Clean

    C:\WINDOWS\system32\oobe\actsetup\adeskerr.htm

    Clean

    C:\WINDOWS\system32\oobe\actsetup\adrdyreg.htm

    Clean

    C:\WINDOWS\system32\oobe\actsetup\apolicy.htm

    Clean

    C:\WINDOWS\system32\oobe\actsetup\aprvcyms.htm

    Clean

    C:\WINDOWS\system32\oobe\actsetup\areg1.htm

    Clean

    C:\WINDOWS\system32\oobe\actsetup\aregdial.htm

    Clean

    C:\WINDOWS\system32\oobe\actsetup\aregdone.htm

    Clean

    C:\WINDOWS\system32\oobe\actsetup\aregsty2.css

    Clean

    C:\WINDOWS\system32\oobe\actsetup\aregstyl.css

    Clean

    C:\WINDOWS\system32\oobe\actsetup\ausrinfo.htm

    Clean

    C:\WINDOWS\system32\oobe\actshell.htm

    Clean

    C:\WINDOWS\system32\oobe\agtcore.js

    Clean

    C:\WINDOWS\system32\oobe\agtscrpt.js

    Clean

    C:\WINDOWS\system32\oobe\dialmgr.js

    Clean

    C:\WINDOWS\system32\oobe\dslmain.js

    Clean

    C:\WINDOWS\system32\oobe\dtsgnup.htm

    Clean

    C:\WINDOWS\system32\oobe\error\cnncterr.htm

    Clean

    C:\WINDOWS\system32\oobe\error\dialtone.htm

    Clean

    C:\WINDOWS\system32\oobe\error\hndshake.htm

    Clean

    C:\WINDOWS\system32\oobe\error\isp2busy.htm

    Clean

    C:\WINDOWS\system32\oobe\error\noanswer.htm

    Clean

    C:\WINDOWS\system32\oobe\error\pberr.htm

    Clean

    C:\WINDOWS\system32\oobe\error\pulse.htm

    Clean

    C:\WINDOWS\system32\oobe\error\toobusy.htm

    Clean

    C:\WINDOWS\system32\oobe\error.js

    Clean

    C:\WINDOWS\system32\oobe\html\dslmain\dslmain.htm

    Clean

    C:\WINDOWS\system32\oobe\html\dslmain\dsl_a.htm

    Clean

    C:\WINDOWS\system32\oobe\html\dslmain\dsl_b.htm

    Clean

    C:\WINDOWS\system32\oobe\html\iconnect\icntlast.htm

    Clean

    C:\WINDOWS\system32\oobe\html\iconnect\iconnect.htm

    Clean

    C:\WINDOWS\system32\oobe\html\isptype\isptype.htm

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\bulzano.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\bulzanom.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\but1_dwn.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\but1_idl.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\but1_up.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\but2_dwn.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\but2_idl.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\but2_up.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\but3_dwn.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\but3_idl.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\but3_up.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\but4_dwn.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\but4_idl.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\but4_up.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\clicking.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\desktop3.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\heidelb.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\heidelbm.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\mouse4.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\mouseimg.gif

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\paris.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\parism.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\pisa.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\pisam.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\prague.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\praguem.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\tyrol.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\tyrolm.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\venice.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\venicem.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\verona.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\images\veronam.jpg

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\mouse.htm

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\mouse_a.htm

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\mouse_b.htm

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\mouse_c.htm

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\mouse_d.htm

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\mouse_e.htm

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\mouse_f.htm

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\mouse_g.htm

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\mouse_h.htm

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\mouse_i.htm

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\mouse_j.htm

    Clean

    C:\WINDOWS\system32\oobe\html\mouse\mouse_k.htm

    Clean

    C:\WINDOWS\system32\oobe\html\sconnect\scntlast.htm

    Clean

    C:\WINDOWS\system32\oobe\html\sconnect\sconnect.htm

    Clean

    C:\WINDOWS\system32\oobe\iconnect.js

    Clean

    C:\WINDOWS\system32\oobe\icserror\icsdc.htm

    Clean

    C:\WINDOWS\system32\oobe\icsmgr.js

    Clean

    C:\WINDOWS\system32\oobe\images\arrow.gif

    Clean

    C:\WINDOWS\system32\oobe\images\backdown.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\backoff.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\backover.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\backup.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\btn1.gif

    Clean

    C:\WINDOWS\system32\oobe\images\btn2.gif

    Clean

    C:\WINDOWS\system32\oobe\images\btn3.gif

    Clean

    C:\WINDOWS\system32\oobe\images\bullet1.gif

    Clean

    C:\WINDOWS\system32\oobe\images\clickerx.wav

    Clean

    C:\WINDOWS\system32\oobe\images\clickhr.gif

    Clean

    C:\WINDOWS\system32\oobe\images\dialtone.gif

    Clean

    C:\WINDOWS\system32\oobe\images\dialup.gif

    Clean

    C:\WINDOWS\system32\oobe\images\grn_btn.gif

    Clean

    C:\WINDOWS\system32\oobe\images\hand1.gif

    Clean

    C:\WINDOWS\system32\oobe\images\hand2.gif

    Clean

    C:\WINDOWS\system32\oobe\images\intro.wmv

    Clean

    C:\WINDOWS\system32\oobe\images\magnify.gif

    Clean

    C:\WINDOWS\system32\oobe\images\merlin.gif

    Clean

    C:\WINDOWS\system32\oobe\images\monitor.gif

    Clean

    C:\WINDOWS\system32\oobe\images\monitor2.gif

    Clean

    C:\WINDOWS\system32\oobe\images\mouse.gif

    Clean

    C:\WINDOWS\system32\oobe\images\mousewn1.gif

    Clean

    C:\WINDOWS\system32\oobe\images\mslogo.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\newbtm1.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\newbtm8.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\newmark1.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\newmark8.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\newtop1.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\newtop8.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\nextdown.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\nextoff.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\nextover.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\nextup.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\oemcoa.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\oemlogo.gif

    Clean

    C:\WINDOWS\system32\oobe\images\prodkey.gif

    Clean

    C:\WINDOWS\system32\oobe\images\progress.gif

    Clean

    C:\WINDOWS\system32\oobe\images\qmark.acs

    Clean

    C:\WINDOWS\system32\oobe\images\qmark.gif

    Clean

    C:\WINDOWS\system32\oobe\images\skipdown.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\skipoff.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\skipover.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\skipup.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\thanks10.png

    Clean

    C:\WINDOWS\system32\oobe\images\thanks8.png

    Clean

    C:\WINDOWS\system32\oobe\images\title.wma

    Clean

    C:\WINDOWS\system32\oobe\images\wpaback.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\wpabtm.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\wpaflag.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\wpakey.jpg

    Clean

    C:\WINDOWS\system32\oobe\images\wpatop.jpg

    Clean

    C:\WINDOWS\system32\oobe\isperror\ispcnerr.htm

    Clean

    C:\WINDOWS\system32\oobe\isperror\ispdtone.htm

    Clean

    C:\WINDOWS\system32\oobe\isperror\isphdshk.htm

    Clean

    C:\WINDOWS\system32\oobe\isperror\ispins.htm

    Clean

    C:\WINDOWS\system32\oobe\isperror\ispnoanw.htm

    Clean

    C:\WINDOWS\system32\oobe\isperror\isppberr.htm

    Clean

    C:\WINDOWS\system32\oobe\isperror\ispphbsy.htm

    Clean

    C:\WINDOWS\system32\oobe\isperror\ispsbusy.htm

    Clean

    C:\WINDOWS\system32\oobe\isptype.js

    Clean

    C:\WINDOWS\system32\oobe\migip.dun

    Clean

    C:\WINDOWS\system32\oobe\migrate.isp

    Clean

    C:\WINDOWS\system32\oobe\migrate.js

    Clean

    C:\WINDOWS\system32\oobe\migrate.obe

    Clean

    C:\WINDOWS\system32\oobe\migx25a.dun

    Clean

    C:\WINDOWS\system32\oobe\migx25b.dun

    Clean

    C:\WINDOWS\system32\oobe\migx25c.dun

    Clean

    C:\WINDOWS\system32\oobe\mousetut.js

    Clean

    C:\WINDOWS\system32\oobe\msobcomm.dll

    Clean

    C:\WINDOWS\system32\oobe\msobdl.dll

    Clean

    C:\WINDOWS\system32\oobe\msobe.isp

    Clean

    C:\WINDOWS\system32\oobe\msobmain.dll

    Clean

    C:\WINDOWS\system32\oobe\msobshel.dll

    Clean

    C:\WINDOWS\system32\oobe\msobshel.htm

    Clean

    C:\WINDOWS\system32\oobe\msobweb.dll

    Clean

    C:\WINDOWS\system32\oobe\msoobe.exe

    Clean

    C:\WINDOWS\system32\oobe\obeip.dun

    Clean

    C:\WINDOWS\system32\oobe\oobebaln.exe

    Clean

    C:\WINDOWS\system32\oobe\oobeinfo.ini

    Clean

    C:\WINDOWS\system32\oobe\oobeutil.js

    Clean

    C:\WINDOWS\system32\oobe\phone.inf

    Clean

    C:\WINDOWS\system32\oobe\phone.obe

    Clean

    C:\WINDOWS\system32\oobe\reg.isp

    Clean

    C:\WINDOWS\system32\oobe\regerror\rcnterr.htm

    Clean

    C:\WINDOWS\system32\oobe\regerror\rdtone.htm

    Clean

    C:\WINDOWS\system32\oobe\regerror\rhndshk.htm

    Clean

    C:\WINDOWS\system32\oobe\regerror\rnoansw.htm

    Clean

    C:\WINDOWS\system32\oobe\regerror\rnomdm.htm

    Clean

    C:\WINDOWS\system32\oobe\regerror\rpberr.htm

    Clean

    C:\WINDOWS\system32\oobe\regerror\rpulse.htm

    Clean

    C:\WINDOWS\system32\oobe\regerror\rtoobusy.htm

    Clean

    C:\WINDOWS\system32\oobe\sconnect.js

    Clean

    C:\WINDOWS\system32\oobe\setup\acterror.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\activate.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\act_plcy.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\badeula.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\badpkey.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\compname.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\dialup.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\drdyisp.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\drdymig.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\drdyoem.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\drdyref.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\dtiwait.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\fini.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\hnwprmpt.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\iconn.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\ics.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\ident1.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\ident2.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\isp.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\ispwait.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\jndomain.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\jndom_a.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\keybd.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\keybdcmt.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\migdial.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\miglist.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\migpage.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\neweula.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\neweula2.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\oempriv.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\oobestyl.css

    Clean

    C:\WINDOWS\system32\oobe\setup\prodkey.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\prvcyms.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\refdial.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\reg1.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\reg3.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\regdial.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\security.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\timezone.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\username.htm

    Clean

    C:\WINDOWS\system32\oobe\setup\welcome.htm

    Clean

    C:\WINDOWS\system32\openfiles.exe

    Clean

    C:\WINDOWS\system32\opengl32.dll

    Clean

    C:\WINDOWS\system32\osk.exe

    Clean

    C:\WINDOWS\system32\osuninst.dll

    Clean

    C:\WINDOWS\system32\osuninst.exe

    Clean

    C:\WINDOWS\system32\packager.exe

    Clean

    C:\WINDOWS\system32\pagefileconfig.vbs

    Clean

    C:\WINDOWS\system32\panmap.dll

    Clean

    C:\WINDOWS\system32\paqsp.dll

    Clean

    C:\WINDOWS\system32\pathping.exe

    Clean

    C:\WINDOWS\system32\pautoenr.dll

    Clean

    C:\WINDOWS\system32\pcl.sep

    Clean

    C:\WINDOWS\system32\pdh.dll

    Clean

    C:\WINDOWS\system32\pentnt.exe

    Clean

    C:\WINDOWS\system32\perfc009.dat

    Clean

    C:\WINDOWS\system32\perfc00C.dat

    Clean

    C:\WINDOWS\system32\perfci.h

    Clean

    C:\WINDOWS\system32\perfci.ini

    Clean

    C:\WINDOWS\system32\perfctrs.dll

    Clean

    C:\WINDOWS\system32\perfd009.dat

    Clean

    C:\WINDOWS\system32\perfd00C.dat

    Clean

    C:\WINDOWS\system32\vbnet.ini

    Infected with: Backdoor.BotGet.FtpB.Gen

    C:\WINDOWS\system32\vbnet.ini

    Deleted

    C:\WINDOWS\system32\wnsec.exe

    Infected with: GenPack:Backdoor.SDBot.4E890FF4

    C:\WINDOWS\system32\wnsec.exe

    Disinfection failed

    C:\WINDOWS\system32\wnsec.exe

    Delete failed

    C:\WINDOWS\Temp\adv.exe

    Suspected of: BehavesLike:Trojan.Downloader

    C:\WINDOWS\Temp\adv.exe

    Disinfection failed

    C:\WINDOWS\Temp\adv.exe

    Deleted

    C:\xxxjya.exe

    Infected with: Win32.Worm.Mytob.FR

    C:\xxxjya.exe

    Disinfection failed

    C:\xxxjya.exe

    Deleted

    Et celui de Hijack:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:55:45, on 17/05/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ULi5287\ULi5287.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\system32\inetsec.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wnsec.exe
    c:\qvmd.exe
    c:\egmk.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\wuauclt.exe
    c:\Program Files\mkwi.exe
    c:\Program Files\mkwi.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00038.exe"
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Microsoft (R) Windows TCP/IP Socket Driver] C:\WINDOWS\winsock\csrss.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
    O17 - HKLM\System\CCS\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 86.64.145.140 84.103.237.140
    O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
    O17 - HKLM\System\CS1\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 86.64.145.140 84.103.237.140
    O17 - HKLM\System\CS2\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 86.64.145.144 84.103.237.144
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    Merci d'avance !!!
    0
    1. Utilisateur anonyme
       
      Fait ce nettoyage (à faire réguliérement)

      ¤Telecharges et installes ceci, dans la colonne de gauche cliques sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs

      CCleaner:
      Ccleaner

      ¤Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis cliques sur "lancer le nettoyage"


      Clique sur demarrer, rechercher, cherche et supprime ces fichiers:

      wnsec.exe
      qvmd.exe
      egmk.exe
      csrss.exe <pas celui qu ise trouve dans /system32/
      ibm00038.exe
      inetsec.exe

      si un fichier persiste lors de la suppression fais ceci:
      -Redemarres ton pc, dès l'allumage de celui ci tapotes la touche f8, à l'ecran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers, vides ta corbeille et redemarres normalement


      Puis remets un rapport hijackthis, pense à redemarrer ton Pc avant de remettre un rapport hijackthis
      0
  13. donguyl Messages postés 36 Statut Membre
     
    Voila le rapport et encore merci !

    Je n'ai pas trouvé le fichier ibm00038.exe sinon j'ai tout viré !

    Logfile of HijackThis v1.99.1
    Scan saved at 20:40:40, on 17/05/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ULi5287\ULi5287.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\system32\inetsec.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wnsec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\egmk.exe
    c:\egmk.exe
    C:\WINDOWS\System32\wuauclt.exe
    c:\qvmd.exe
    c:\Program Files\mkwi.exe
    c:\Program Files\mkwi.exe
    c:\jrhowp.exe
    C:\WINDOWS\System32\0mcamcap.exe
    C:\WINDOWS\System32\TheMatrixHasYou.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00040.exe"
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SysTray] c:\Program Files\mkwi.exe
    O4 - HKLM\..\Run: [ed95706d.exe] C:\WINDOWS\System32\ed95706d.exe
    O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
    O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
    O17 - HKLM\System\CCS\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 86.64.145.143 84.103.237.143
    O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
    O17 - HKLM\System\CS1\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 86.64.145.143 84.103.237.143
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    0
    1. Utilisateur anonyme
       
      c'est grade !!

      Telecharge, installe puis mets à jour ce logiciel, une fois que c'est fait, fais un scan complet de ton systeme et colle le rapport ici
      Ewido:
      Ewido Security Suite


      ensuite, redemarre ton Pc puis remets un nouveau rapport hijackthis
      0
    2. abadon Messages postés 1 Statut Membre
       
      VOICI LE RAPPORT SI QUELQU'UN VEUT BIEN M'AIDER


      SmitFraudFix v2.44

      Rapport fait à 20:41:48,71, 17/05/2006
      Executé à partir de C:\Documents and Settings\MARC ANDRE\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600]

      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MARC ANDRE\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARCAN~1\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
      1. Utilisateur anonyme > abadon Messages postés 1 Statut Membre
         
        Mais ça sur ton post stp pas ici MERCI!
        0
  14. donguyl Messages postés 36 Statut Membre
     
    Et voila maitre ! Ewido m'envoie pas mal d'alertes la :)

    Logfile of HijackThis v1.99.1
    Scan saved at 21:53:51, on 17/05/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ULi5287\ULi5287.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINDOWS\system32\inetsec.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wnsec.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
    O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: xptptt - xptptt.dll (file missing)
    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\System32\kgejohci.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    0
    1. Utilisateur anonyme
       
      j'aurai bien voulu le rapport Ewio :-(
      0
  15. donguyl Messages postés 36 Statut Membre
     
    Désolé pour le retard !

    Voici le rapport ewido suivit de celui de hijack :

    ewido anti-malware - Rapport de scan
    ---------------------------------------------------------

    + Créé le: 09:37:29, 18/05/2006
    + Somme de contrôle: B253A405

    + Résultats du scan:

    :mozilla.8:C:\Documents and Settings\gilou\Application Data\Mozilla\Firefox\Profiles\f7utyney.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
    :mozilla.9:C:\Documents and Settings\gilou\Application Data\Mozilla\Firefox\Profiles\f7utyney.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
    :mozilla.10:C:\Documents and Settings\gilou\Application Data\Mozilla\Firefox\Profiles\f7utyney.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
    :mozilla.11:C:\Documents and Settings\gilou\Application Data\Mozilla\Firefox\Profiles\f7utyney.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
    :mozilla.12:C:\Documents and Settings\gilou\Application Data\Mozilla\Firefox\Profiles\f7utyney.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
    :mozilla.13:C:\Documents and Settings\gilou\Application Data\Mozilla\Firefox\Profiles\f7utyney.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
    C:\Documents and Settings\LocalService\Local Settings\Application Data\ed95706d.exe -> Downloader.Small.csn : Nettoyer et sauvegarder
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\hsamlkiu[1].txt -> Proxy.Small.bo : Nettoyer et sauvegarder
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\lgkjvgc[1].txt -> Downloader.Small.csn : Nettoyer et sauvegarder
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\upxwut[1].txt -> Hijacker.Small.kr : Nettoyer et sauvegarder
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\lkfecbamt[1].txt -> Not-A-Virus.Hoax.Win32.Renos.dc : Nettoyer et sauvegarder
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\mhcbl[1].txt -> Trojan.Sinowal.m : Nettoyer et sauvegarder
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\rmhtf[1].txt -> Not-A-Virus.Hoax.Win32.Renos.bw : Nettoyer et sauvegarder
    C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.dll -> Trojan.Snap : Nettoyer et sauvegarder
    C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe -> Trojan.Snap : Nettoyer et sauvegarder
    C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Snap : Nettoyer et sauvegarder
    C:\Program Files\__delete_on_reboot__ksjedvj.exe -> Not-A-Virus.Hoax.Win32.Renos.dc : Nettoyer et sauvegarder
    C:\WINDOWS\system32\0mcamcap.exe -> Proxy.Small.bo : Nettoyer et sauvegarder
    C:\WINDOWS\system32\ed95706d.exe -> Downloader.Small.csn : Nettoyer et sauvegarder

    ::Fin du rapport

    --------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 09:43:21, on 18/05/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ULi5287\ULi5287.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINDOWS\system32\inetsec.exe
    C:\WINDOWS\system32\wnsec.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SysTray] c:\Program Files\ksjedvj.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
    O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: xptptt - xptptt.dll (file missing)
    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\System32\kgejohci.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

    MErci d'avance !
    0
    1. Utilisateur anonyme
       
      Salut,

      1.Refais un nettoyage avec Ccleaner

      2.Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
      16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
      O20 - Winlogon Notify: xptptt - xptptt.dll (file missing)

      3.Clique sur demarrer, panneau de configuration, connexions et reseau internet, option internet, dans l'onglet "general" entre ce lien: https://www.google.fr/?gws_rd=ssl

      4.Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X, pour le faire fonctionner,
      une fois qu'il a terminé colle le rapport ici stp

      _Online Scanner
      _Kaspersky Online Scanner
      _My Computer

      https://www.kaspersky.fr/downloads

      0
  16. donguyl Messages postés 36 Statut Membre
     
    Merci Boulepate ! Je suis au boulot la, ce midi je rentre et je fais tout ça !

    Bonne journée !
    0
  17. donguyl Messages postés 36 Statut Membre
     
    Et voila ! Je suppose que je dois fix les problemes ???

    Merci.

    Scan Statistics
    Total number of scanned objects 21213
    Number of viruses found 18
    Number of infected objects 303
    Number of suspicious objects 0
    Duration of the scan process 00:06:58

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\LocalService\Local Settings\Application Data\ed95706d.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\lkfecbamt[2].txt Infected: not-virus:Hoax.Win32.Renos.dc skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\mhcbl[1].txt Infected: Trojan-PSW.Win32.Sinowal.m skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\upxwut[1].txt Infected: Trojan-Clicker.Win32.Small.kr skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\cxwivnm[1].txt Infected: Trojan-Spy.Win32.Goldun.jz skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\hsamlkiu[2].txt Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\lgkjvgc[1].txt Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\ltbmlkw[1].htm Infected: Trojan.Win32.Harnig.a skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\rmhtf[1].txt Infected: not-virus:Hoax.Win32.Renos.cn skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\jezxjvuwr[1].htm Infected: Trojan.Win32.Harnig.a skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\015664BB.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\015D38B4.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\015D38B4.sys Infected: Backdoor.Win32.Haxdoor.im skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\018E2E7E.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01A87E61.exe Infected: Backdoor.Win32.SdBot.anx skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01B86FB8.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01BB7A4C.exe Infected: Backdoor.Win32.PoeBot.c skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0312461F.txt Infected: Trojan-Proxy.Win32.Wopla.r skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05770A4D.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0588688F.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\058C0419.sys Infected: Backdoor.Win32.Haxdoor.im skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05DD0054.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06626524.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06A96C63.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06D12ABA.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07A369CC.exe Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07A369CC.txt Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07CB61A1.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07CB61A1.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07EE2F79.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07EE2F79.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08127D52.exe Infected: Net-Worm.Win32.Bobic.n skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0816274E.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0816274E.txt Infected: Trojan-Proxy.Win32.Wopla.r skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0826793C.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08292339.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\082C4D35.EXE Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0833212E.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\083A7527.EXE Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\083D1F23.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0843731C.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\084D7111.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0854450A.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\085D42FF.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08616CFC.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\086740F4.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\086B6AF1.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\086E14ED.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08713EEA.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\087468E6.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\087B3CDF.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\088110D8.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08853AD4.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\088B0ECD.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\089262C6.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\089836BE.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\089C60BB.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08A234B4.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08A908AC.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08AC32A9.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08AF5CA5.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08B6309E.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08B95A9A.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08BC0497.EXE Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08C35890.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08CC5685.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08D00081.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08D32A7E.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08D6547A.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08DD2873.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08E0526F.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08E37C6C.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08E72668.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08EA5065.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08ED7A61.EXE Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08F0245D.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08F44E5A.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08F77856.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08FA2253.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08FD4C4F.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0901764B.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09042048.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\090B7441.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\090E1E3D.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09114839.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09147236.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09181C32.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\091B462F.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\091E702B.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09211A27.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09254424.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09286E20.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\092B181D.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\092E4219.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09326C16.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09351612.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\093C6A0B.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09423E04.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09456800.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\094911FC.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\094C3BF9.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\094F65F5.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\095639EE.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\095963EA.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\095C0DE7.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\095F37E3.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\096361E0.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09660BDC.EXE Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\096935D8.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\096D5FD5.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\097009D1.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\097333CE.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09765DCA.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\097A07C6.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\097D31C3.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09805BBF.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\098305BC.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09872FB8.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\098A59B4.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\098D03B1.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09902DAD.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\099457AA.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\099701A6.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\099A2BA3.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\099D559F.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09A42998.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09A75394.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09AB7D91.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09AE278D.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09B15189.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09B47B86.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09B82582.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09BB4F7F.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09BE797B.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09C12377.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09C54D74.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09C87770.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09CB216D.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09CE4B69.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09D27565.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09D51F62.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09D8495E.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09DF1D57.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09E24753.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09E91B4C.exe Infected: Net-Worm.Win32.Bobic.n skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09E91B4C.tmp Infected: Net-Worm.Win32.Bobic.n skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A6B2ABD.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A727EB5.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A7528B2.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A7F26A7.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A8250A3.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A8C4E99.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A8F7895.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AA61E7C.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AA94878.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AAD7275.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AAD7275.txt Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AC06E5F.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AC3185C.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AC74258.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0ACA6C54.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AF40E26.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B0B340C.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B501E44.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CF223F5.exe Infected: Trojan-Proxy.Win32.Wopla.r skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CFF4BE7.exe Infected: Trojan-Proxy.Win32.Wopla.r skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0D823720.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DAF2725.exe Infected: Trojan-Proxy.Win32.Wopla.r skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DC3230F.dll Infected: Trojan-Proxy.Win32.Wopla.s skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DC3230F.exe Infected: Trojan-Proxy.Win32.Wopla.r skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DD61EF9.dll Infected: Backdoor.Win32.Haxdoor.im skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DF418D9.dll Infected: Virus.Win32.Sality.k skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DFA6CD2.dll Infected: Backdoor.Win32.Haxdoor.im skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DFE16CE.tmp Infected: Net-Worm.Win32.Bobic.n skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0EE25693.tmp Infected: Net-Worm.Win32.Bobic.n skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1107464B.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11090C04.exe Infected: Net-Worm.Win32.Bobic.n skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\117E1A95.txt Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11A47ECB.dll Infected: Trojan-Proxy.Win32.Wopla.s skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\123A2862.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12707040.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12ED741F.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\13061471.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\136C0A78.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\13D20080.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\14387688.EXE Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\149D2DA7.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\156B589E.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\175E2960.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C98024A.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1DCA6460.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1FE2491A.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\202F288E.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\23820DDF.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27DF1B2E.exe Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27DF1B2E.txt Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27E56F27.exe Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27E56F27.txt Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27E91923.exe Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27E91923.txt Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27EF6D1C.exe Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27EF6D1C.txt Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27F31718.exe Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27F31718.txt Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27F64115.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27F64115.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27F96B11.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27F96B11.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27FC150E.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27FC150E.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28003F0A.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28003F0A.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28036906.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28036906.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28061303.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28061303.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28093CFF.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28093CFF.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28271B6C.tmp Infected: Net-Worm.Win32.Bobic.n skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28907A09.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\289F1292.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\289F1292.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\295A205F.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29C01667.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A037F0F.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A270C6E.EXE Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2C3517EA.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E6730C6.tmp Infected: Net-Worm.Win32.Bobic.n skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2FAA0270.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\342F4E91.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\36E92A83.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3ADD7105.txt Infected: Trojan-PSW.Win32.Sinowal.m skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BD37700.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3D4A6820.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3DFC703A.tmp Infected: Net-Worm.Win32.Bobic.n skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3EEC5863.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3FE40135.exe Infected: Net-Worm.Win32.Bobic.n skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\40147F79.exe Infected: Trojan-Proxy.Win32.Wopla.r skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\40152255.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\407D6CB6.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\419A68DE.dll Infected: Backdoor.Win32.Haxdoor.im skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\41CB3F3A.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\41CE6937.exe Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4213707B.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42AC1042.txt Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42AF3A3F.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42B3643B.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\43465291.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\44123EA0.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\44EE17C6.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\46C90AB3.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\46F874F5.TXT Infected: Trojan-PSW.Win32.Sinowal.m skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\48DA241F.exe Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4B50468E.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4DA42C79.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4E097FA4.exe Infected: Trojan-Proxy.Win32.Wopla.r skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F4D2A6C.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\500870A6.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\536D5C1B.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\54802741.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\579C105A.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58020661.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\59346878.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\596E6061.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\59EE6C94.exe Infected: Net-Worm.Win32.Bobic.n skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5A005487.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5B992CA5.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C3533EE.txt Infected: Backdoor.Win32.Haxdoor.il skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C7405E3.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C8701CE.exe Infected: Trojan-Clicker.Win32.Small.kr skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C8B2BCA.txt Infected: Trojan-Clicker.Win32.Small.kr skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\623E7B84.txt Infected: Trojan-PSW.Win32.Sinowal.m skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\62422580.exe Infected: Trojan-PSW.Win32.Sinowal.m skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\62422580.txt Infected: Trojan-PSW.Win32.Sinowal.m skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\632C4C58.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63924260.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\645F2B91.tmp Infected: Net-Worm.Win32.Bobic.n skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\652B1A7E.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\655B66CA.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\66AA1C02.tmp Infected: Net-Worm.Win32.Bobic.n skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\672968A4.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6DF01C48.tmp Infected: Net-Worm.Win32.Bobic.n skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6FEF6A6E.EXE Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\70BB567D.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71835B5A.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71ED3893.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\72BA24A2.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\779739C3.txt Infected: Trojan-Proxy.Win32.Wopla.r skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79DF3E3C.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79F82C90.txt Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B193065.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7BE51C74.exe Infected: Virus.Win32.Sality.l skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7FB158BE.txt Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\Program Files\secure32.html Infected: Trojan.Win32.Harnig.a skipped

    C:\Program Files\__delete_on_reboot__ksjedvj.exe Infected: not-virus:Hoax.Win32.Renos.dc skipped

    C:\qmnvlvvh.exe Infected: Trojan-Spy.Win32.Goldun.jz skipped

    C:\secure32.html Infected: Trojan.Win32.Harnig.a skipped

    C:\WINDOWS\system32\drivers\etc\1.hosts Infected: Trojan.Win32.Qhost skipped

    C:\WINDOWS\system32\ed95706d.exe Infected: Trojan-Downloader.Win32.Small.csn skipped

    C:\WINDOWS\system32\TheMatrixHasYou.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\WINDOWS\system32\__delete_on_reboot__0mcamcap.exe Infected: Trojan-Proxy.Win32.Small.bo skipped

    C:\WINDOWS\system32\__delete_on_reboot__mmxeroxk.dll Infected: Trojan-Spy.Win32.Goldun.jz skipped

    C:\winstall.exe Infected: not-virus:Hoax.Win32.Renos.cn skipped

    Scan process completed.
    0
  18. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    hello
    1/ vide la quarantaine de Norton

    2/ pour ceci :
    C:\Documents and Settings\LocalService\Local Settings\Application Data\ed95706d.exe <==suis chemin et détruis cette terminologie

    3/ pour ceux-là : vire fichiers temporaires

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\lkfecbamt[2].txt
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\mhcbl[1].txt
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IFVIYLNP\upxwut[1].txt
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\cxwivnm[1].txt
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NU3YW10E\hsamlkiu[2].txt
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\lgkjvgc[1].txt
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\ltbmlkw[1].htm
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6ZOZF8M\rmhtf[1].txt
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WA6JFDN0\jezxjvuwr[1].htm
    0
  19. donguyl Messages postés 36 Statut Membre
     
    Merci Aranjuez !

    Je t'aurais bien dédicacé un solo de guitare sèche si j'avais su en jouer ! :)

    Je ne pourrais pas avant ce soir car je bosse !

    Quand j'aurais fait ça ce sera fini ou il faut que je renvoi un rapport hijackthis aprés ???
    0
  20. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    oui c est préférable
    0
  21. donguyl Messages postés 36 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 20:20:31, on 18/05/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ULi5287\ULi5287.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINDOWS\system32\inetsec.exe
    C:\WINDOWS\system32\wnsec.exe
    C:\WINDOWS\TEMP\adv.exe
    C:\WINDOWS\TEMP\adv.exe
    C:\WINDOWS\System32\wuauclt.exe
    c:\nkmcjtlg.exe
    c:\Program Files\ksjedvj.exe
    c:\Program Files\ksjedvj.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe"
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ULiRaid5287] C:\Program Files\ULi5287\ULi5287.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SysTray] c:\Program Files\ksjedvj.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
    O4 - HKCU\..\Run: [ed95706d.exe] C:\Documents and Settings\gilou\Local Settings\Application Data\ed95706d.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 86.64.145.145 84.103.237.145
    O17 - HKLM\System\CCS\Services\Tcpip\..\{039AC7EB-12B4-40C0-8EB8-27F95CCB930D}: NameServer = 86.64.145.140,84.103.237.140
    O17 - HKLM\System\CS1\Services\Tcpip\..\{03386F13-C9D1-4C1D-A0B5-F4D573E3FFD9}: NameServer = 86.64.145.145 84.103.237.145
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: mmxeroxk - mmxeroxk.dll (file missing)
    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\System32\kgejohci.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

    Voici le dernier Hijack !

    J'ai le message "Your computer is infected" ect...Et Ewido me trouve des hoax et malware...

    :((
    0
  • 1
  • 2