[Virus] infecté par vundo et autre douceurs
Résolu
richarx
Messages postés
8
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
suite à un oubli des regles de bases en matiere de securité (je n'ai pas manqué de reprendre la leçon grace à vous !), mon pc est infecté pas le trojan.vundo et certainement d'autres surprises. J'ai bien entendu fait un scan antivirus (norton) et passé toute la liste des spybot et consors. Le virus resites aussi aux outils de type fix.vundo.
Alors ayant lu pas mal de résolution de ce type de probleme ici, je me permet de vous demander un coup de main. Voici le rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 12:07:12, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\ISHOST.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\{A4605C30-0A70-1036-0512-030403030021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Richarx\MESDOC~1\YSTEM3~1\javaw.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Richarx\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {26B61245-2471-3859-3126-04487DAC7F8A} - C:\WINDOWS\system32\ipnydgh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\byxyyvw.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [7v3j] C:\WINDOWS\system32\z1545.exe gdtgh
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eree] "C:\DOCUME~1\Richarx\MESDOC~1\YSTEM3~1\javaw.exe" -vt yazb
O4 - Global Startup: PowerPanel.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O20 - Winlogon Notify: byxyyvw - C:\WINDOWS\SYSTEM32\byxyyvw.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Merci de votre attention et pour votre sollicitude.
suite à un oubli des regles de bases en matiere de securité (je n'ai pas manqué de reprendre la leçon grace à vous !), mon pc est infecté pas le trojan.vundo et certainement d'autres surprises. J'ai bien entendu fait un scan antivirus (norton) et passé toute la liste des spybot et consors. Le virus resites aussi aux outils de type fix.vundo.
Alors ayant lu pas mal de résolution de ce type de probleme ici, je me permet de vous demander un coup de main. Voici le rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 12:07:12, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\ISHOST.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\{A4605C30-0A70-1036-0512-030403030021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Richarx\MESDOC~1\YSTEM3~1\javaw.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Richarx\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {26B61245-2471-3859-3126-04487DAC7F8A} - C:\WINDOWS\system32\ipnydgh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\byxyyvw.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [7v3j] C:\WINDOWS\system32\z1545.exe gdtgh
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eree] "C:\DOCUME~1\Richarx\MESDOC~1\YSTEM3~1\javaw.exe" -vt yazb
O4 - Global Startup: PowerPanel.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O20 - Winlogon Notify: byxyyvw - C:\WINDOWS\SYSTEM32\byxyyvw.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Merci de votre attention et pour votre sollicitude.
A voir également:
- [Virus] infecté par vundo et autre douceurs
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
14 réponses
Salut
telecharge
http://www.atribune.org/ccount/click.php?id=4
double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer sinon, fais le par toit même
Une fois qu'il a redemarré colle le rapport C:\vundofix.txt et un nouveau rapport hijackthis stp
telecharge
http://www.atribune.org/ccount/click.php?id=4
double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer sinon, fais le par toit même
Une fois qu'il a redemarré colle le rapport C:\vundofix.txt et un nouveau rapport hijackthis stp
voici les resultats:
Scan started at 12:37:51 15/12/2006
Listing files found while scanning....
C:\WINDOWS\system32\winjyp32.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\winjyp32.dll
C:\WINDOWS\system32\winjyp32.dll Has been deleted!
Performing Repairs to the registry.
Done!
et le log hijack:
Logfile of HijackThis v1.99.1
Scan saved at 13:25:23, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ISHOST.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\{A4605C30-0A70-1036-0512-030403030021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\DOCUME~1\Richarx\MESDOC~1\YSTEM3~1\javaw.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Richarx\Bureau\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {26B61245-2471-3859-3126-04487DAC7F8A} - C:\WINDOWS\system32\ipnydgh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\byxyyvw.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [7v3j] C:\WINDOWS\system32\z1545.exe gdtgh
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eree] "C:\DOCUME~1\Richarx\MESDOC~1\YSTEM3~1\javaw.exe" -vt yazb
O4 - Global Startup: PowerPanel.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O20 - Winlogon Notify: byxyyvw - C:\WINDOWS\SYSTEM32\byxyyvw.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Merci pour t'on aide ;)
Scan started at 12:37:51 15/12/2006
Listing files found while scanning....
C:\WINDOWS\system32\winjyp32.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\winjyp32.dll
C:\WINDOWS\system32\winjyp32.dll Has been deleted!
Performing Repairs to the registry.
Done!
et le log hijack:
Logfile of HijackThis v1.99.1
Scan saved at 13:25:23, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ISHOST.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\{A4605C30-0A70-1036-0512-030403030021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\DOCUME~1\Richarx\MESDOC~1\YSTEM3~1\javaw.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Richarx\Bureau\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {26B61245-2471-3859-3126-04487DAC7F8A} - C:\WINDOWS\system32\ipnydgh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\byxyyvw.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [7v3j] C:\WINDOWS\system32\z1545.exe gdtgh
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eree] "C:\DOCUME~1\Richarx\MESDOC~1\YSTEM3~1\javaw.exe" -vt yazb
O4 - Global Startup: PowerPanel.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O20 - Winlogon Notify: byxyyvw - C:\WINDOWS\SYSTEM32\byxyyvw.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Merci pour t'on aide ;)
ok, merci
tu peux jeter VundoFix
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
tu peux jeter VundoFix
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
voici le rapport VBE:
[12/15/2006, 13:33:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Richarx\Bureau\VirtumundoBeGone.exe" )
[12/15/2006, 13:33:38] - Detected System Information:
[12/15/2006, 13:33:38] - Windows Version: 5.1.2600, Service Pack 2
[12/15/2006, 13:33:38] - Current Username: Richarx (Admin)
[12/15/2006, 13:33:38] - Windows is in NORMAL mode.
[12/15/2006, 13:33:38] - Searching for Browser Helper Objects:
[12/15/2006, 13:33:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/15/2006, 13:33:38] - BHO 2: {26B61245-2471-3859-3126-04487DAC7F8A} ()
[12/15/2006, 13:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:38] - Checking for HKLM\...\Winlogon\Notify\ipnydgh
[12/15/2006, 13:33:38] - Key not found: HKLM\...\Winlogon\Notify\ipnydgh, continuing.
[12/15/2006, 13:33:38] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/15/2006, 13:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:38] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/15/2006, 13:33:38] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/15/2006, 13:33:38] - BHO 4: {A08CC50F-22BD-593C-9F6B-7BE55F604299} ()
[12/15/2006, 13:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:38] - Checking for HKLM\...\Winlogon\Notify\vicc
[12/15/2006, 13:33:38] - Key not found: HKLM\...\Winlogon\Notify\vicc, continuing.
[12/15/2006, 13:33:38] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/15/2006, 13:33:38] - BHO 6: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[12/15/2006, 13:33:38] - BHO 7: {C671A733-A4AA-4B5F-8CEE-006242C457B5} ()
[12/15/2006, 13:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:38] - Checking for HKLM\...\Winlogon\Notify\byxyyvw
[12/15/2006, 13:33:38] - Found: HKLM\...\Winlogon\Notify\byxyyvw - This is probably Virtumundo.
[12/15/2006, 13:33:38] - Assigning {C671A733-A4AA-4B5F-8CEE-006242C457B5} MSEvents Object
[12/15/2006, 13:33:38] - BHO list has been changed! Starting over...
[12/15/2006, 13:33:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/15/2006, 13:33:38] - BHO 2: {26B61245-2471-3859-3126-04487DAC7F8A} ()
[12/15/2006, 13:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:38] - Checking for HKLM\...\Winlogon\Notify\ipnydgh
[12/15/2006, 13:33:38] - Key not found: HKLM\...\Winlogon\Notify\ipnydgh, continuing.
[12/15/2006, 13:33:38] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/15/2006, 13:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:38] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/15/2006, 13:33:38] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/15/2006, 13:33:38] - BHO 4: {A08CC50F-22BD-593C-9F6B-7BE55F604299} ()
[12/15/2006, 13:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:38] - Checking for HKLM\...\Winlogon\Notify\vicc
[12/15/2006, 13:33:38] - Key not found: HKLM\...\Winlogon\Notify\vicc, continuing.
[12/15/2006, 13:33:38] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/15/2006, 13:33:38] - BHO 6: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[12/15/2006, 13:33:38] - BHO 7: {C671A733-A4AA-4B5F-8CEE-006242C457B5} (MSEvents Object)
[12/15/2006, 13:33:38] - ALERT: Found MSEvents Object!
[12/15/2006, 13:33:38] - BHO 8: {E1412445-4FF8-410e-8D24-F2CF86B171A4} (PEDEV_IEListener Class)
[12/15/2006, 13:33:38] - Finished Searching Browser Helper Objects
[12/15/2006, 13:33:38] - *** Detected MSEvents Object
[12/15/2006, 13:33:38] - Trying to remove MSEvents Object...
[12/15/2006, 13:33:39] - Terminating Process: IEXPLORE.EXE
[12/15/2006, 13:33:40] - Terminating Process: RUNDLL32.EXE
[12/15/2006, 13:33:40] - Disabling Automatic Shell Restart
[12/15/2006, 13:33:40] - Terminating Process: EXPLORER.EXE
[12/15/2006, 13:33:40] - Suspending the NT Session Manager System Service
[12/15/2006, 13:33:40] - Terminating Windows NT Logon/Logoff Manager
[12/15/2006, 13:33:41] - Re-enabling Automatic Shell Restart
[12/15/2006, 13:33:41] - File to disable: C:\WINDOWS\system32\byxyyvw.dll
[12/15/2006, 13:33:41] - Renaming C:\WINDOWS\system32\byxyyvw.dll -> C:\WINDOWS\system32\byxyyvw.dll.vir
[12/15/2006, 13:33:41] - ! File rename was unsucessful.
[12/15/2006, 13:33:41] - Attempting to Deny Access to C:\WINDOWS\system32\byxyyvw.dll
[12/15/2006, 13:33:42] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[12/15/2006, 13:33:42] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.
[12/15/2006, 13:33:42] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[12/15/2006, 13:33:42] - Removing HKLM\...\Browser Helper Objects\{C671A733-A4AA-4B5F-8CEE-006242C457B5}
[12/15/2006, 13:33:42] - Removing HKCR\CLSID\{C671A733-A4AA-4B5F-8CEE-006242C457B5}
[12/15/2006, 13:33:42] - Adding Kill Bit for ActiveX for GUID: {C671A733-A4AA-4B5F-8CEE-006242C457B5}
[12/15/2006, 13:33:42] - Deleting ATLEvents/MSEvents Registry entries
[12/15/2006, 13:33:42] - Removing HKLM\...\Winlogon\Notify\byxyyvw
[12/15/2006, 13:33:42] - Searching for Browser Helper Objects:
[12/15/2006, 13:33:42] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/15/2006, 13:33:42] - BHO 2: {26B61245-2471-3859-3126-04487DAC7F8A} ()
[12/15/2006, 13:33:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:42] - Checking for HKLM\...\Winlogon\Notify\ipnydgh
[12/15/2006, 13:33:42] - Key not found: HKLM\...\Winlogon\Notify\ipnydgh, continuing.
[12/15/2006, 13:33:42] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/15/2006, 13:33:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:42] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/15/2006, 13:33:42] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/15/2006, 13:33:42] - BHO 4: {A08CC50F-22BD-593C-9F6B-7BE55F604299} ()
[12/15/2006, 13:33:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:42] - Checking for HKLM\...\Winlogon\Notify\vicc
[12/15/2006, 13:33:42] - Key not found: HKLM\...\Winlogon\Notify\vicc, continuing.
[12/15/2006, 13:33:42] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/15/2006, 13:33:42] - BHO 6: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[12/15/2006, 13:33:42] - BHO 7: {E1412445-4FF8-410e-8D24-F2CF86B171A4} (PEDEV_IEListener Class)
[12/15/2006, 13:33:42] - Finished Searching Browser Helper Objects
[12/15/2006, 13:33:42] - Finishing up...
[12/15/2006, 13:33:42] - A restart is needed.
[12/15/2006, 13:33:54] - Attempting to Restart via STOP error (Blue Screen!)
et le hijack:
Logfile of HijackThis v1.99.1
Scan saved at 13:38:06, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ISHOST.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\{A4605C30-0A70-1036-0512-030403030021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Richarx\MESDOC~1\YSTEM3~1\javaw.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Richarx\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {26B61245-2471-3859-3126-04487DAC7F8A} - C:\WINDOWS\system32\ipnydgh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [7v3j] C:\WINDOWS\system32\z1545.exe gdtgh
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eree] "C:\DOCUME~1\Richarx\MESDOC~1\YSTEM3~1\javaw.exe" -vt yazb
O4 - Global Startup: PowerPanel.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
[12/15/2006, 13:33:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Richarx\Bureau\VirtumundoBeGone.exe" )
[12/15/2006, 13:33:38] - Detected System Information:
[12/15/2006, 13:33:38] - Windows Version: 5.1.2600, Service Pack 2
[12/15/2006, 13:33:38] - Current Username: Richarx (Admin)
[12/15/2006, 13:33:38] - Windows is in NORMAL mode.
[12/15/2006, 13:33:38] - Searching for Browser Helper Objects:
[12/15/2006, 13:33:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/15/2006, 13:33:38] - BHO 2: {26B61245-2471-3859-3126-04487DAC7F8A} ()
[12/15/2006, 13:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:38] - Checking for HKLM\...\Winlogon\Notify\ipnydgh
[12/15/2006, 13:33:38] - Key not found: HKLM\...\Winlogon\Notify\ipnydgh, continuing.
[12/15/2006, 13:33:38] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/15/2006, 13:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:38] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/15/2006, 13:33:38] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/15/2006, 13:33:38] - BHO 4: {A08CC50F-22BD-593C-9F6B-7BE55F604299} ()
[12/15/2006, 13:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:38] - Checking for HKLM\...\Winlogon\Notify\vicc
[12/15/2006, 13:33:38] - Key not found: HKLM\...\Winlogon\Notify\vicc, continuing.
[12/15/2006, 13:33:38] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/15/2006, 13:33:38] - BHO 6: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[12/15/2006, 13:33:38] - BHO 7: {C671A733-A4AA-4B5F-8CEE-006242C457B5} ()
[12/15/2006, 13:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:38] - Checking for HKLM\...\Winlogon\Notify\byxyyvw
[12/15/2006, 13:33:38] - Found: HKLM\...\Winlogon\Notify\byxyyvw - This is probably Virtumundo.
[12/15/2006, 13:33:38] - Assigning {C671A733-A4AA-4B5F-8CEE-006242C457B5} MSEvents Object
[12/15/2006, 13:33:38] - BHO list has been changed! Starting over...
[12/15/2006, 13:33:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/15/2006, 13:33:38] - BHO 2: {26B61245-2471-3859-3126-04487DAC7F8A} ()
[12/15/2006, 13:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:38] - Checking for HKLM\...\Winlogon\Notify\ipnydgh
[12/15/2006, 13:33:38] - Key not found: HKLM\...\Winlogon\Notify\ipnydgh, continuing.
[12/15/2006, 13:33:38] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/15/2006, 13:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:38] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/15/2006, 13:33:38] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/15/2006, 13:33:38] - BHO 4: {A08CC50F-22BD-593C-9F6B-7BE55F604299} ()
[12/15/2006, 13:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:38] - Checking for HKLM\...\Winlogon\Notify\vicc
[12/15/2006, 13:33:38] - Key not found: HKLM\...\Winlogon\Notify\vicc, continuing.
[12/15/2006, 13:33:38] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/15/2006, 13:33:38] - BHO 6: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[12/15/2006, 13:33:38] - BHO 7: {C671A733-A4AA-4B5F-8CEE-006242C457B5} (MSEvents Object)
[12/15/2006, 13:33:38] - ALERT: Found MSEvents Object!
[12/15/2006, 13:33:38] - BHO 8: {E1412445-4FF8-410e-8D24-F2CF86B171A4} (PEDEV_IEListener Class)
[12/15/2006, 13:33:38] - Finished Searching Browser Helper Objects
[12/15/2006, 13:33:38] - *** Detected MSEvents Object
[12/15/2006, 13:33:38] - Trying to remove MSEvents Object...
[12/15/2006, 13:33:39] - Terminating Process: IEXPLORE.EXE
[12/15/2006, 13:33:40] - Terminating Process: RUNDLL32.EXE
[12/15/2006, 13:33:40] - Disabling Automatic Shell Restart
[12/15/2006, 13:33:40] - Terminating Process: EXPLORER.EXE
[12/15/2006, 13:33:40] - Suspending the NT Session Manager System Service
[12/15/2006, 13:33:40] - Terminating Windows NT Logon/Logoff Manager
[12/15/2006, 13:33:41] - Re-enabling Automatic Shell Restart
[12/15/2006, 13:33:41] - File to disable: C:\WINDOWS\system32\byxyyvw.dll
[12/15/2006, 13:33:41] - Renaming C:\WINDOWS\system32\byxyyvw.dll -> C:\WINDOWS\system32\byxyyvw.dll.vir
[12/15/2006, 13:33:41] - ! File rename was unsucessful.
[12/15/2006, 13:33:41] - Attempting to Deny Access to C:\WINDOWS\system32\byxyyvw.dll
[12/15/2006, 13:33:42] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[12/15/2006, 13:33:42] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.
[12/15/2006, 13:33:42] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[12/15/2006, 13:33:42] - Removing HKLM\...\Browser Helper Objects\{C671A733-A4AA-4B5F-8CEE-006242C457B5}
[12/15/2006, 13:33:42] - Removing HKCR\CLSID\{C671A733-A4AA-4B5F-8CEE-006242C457B5}
[12/15/2006, 13:33:42] - Adding Kill Bit for ActiveX for GUID: {C671A733-A4AA-4B5F-8CEE-006242C457B5}
[12/15/2006, 13:33:42] - Deleting ATLEvents/MSEvents Registry entries
[12/15/2006, 13:33:42] - Removing HKLM\...\Winlogon\Notify\byxyyvw
[12/15/2006, 13:33:42] - Searching for Browser Helper Objects:
[12/15/2006, 13:33:42] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/15/2006, 13:33:42] - BHO 2: {26B61245-2471-3859-3126-04487DAC7F8A} ()
[12/15/2006, 13:33:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:42] - Checking for HKLM\...\Winlogon\Notify\ipnydgh
[12/15/2006, 13:33:42] - Key not found: HKLM\...\Winlogon\Notify\ipnydgh, continuing.
[12/15/2006, 13:33:42] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/15/2006, 13:33:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:42] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/15/2006, 13:33:42] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/15/2006, 13:33:42] - BHO 4: {A08CC50F-22BD-593C-9F6B-7BE55F604299} ()
[12/15/2006, 13:33:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/15/2006, 13:33:42] - Checking for HKLM\...\Winlogon\Notify\vicc
[12/15/2006, 13:33:42] - Key not found: HKLM\...\Winlogon\Notify\vicc, continuing.
[12/15/2006, 13:33:42] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/15/2006, 13:33:42] - BHO 6: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[12/15/2006, 13:33:42] - BHO 7: {E1412445-4FF8-410e-8D24-F2CF86B171A4} (PEDEV_IEListener Class)
[12/15/2006, 13:33:42] - Finished Searching Browser Helper Objects
[12/15/2006, 13:33:42] - Finishing up...
[12/15/2006, 13:33:42] - A restart is needed.
[12/15/2006, 13:33:54] - Attempting to Restart via STOP error (Blue Screen!)
et le hijack:
Logfile of HijackThis v1.99.1
Scan saved at 13:38:06, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ISHOST.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\{A4605C30-0A70-1036-0512-030403030021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Richarx\MESDOC~1\YSTEM3~1\javaw.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Richarx\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {26B61245-2471-3859-3126-04487DAC7F8A} - C:\WINDOWS\system32\ipnydgh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [7v3j] C:\WINDOWS\system32\z1545.exe gdtgh
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eree] "C:\DOCUME~1\Richarx\MESDOC~1\YSTEM3~1\javaw.exe" -vt yazb
O4 - Global Startup: PowerPanel.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
dac', tu peux le jeter aussi.
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
R3 - URLSearchHook: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: (no name) - {26B61245-2471-3859-3126-04487DAC7F8A} - C:\WINDOWS\system32\ipnydgh.dll
O2 - BHO: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O4 - HKLM\..\Run: [7v3j] C:\WINDOWS\system32\z1545.exe gdtgh
[Eree] "C:\DOCUME~1\Richarx\MESDOC~1\YSTEM3~1\javaw.exe" -vt yazb
¤ Clique sur démarrer, poste de travail, C:, program files et supprime ce dossier:
- PeDevice
¤ Clique sur démarrer, poste de travail, C:, program files, fichiers communs et supprime ce dossier:
- {34605.. < commence par
¤ Clique sur démarrer, poste de travail, C:, documents and settings, Richarx, MESDOCUMENTS, et supprime ce dossier:
- YSTEM3.. < commence par
¤ Clique sur démarer, rechercher, tous les fichiers et dossiers, cherche et supprime ces fichiers si présent:
- vicc.dll
- .ren < tu supprimes ce qu'il pourrait te trouver
- ipnydgh.dll
- z1545.exe
**Si un fichier persiste lors de la suppression fait ceci:
-Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisit "mode sans echec" attends un peu.. puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement
Télécharge, installe puis met à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système, supprime (delete) tout ce qu'il te trouve puis colle le rapport ici stp
Ewido: (en Anglais reste gratuit après la période d'essai)
--->Ewido
Si tu as besoin d'aide avec Ewido(devenu AVG-antispyware) regarde ce tutoriel:
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
R3 - URLSearchHook: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: (no name) - {26B61245-2471-3859-3126-04487DAC7F8A} - C:\WINDOWS\system32\ipnydgh.dll
O2 - BHO: (no name) - {A08CC50F-22BD-593C-9F6B-7BE55F604299} - C:\WINDOWS\system32\vicc.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34605~1\Bar888.dll
O4 - HKLM\..\Run: [7v3j] C:\WINDOWS\system32\z1545.exe gdtgh
[Eree] "C:\DOCUME~1\Richarx\MESDOC~1\YSTEM3~1\javaw.exe" -vt yazb
¤ Clique sur démarrer, poste de travail, C:, program files et supprime ce dossier:
- PeDevice
¤ Clique sur démarrer, poste de travail, C:, program files, fichiers communs et supprime ce dossier:
- {34605.. < commence par
¤ Clique sur démarrer, poste de travail, C:, documents and settings, Richarx, MESDOCUMENTS, et supprime ce dossier:
- YSTEM3.. < commence par
¤ Clique sur démarer, rechercher, tous les fichiers et dossiers, cherche et supprime ces fichiers si présent:
- vicc.dll
- .ren < tu supprimes ce qu'il pourrait te trouver
- ipnydgh.dll
- z1545.exe
**Si un fichier persiste lors de la suppression fait ceci:
-Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisit "mode sans echec" attends un peu.. puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement
Télécharge, installe puis met à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système, supprime (delete) tout ce qu'il te trouve puis colle le rapport ici stp
Ewido: (en Anglais reste gratuit après la période d'essai)
--->Ewido
Si tu as besoin d'aide avec Ewido(devenu AVG-antispyware) regarde ce tutoriel:
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
Me revoilou,
j'ai profité du down forum pour faire du menage par moi meme... va savoir ce que ca donne. Dans tous les cas, AVG a fait du bon boulot.
voici le post avg:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 17:08:13 15/12/2006
+ Résultat de l'analyse:
HKU\S-1-5-21-3599434359-2060312856-1882194655-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Ignoré.
C:\Documents and Settings\Richarx\Bureau\backups\backup-20061215-140450-118.dll -> Adware.PurityScan : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011205.dll -> Adware.PurityScan : Ignoré.
C:\Documents and Settings\Richarx\Bureau\backups\backup-20061215-140450-821.dll -> Adware.Softomate : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\4TY45QXI\130[1].net -> Adware.Softomate : Ignoré.
C:\Program Files\Fichiers communs\{A4605C30-0A70-1036-0512-030403030021}\Update.exe -> Adware.Softomate : Ignoré.
C:\Program Files\Fichiers communs\{A4605C30-0A70-1036-0512-030403030021}\system.dll -> Adware.Softomate : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011206.dll -> Adware.Softomate : Ignoré.
C:\WINDOWS\Temp\b130.exe -> Adware.Softomate : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\0PUZ4LEJ\srvghr[1].exe -> Adware.Universa : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\AY7MPR46\srvbpg[1].exe -> Adware.Universa : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\K5UVK96Z\srvepq[1].exe -> Adware.Universa : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\K5UVK96Z\srvvxf[1].exe -> Adware.Universa : Ignoré.
C:\WINDOWS\Temp\win180.tmp.exe -> Adware.Universa : Ignoré.
C:\WINDOWS\Temp\win19D.tmp.exe -> Adware.Universa : Ignoré.
C:\WINDOWS\Temp\win1C3.tmp.exe -> Adware.Universa : Ignoré.
C:\WINDOWS\Temp\win1E2.tmp.exe -> Adware.Universa : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011192.dll -> Adware.Virtumonde : Ignoré.
HKU\S-1-5-21-3599434359-2060312856-1882194655-1005\Software\ToolBar -> Adware.WebSearch : Ignoré.
HKU\S-1-5-21-3599434359-2060312856-1882194655-1005\Software\ToolBar\all -> Adware.WebSearch : Ignoré.
HKU\S-1-5-21-3599434359-2060312856-1882194655-1005\Software\ToolBar\all\History -> Adware.WebSearch : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\0PUZ4LEJ\wlzip32[1].exe -> Downloader.Agent.bca : Ignoré.
C:\WINDOWS\Temp\win1AB.tmp.exe -> Downloader.Agent.bca : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\0PUZ4LEJ\mulbin32[1].exe -> Downloader.PurityScan.dc : Ignoré.
C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.dc : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010115.exe -> Downloader.PurityScan.dc : Ignoré.
C:\WINDOWS\Temp\win1B7.tmp.exe -> Downloader.PurityScan.dc : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP132\A0009098.exe -> Downloader.Small.ctf : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP132\A0009095.exe -> Downloader.Small.ebu : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP132\A0009096.exe -> Downloader.Small.ebu : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009990.exe -> Dropper.Agent.azs : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\0PUZ4LEJ\install[1].htm -> Hijacker.Costrat.z : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009996.exe -> Hijacker.Costrat.z : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009993.exe -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009994.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009995.exe -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009997.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009998.exe -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009999.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0010000.exe -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0010001.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0010013.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
:mozilla.125:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.272:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.2o7 : Ignoré.
:mozilla.96:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Adbrite : Ignoré.
:mozilla.97:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Adbrite : Ignoré.
:mozilla.148:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Atdmt : Ignoré.
:mozilla.158:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Bluestreak : Ignoré.
:mozilla.73:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Com : Ignoré.
:mozilla.87:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Doubleclick : Ignoré.
:mozilla.78:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Estat : Ignoré.
:mozilla.108:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Hotlog : Ignoré.
:mozilla.149:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Mediaplex : Ignoré.
:mozilla.59:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.60:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.61:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.62:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.63:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.127:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Sexlist : Ignoré.
:mozilla.128:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Sexlist : Ignoré.
:mozilla.145:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Tacoda : Ignoré.
:mozilla.147:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Tacoda : Ignoré.
:mozilla.120:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.64:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.65:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.66:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP132\A0009099.exe -> Trojan.ProcKill.DJ : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP132\A0009100.exe -> Trojan.ProcKill.DJ : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP132\A0009101.exe -> Trojan.ProcKill.DJ : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0010002.exe -> Trojan.Sinowal.bh : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010071.dll -> Trojan.Sinowal.bh : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010072.dll -> Trojan.Sinowal.bh : Ignoré.
C:\WINDOWS\system32\wnscptr.exe -> Trojan.Small : Ignoré.
Fin du rapport
Je n'avais pas specifier de deleter... mais c'est chose faites.
Le hijack log maintenant:
Logfile of HijackThis v1.99.1
Scan saved at 18:54:34, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Richarx\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: PowerPanel.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Sur le site d'evaluation du log tout a l'air ok. j'ai en effet effacer les alertes precedentes. Au risque de me faire engeuler...j'ai tout de meme fait un coup de SmitfraudFix, et ainsi fait disparaitre le virusbuster qui me cassait les pieds ;)
Alors, le bout du tunel est proche ??
Merci pour ton aide precieuse.
j'ai profité du down forum pour faire du menage par moi meme... va savoir ce que ca donne. Dans tous les cas, AVG a fait du bon boulot.
voici le post avg:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 17:08:13 15/12/2006
+ Résultat de l'analyse:
HKU\S-1-5-21-3599434359-2060312856-1882194655-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Ignoré.
C:\Documents and Settings\Richarx\Bureau\backups\backup-20061215-140450-118.dll -> Adware.PurityScan : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011205.dll -> Adware.PurityScan : Ignoré.
C:\Documents and Settings\Richarx\Bureau\backups\backup-20061215-140450-821.dll -> Adware.Softomate : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\4TY45QXI\130[1].net -> Adware.Softomate : Ignoré.
C:\Program Files\Fichiers communs\{A4605C30-0A70-1036-0512-030403030021}\Update.exe -> Adware.Softomate : Ignoré.
C:\Program Files\Fichiers communs\{A4605C30-0A70-1036-0512-030403030021}\system.dll -> Adware.Softomate : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011206.dll -> Adware.Softomate : Ignoré.
C:\WINDOWS\Temp\b130.exe -> Adware.Softomate : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\0PUZ4LEJ\srvghr[1].exe -> Adware.Universa : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\AY7MPR46\srvbpg[1].exe -> Adware.Universa : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\K5UVK96Z\srvepq[1].exe -> Adware.Universa : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\K5UVK96Z\srvvxf[1].exe -> Adware.Universa : Ignoré.
C:\WINDOWS\Temp\win180.tmp.exe -> Adware.Universa : Ignoré.
C:\WINDOWS\Temp\win19D.tmp.exe -> Adware.Universa : Ignoré.
C:\WINDOWS\Temp\win1C3.tmp.exe -> Adware.Universa : Ignoré.
C:\WINDOWS\Temp\win1E2.tmp.exe -> Adware.Universa : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011192.dll -> Adware.Virtumonde : Ignoré.
HKU\S-1-5-21-3599434359-2060312856-1882194655-1005\Software\ToolBar -> Adware.WebSearch : Ignoré.
HKU\S-1-5-21-3599434359-2060312856-1882194655-1005\Software\ToolBar\all -> Adware.WebSearch : Ignoré.
HKU\S-1-5-21-3599434359-2060312856-1882194655-1005\Software\ToolBar\all\History -> Adware.WebSearch : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\0PUZ4LEJ\wlzip32[1].exe -> Downloader.Agent.bca : Ignoré.
C:\WINDOWS\Temp\win1AB.tmp.exe -> Downloader.Agent.bca : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\0PUZ4LEJ\mulbin32[1].exe -> Downloader.PurityScan.dc : Ignoré.
C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.dc : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010115.exe -> Downloader.PurityScan.dc : Ignoré.
C:\WINDOWS\Temp\win1B7.tmp.exe -> Downloader.PurityScan.dc : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP132\A0009098.exe -> Downloader.Small.ctf : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP132\A0009095.exe -> Downloader.Small.ebu : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP132\A0009096.exe -> Downloader.Small.ebu : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009990.exe -> Dropper.Agent.azs : Ignoré.
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\0PUZ4LEJ\install[1].htm -> Hijacker.Costrat.z : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009996.exe -> Hijacker.Costrat.z : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009993.exe -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009994.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009995.exe -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009997.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009998.exe -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0009999.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0010000.exe -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0010001.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0010013.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
:mozilla.125:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.272:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.2o7 : Ignoré.
:mozilla.96:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Adbrite : Ignoré.
:mozilla.97:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Adbrite : Ignoré.
:mozilla.148:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Atdmt : Ignoré.
:mozilla.158:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Bluestreak : Ignoré.
:mozilla.73:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Com : Ignoré.
:mozilla.87:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Doubleclick : Ignoré.
:mozilla.78:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Estat : Ignoré.
:mozilla.108:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Hotlog : Ignoré.
:mozilla.149:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Mediaplex : Ignoré.
:mozilla.59:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.60:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.61:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.62:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.63:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.127:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Sexlist : Ignoré.
:mozilla.128:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Sexlist : Ignoré.
:mozilla.145:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Tacoda : Ignoré.
:mozilla.147:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Tacoda : Ignoré.
:mozilla.120:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.64:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.65:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.66:C:\Documents and Settings\Richarx\Application Data\Mozilla\Firefox\Profiles\4pkdpplq.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP132\A0009099.exe -> Trojan.ProcKill.DJ : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP132\A0009100.exe -> Trojan.ProcKill.DJ : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP132\A0009101.exe -> Trojan.ProcKill.DJ : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP133\A0010002.exe -> Trojan.Sinowal.bh : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010071.dll -> Trojan.Sinowal.bh : Ignoré.
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010072.dll -> Trojan.Sinowal.bh : Ignoré.
C:\WINDOWS\system32\wnscptr.exe -> Trojan.Small : Ignoré.
Fin du rapport
Je n'avais pas specifier de deleter... mais c'est chose faites.
Le hijack log maintenant:
Logfile of HijackThis v1.99.1
Scan saved at 18:54:34, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Richarx\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: PowerPanel.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Sur le site d'evaluation du log tout a l'air ok. j'ai en effet effacer les alertes precedentes. Au risque de me faire engeuler...j'ai tout de meme fait un coup de SmitfraudFix, et ainsi fait disparaitre le virusbuster qui me cassait les pieds ;)
Alors, le bout du tunel est proche ??
Merci pour ton aide precieuse.
à première vue ça semble propre
Par contre :
¤ Pour mettre à jour JAVA
-Clique sur démarrer, panneau de configuration, en haut à gauche, tu choisis "basculer vers l'affichage classique"
- Tu choisis l'icône "Java" double clique dessus, clique sur l'onglet "mise à jour" puis "mise à jour maintenant" et télécharge la dernière version qu'il te trouvera
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clique dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
Par contre :
¤ Pour mettre à jour JAVA
-Clique sur démarrer, panneau de configuration, en haut à gauche, tu choisis "basculer vers l'affichage classique"
- Tu choisis l'icône "Java" double clique dessus, clique sur l'onglet "mise à jour" puis "mise à jour maintenant" et télécharge la dernière version qu'il te trouvera
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clique dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
Bien, maj faite. Le scan semble etre assez long, alors j'en profite pour te remercier. Car comme l'indique ta signature, "c'est en forgeant que l'on devient forgeron ! ".. et je me sens un peu plus compétent ce soir. En effet tu as non seulement resolu mon probleme, mais en plus j'en tire une grande experience. Les fois précedente j'avais abandonné au bout de 24h et apres essai de tout les logiciel que je pouvais trouver. et cela c'etait soldé par un formatage. Alors on remet les compteurs à zero: machine 0 - utilisateur 1 :D
j'en ai profité pour visiter ton site perso. Inutile de te dire qu'il est maintenant dans mes favoris ;)
A+ pour le resultat du scan
j'en ai profité pour visiter ton site perso. Inutile de te dire qu'il est maintenant dans mes favoris ;)
A+ pour le resultat du scan
et voici le rapport... il semble donc qu'il y a encore un soucis. Comment Bitdefender peut il trouver autant de virus (sans compter ceux deja en quarantaine) ? bref, voici le resultat:
Scanned File
Status
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\K5UVK96Z\l11[1].exe
Infected with: Trojan.Downloader.Zlob.AEN
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\K5UVK96Z\l11[1].exe
Disinfection failed
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\K5UVK96Z\l11[1].exe
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\05037047.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\05037047.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\05037047.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\13D72F31.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\13D72F31.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\13D72F31.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\14D04078.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\14D04078.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\14D04078.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\191503E7.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\191503E7.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\191503E7.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\19182DE4.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\19182DE4.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\19182DE4.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\191B57E0.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\191B57E0.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\191B57E0.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\191F01DD.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\191F01DD.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\191F01DD.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\19222BD9.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\19222BD9.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\19222BD9.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\1A5E5D5A=>(Quarantine-2)
Infected with: Trojan.Downloader.Busky.BS
C:\Program Files\Norton AntiVirus\Quarantine\1A5E5D5A=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\1A5E5D5A=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\20607C76.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\20607C76.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\20607C76.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\2A7047DA.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\2A7047DA.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\2A7047DA.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\33500FE5.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\33500FE5.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\33500FE5.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\335339E2.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\335339E2.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\335339E2.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\335763DE.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\335763DE.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\335763DE.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\335A0DDA.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\335A0DDA.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\335A0DDA.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\335D37D7.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\335D37D7.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\335D37D7.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\35856F77.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\35856F77.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\35856F77.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\3F1B1D37=>(Quarantine-2)
Infected with: Trojan.Downloader.Busky.BS
C:\Program Files\Norton AntiVirus\Quarantine\3F1B1D37=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\3F1B1D37=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\408F4F9D=>(Quarantine-2)
Infected with: Generic.PWStealer.AE883234
C:\Program Files\Norton AntiVirus\Quarantine\408F4F9D=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\408F4F9D=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\43421083.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\43421083.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\43421083.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\47811AFF.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\47811AFF.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\47811AFF.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\4F086278.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\4F086278.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\4F086278.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\56BE0534=>(Quarantine-2)
Infected with: Trojan.Downloader.Busky.BS
C:\Program Files\Norton AntiVirus\Quarantine\56BE0534=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\56BE0534=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\570C74DE=>(Quarantine-2)
Infected with: Trojan.Downloader.Busky.BS
C:\Program Files\Norton AntiVirus\Quarantine\570C74DE=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\570C74DE=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\571640C8.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\571640C8.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\571640C8.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\5A981E77.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\5A981E77.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\5A981E77.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\6152274B=>(Quarantine-2)
Infected with: Trojan.PWS.Sinowal.B
C:\Program Files\Norton AntiVirus\Quarantine\6152274B=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\6152274B=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\629563E7=>(Quarantine-2)
Infected with: Trojan.PWS.Sinowal.B
C:\Program Files\Norton AntiVirus\Quarantine\629563E7=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\629563E7=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\633E3559.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\633E3559.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\633E3559.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\64A869DB.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\64A869DB.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\64A869DB.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\6B8C1FDA.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\6B8C1FDA.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\6B8C1FDA.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010048.dll
Infected with: Trojan.Downloader.Busky.BS
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010048.dll
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010048.dll
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010082.exe
Infected with: Trojan.Downloader.Zlob.AES
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010082.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010082.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010097.dll
Infected with: Trojan.Downloader.Busky.BS
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010097.dll
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010097.dll
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010104.exe
Infected with: Trojan.Downloader.Zlob.ABN
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010104.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010104.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010105.exe
Infected with: Trojan.Downloader.Zlob.AES
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010105.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010105.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010106.EXE
Infected with: Trojan.Downloader.Zlob.AES
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010106.EXE
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010106.EXE
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010113.bat
Infected with: Trojan.Zlob.AM
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010113.bat
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010113.bat
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010143.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010143.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010143.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011144.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011144.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011144.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011158.dll
Infected with: Trojan.Klone.H
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011158.dll
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011158.dll
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011162.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011162.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011162.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011197.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011197.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011197.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011220.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011220.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011220.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011247.exe
Infected with: Trojan.Downloader.BKK
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011247.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011247.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011255.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011255.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011255.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011268.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011268.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011268.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011278.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011278.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011278.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011281.EXE
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011281.EXE
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011281.EXE
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011344.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011344.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011344.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011345.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011345.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011345.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011346.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011346.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011346.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011347.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011347.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011347.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011348.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011348.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011348.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011349.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011349.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011349.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011350.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011350.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011350.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011351.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011351.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011351.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011352.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011352.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011352.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011353.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011353.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011353.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011354.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011354.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011354.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011355.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011355.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011355.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011356.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011356.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011356.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011357.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011357.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011357.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011358.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011358.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011358.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011359.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011359.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011359.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011360.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011360.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011360.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011361.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011361.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011361.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011362.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011362.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011362.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011363.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011363.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011363.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011364.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011364.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011364.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011365.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011365.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011365.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011366.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011366.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011366.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011367.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011367.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011367.exe=>(Quarantine-2)
Deleted
C:\WINDOWS\system32\drvlad.dll
Infected with: Trojan.FakeAlert.S
C:\WINDOWS\system32\drvlad.dll
Disinfection failed
C:\WINDOWS\system32\drvlad.dll
Deleted
C:\WINDOWS\Temp\mst174.tmp
Infected with: Trojan.FakeAlert.S
C:\WINDOWS\Temp\mst174.tmp
Disinfection failed
C:\WINDOWS\Temp\mst174.tmp
Deleted
A+
Scanned File
Status
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\K5UVK96Z\l11[1].exe
Infected with: Trojan.Downloader.Zlob.AEN
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\K5UVK96Z\l11[1].exe
Disinfection failed
C:\Documents and Settings\Richarx\Local Settings\Temporary Internet Files\Content.IE5\K5UVK96Z\l11[1].exe
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\05037047.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\05037047.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\05037047.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\13D72F31.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\13D72F31.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\13D72F31.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\14D04078.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\14D04078.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\14D04078.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\191503E7.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\191503E7.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\191503E7.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\19182DE4.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\19182DE4.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\19182DE4.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\191B57E0.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\191B57E0.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\191B57E0.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\191F01DD.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\191F01DD.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\191F01DD.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\19222BD9.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\19222BD9.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\19222BD9.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\1A5E5D5A=>(Quarantine-2)
Infected with: Trojan.Downloader.Busky.BS
C:\Program Files\Norton AntiVirus\Quarantine\1A5E5D5A=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\1A5E5D5A=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\20607C76.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\20607C76.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\20607C76.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\2A7047DA.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\2A7047DA.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\2A7047DA.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\33500FE5.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\33500FE5.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\33500FE5.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\335339E2.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\335339E2.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\335339E2.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\335763DE.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\335763DE.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\335763DE.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\335A0DDA.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\335A0DDA.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\335A0DDA.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\335D37D7.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\335D37D7.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\335D37D7.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\35856F77.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\35856F77.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\35856F77.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\3F1B1D37=>(Quarantine-2)
Infected with: Trojan.Downloader.Busky.BS
C:\Program Files\Norton AntiVirus\Quarantine\3F1B1D37=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\3F1B1D37=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\408F4F9D=>(Quarantine-2)
Infected with: Generic.PWStealer.AE883234
C:\Program Files\Norton AntiVirus\Quarantine\408F4F9D=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\408F4F9D=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\43421083.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\43421083.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\43421083.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\47811AFF.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\47811AFF.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\47811AFF.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\4F086278.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\4F086278.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\4F086278.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\56BE0534=>(Quarantine-2)
Infected with: Trojan.Downloader.Busky.BS
C:\Program Files\Norton AntiVirus\Quarantine\56BE0534=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\56BE0534=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\570C74DE=>(Quarantine-2)
Infected with: Trojan.Downloader.Busky.BS
C:\Program Files\Norton AntiVirus\Quarantine\570C74DE=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\570C74DE=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\571640C8.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\571640C8.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\571640C8.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\5A981E77.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\5A981E77.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\5A981E77.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\6152274B=>(Quarantine-2)
Infected with: Trojan.PWS.Sinowal.B
C:\Program Files\Norton AntiVirus\Quarantine\6152274B=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\6152274B=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\629563E7=>(Quarantine-2)
Infected with: Trojan.PWS.Sinowal.B
C:\Program Files\Norton AntiVirus\Quarantine\629563E7=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\629563E7=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\633E3559.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\633E3559.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\633E3559.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\64A869DB.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\64A869DB.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\64A869DB.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\6B8C1FDA.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\Program Files\Norton AntiVirus\Quarantine\6B8C1FDA.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\6B8C1FDA.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010048.dll
Infected with: Trojan.Downloader.Busky.BS
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010048.dll
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010048.dll
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010082.exe
Infected with: Trojan.Downloader.Zlob.AES
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010082.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010082.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010097.dll
Infected with: Trojan.Downloader.Busky.BS
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010097.dll
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010097.dll
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010104.exe
Infected with: Trojan.Downloader.Zlob.ABN
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010104.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010104.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010105.exe
Infected with: Trojan.Downloader.Zlob.AES
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010105.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010105.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010106.EXE
Infected with: Trojan.Downloader.Zlob.AES
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010106.EXE
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010106.EXE
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010113.bat
Infected with: Trojan.Zlob.AM
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010113.bat
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010113.bat
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010143.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010143.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP135\A0010143.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011144.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011144.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011144.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011158.dll
Infected with: Trojan.Klone.H
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011158.dll
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011158.dll
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011162.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011162.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011162.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011197.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011197.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011197.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011220.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011220.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011220.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011247.exe
Infected with: Trojan.Downloader.BKK
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011247.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011247.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011255.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011255.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011255.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011268.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011268.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011268.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011278.exe
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011278.exe
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011278.exe
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011281.EXE
Infected with: Trojan.Downloader.Zlob.AEV
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011281.EXE
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP136\A0011281.EXE
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011344.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011344.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011344.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011345.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011345.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011345.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011346.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011346.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011346.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011347.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011347.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011347.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011348.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011348.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011348.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011349.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011349.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011349.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011350.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011350.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011350.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011351.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011351.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011351.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011352.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011352.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011352.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011353.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011353.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011353.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011354.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011354.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011354.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011355.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011355.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011355.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011356.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011356.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011356.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011357.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011357.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011357.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011358.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011358.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011358.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011359.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011359.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011359.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011360.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011360.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011360.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011361.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011361.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011361.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011362.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011362.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011362.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011363.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011363.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011363.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011364.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011364.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011364.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011365.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011365.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011365.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011366.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011366.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011366.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011367.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AQG
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011367.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{EC6BFBDE-57A3-40B2-8D5D-BE9DBD5FA390}\RP137\A0011367.exe=>(Quarantine-2)
Deleted
C:\WINDOWS\system32\drvlad.dll
Infected with: Trojan.FakeAlert.S
C:\WINDOWS\system32\drvlad.dll
Disinfection failed
C:\WINDOWS\system32\drvlad.dll
Deleted
C:\WINDOWS\Temp\mst174.tmp
Infected with: Trojan.FakeAlert.S
C:\WINDOWS\Temp\mst174.tmp
Disinfection failed
C:\WINDOWS\Temp\mst174.tmp
Deleted
A+
Me revoilà !
"Alors on remet les compteurs à zero: machine 0 - utilisateur 1 :D"
Lol, en esperant quelle reprenne pas le dessus :P
Rien d'alarmant !
Fait ce nettoyage: (à faire réguliérement)
¤Telecharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> Ccleaner
dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes
¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide pour Ccleaner, regarde ce tutoriel:
http://www.tutopat.com/viewtopic.php?t=305
et remet un rapport hijackthis stp
"Alors on remet les compteurs à zero: machine 0 - utilisateur 1 :D"
Lol, en esperant quelle reprenne pas le dessus :P
Rien d'alarmant !
Fait ce nettoyage: (à faire réguliérement)
¤Telecharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> Ccleaner
dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes
¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide pour Ccleaner, regarde ce tutoriel:
http://www.tutopat.com/viewtopic.php?t=305
et remet un rapport hijackthis stp
le rapport hijack:
Logfile of HijackThis v1.99.1
Scan saved at 22:14:17, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Richarx\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: PowerPanel.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
et voilou
Logfile of HijackThis v1.99.1
Scan saved at 22:14:17, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Richarx\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: PowerPanel.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
et voilou
