A voir également:
- Virtumonde et win 32.bho.df
- 32 bits - Guide
- Power iso 32 bit - Télécharger - Gravure
- Win rar - Télécharger - Compression & Décompression
- Télécharger windows 7 32 bits usb - Télécharger - Systèmes d'exploitation
- Clé de produit windows 7 professionnel 32 bits gratuit - Guide
17 réponses
colle un rapport hijackthis
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
________________________
scan avec vundo
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
_________________________
combofix (colle le rapport)
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
________________________
scan avec vundo
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
_________________________
combofix (colle le rapport)
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Voici l rapport hijacthis
je n'ai pas reussi a le renommer
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:29, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Samsung\EasyStudio 1.1.1\Sync ML Desktop Server\EasyStudio.exe
C:\PROGRA~1\Samsung\EASYST~1.1\MOBILE~1\EPMWOR~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EA802B1-E09F-41BE-B893-86B803FE0812} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: {a2f49023-cc62-cdda-17c4-b993e47b7234} - {4327b74e-399b-4c71-addc-26cc32094f2a} - C:\WINDOWS\system32\pyqpbudk.dll
O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe
O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [940fa517] rundll32.exe "C:\WINDOWS\system32\lbewqsxx.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2708840701-3223677912-2286348422-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Global Startup: Fenêtre d'état Canon LBP-810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{969C720D-089F-44D9-8523-C12010C31B54}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00B2E23.dat
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
je n'ai pas reussi a le renommer
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:29, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Samsung\EasyStudio 1.1.1\Sync ML Desktop Server\EasyStudio.exe
C:\PROGRA~1\Samsung\EASYST~1.1\MOBILE~1\EPMWOR~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EA802B1-E09F-41BE-B893-86B803FE0812} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: {a2f49023-cc62-cdda-17c4-b993e47b7234} - {4327b74e-399b-4c71-addc-26cc32094f2a} - C:\WINDOWS\system32\pyqpbudk.dll
O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe
O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [940fa517] rundll32.exe "C:\WINDOWS\system32\lbewqsxx.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2708840701-3223677912-2286348422-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Global Startup: Fenêtre d'état Canon LBP-810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{969C720D-089F-44D9-8523-C12010C31B54}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00B2E23.dat
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
ici le rapport combofix
ComboFix 07-10-29.1** - BOUDEAU JM 2007-10-29 14:42:17.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.668 [GMT 1:00]
Running from: C:\Documents and Settings\BOUDEAU JM\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\HotbarSA
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_gdf.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEula.mht
C:\Documents and Settings\All Users\Bureau\internet.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c00B2E23.dat
C:\WINDOWS\system32\dlpgjujq.dll
C:\WINDOWS\system32\eqijmfit.dll
C:\WINDOWS\system32\fkwyuppv.dll
C:\WINDOWS\system32\gedijphr.dll
C:\WINDOWS\system32\ggqqaikg.dll
C:\WINDOWS\system32\gqluegpn.dll
C:\WINDOWS\system32\hbefyyot.dll
C:\WINDOWS\system32\hpyphbty.dll
C:\WINDOWS\system32\jnmtqwjn.dll
C:\WINDOWS\system32\jvfaggff.dll
C:\WINDOWS\system32\kchngeow.dll
C:\WINDOWS\system32\lcqtskfn.dll
C:\WINDOWS\system32\ldctyspi.dll
C:\WINDOWS\system32\mcpcdxbj.dll
C:\WINDOWS\system32\mxrgivpb.dll
C:\WINDOWS\system32\nebgpvlq.dll
C:\WINDOWS\system32\okjxdytg.dll
C:\WINDOWS\system32\okssjjlp.dll
C:\WINDOWS\system32\pyqpbudk.dll
C:\WINDOWS\system32\qagrutsd.dll
C:\WINDOWS\system32\qdkcjpxe.dll
C:\WINDOWS\system32\xexdgeee.dll
C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\ybeeg.bak2
C:\WINDOWS\system32\ybeeg.ini
C:\WINDOWS\system32\ywdfnaqe.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent
((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-29 ))))))))))))))))))))))))))))))))))))
.
2007-10-29 14:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-29 14:15 <REP> d-------- C:\VundoFix Backups
2007-10-29 10:29 <REP> d-------- C:\Program Files\Trend Micro
2007-10-29 09:29 <REP> d-------- C:\Documents and Settings\BOUDEAU JM\Application Data\MSNInstaller
2007-10-26 14:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-10-26 14:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-10-26 14:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-10-26 14:29 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-10-26 14:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-10-26 14:29 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-10-26 14:29 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
2007-10-26 14:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2007-10-26 14:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-10-26 14:27 <REP> d-------- C:\WINDOWS\pss
2007-10-25 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-19 06:40 83,008 --a------ C:\WINDOWS\system32\lbewqsxx.dll
2007-10-10 06:42 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 15:07 <REP> d-------- C:\Program Files\Alwil Software
2007-10-08 15:07 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-08 15:07 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-08 15:07 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-08 15:07 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-08 15:07 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-08 15:07 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-08 15:07 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 08:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 14:58 --------- d-----w C:\Documents and Settings\BOUDEAU JM\Application Data\WeatherDPA
2007-10-08 14:01 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EA802B1-E09F-41BE-B893-86B803FE0812}]
C:\WINDOWS\system32\awtss.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}]
C:\WINDOWS\system32\pbfrv2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}"= C:\WINDOWS\system32\pbfrv2.dll [ ]
[HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}]
[HKEY_CLASSES_ROOT\pbfrv2.PBFRV2]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}"= C:\WINDOWS\system32\pbfrv2.dll [ ]
[HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}]
[HKEY_CLASSES_ROOT\pbfrv2.PBFRV2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 14:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 08:57]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2002-09-30 17:36 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtss]
C:\WINDOWS\system32\awtss.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeby]
C:\WINDOWS\system32\geeby.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Fenêtre d'état Canon LBP-810.LNK]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Fenêtre d'état Canon LBP-810.LNK
backup=C:\WINDOWS\pss\Fenêtre d'état Canon LBP-810.LNKCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\940fa517]
rundll32.exe "C:\WINDOWS\system32\lbewqsxx.dll",sitypnow
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAPON]
C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotbarOE]
C:\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotbarSA]
"C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
HDAudPropShortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"MysqlInventime"=3 (0x3)
"GenericHidService"=2 (0x2)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"ATI Smart"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AOL ACS"=2 (0x2)
R2 RapidPort;RapidPort;\??\C:\WINDOWS\system32\Drivers\CAPLPTN.SYS
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34723064-39bd-11db-bd17-00038a000015}]
AutoRun\command - I:\LaunchU3.exe
.
**************************************************************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 14:47:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-29 14:48:07 - machine was rebooted
.
--- E O F ---
ComboFix 07-10-29.1** - BOUDEAU JM 2007-10-29 14:42:17.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.668 [GMT 1:00]
Running from: C:\Documents and Settings\BOUDEAU JM\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\HotbarSA
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_gdf.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEula.mht
C:\Documents and Settings\All Users\Bureau\internet.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c00B2E23.dat
C:\WINDOWS\system32\dlpgjujq.dll
C:\WINDOWS\system32\eqijmfit.dll
C:\WINDOWS\system32\fkwyuppv.dll
C:\WINDOWS\system32\gedijphr.dll
C:\WINDOWS\system32\ggqqaikg.dll
C:\WINDOWS\system32\gqluegpn.dll
C:\WINDOWS\system32\hbefyyot.dll
C:\WINDOWS\system32\hpyphbty.dll
C:\WINDOWS\system32\jnmtqwjn.dll
C:\WINDOWS\system32\jvfaggff.dll
C:\WINDOWS\system32\kchngeow.dll
C:\WINDOWS\system32\lcqtskfn.dll
C:\WINDOWS\system32\ldctyspi.dll
C:\WINDOWS\system32\mcpcdxbj.dll
C:\WINDOWS\system32\mxrgivpb.dll
C:\WINDOWS\system32\nebgpvlq.dll
C:\WINDOWS\system32\okjxdytg.dll
C:\WINDOWS\system32\okssjjlp.dll
C:\WINDOWS\system32\pyqpbudk.dll
C:\WINDOWS\system32\qagrutsd.dll
C:\WINDOWS\system32\qdkcjpxe.dll
C:\WINDOWS\system32\xexdgeee.dll
C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\ybeeg.bak2
C:\WINDOWS\system32\ybeeg.ini
C:\WINDOWS\system32\ywdfnaqe.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent
((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-29 ))))))))))))))))))))))))))))))))))))
.
2007-10-29 14:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-29 14:15 <REP> d-------- C:\VundoFix Backups
2007-10-29 10:29 <REP> d-------- C:\Program Files\Trend Micro
2007-10-29 09:29 <REP> d-------- C:\Documents and Settings\BOUDEAU JM\Application Data\MSNInstaller
2007-10-26 14:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-10-26 14:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-10-26 14:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-10-26 14:29 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-10-26 14:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-10-26 14:29 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-10-26 14:29 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
2007-10-26 14:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2007-10-26 14:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-10-26 14:27 <REP> d-------- C:\WINDOWS\pss
2007-10-25 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-19 06:40 83,008 --a------ C:\WINDOWS\system32\lbewqsxx.dll
2007-10-10 06:42 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 15:07 <REP> d-------- C:\Program Files\Alwil Software
2007-10-08 15:07 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-08 15:07 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-08 15:07 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-08 15:07 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-08 15:07 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-08 15:07 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-08 15:07 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 08:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 14:58 --------- d-----w C:\Documents and Settings\BOUDEAU JM\Application Data\WeatherDPA
2007-10-08 14:01 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EA802B1-E09F-41BE-B893-86B803FE0812}]
C:\WINDOWS\system32\awtss.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}]
C:\WINDOWS\system32\pbfrv2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}"= C:\WINDOWS\system32\pbfrv2.dll [ ]
[HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}]
[HKEY_CLASSES_ROOT\pbfrv2.PBFRV2]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}"= C:\WINDOWS\system32\pbfrv2.dll [ ]
[HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}]
[HKEY_CLASSES_ROOT\pbfrv2.PBFRV2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 14:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 08:57]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2002-09-30 17:36 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtss]
C:\WINDOWS\system32\awtss.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeby]
C:\WINDOWS\system32\geeby.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Fenêtre d'état Canon LBP-810.LNK]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Fenêtre d'état Canon LBP-810.LNK
backup=C:\WINDOWS\pss\Fenêtre d'état Canon LBP-810.LNKCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\940fa517]
rundll32.exe "C:\WINDOWS\system32\lbewqsxx.dll",sitypnow
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAPON]
C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotbarOE]
C:\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotbarSA]
"C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
HDAudPropShortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"MysqlInventime"=3 (0x3)
"GenericHidService"=2 (0x2)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"ATI Smart"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AOL ACS"=2 (0x2)
R2 RapidPort;RapidPort;\??\C:\WINDOWS\system32\Drivers\CAPLPTN.SYS
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34723064-39bd-11db-bd17-00038a000015}]
AutoRun\command - I:\LaunchU3.exe
.
**************************************************************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 14:47:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-29 14:48:07 - machine was rebooted
.
--- E O F ---
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
et le nouveau rapport hijacckthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:02, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EA802B1-E09F-41BE-B893-86B803FE0812} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{969C720D-089F-44D9-8523-C12010C31B54}: NameServer = 192.168.1.1
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:02, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EA802B1-E09F-41BE-B893-86B803FE0812} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe (User 'Default user')
O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{969C720D-089F-44D9-8523-C12010C31B54}: NameServer = 192.168.1.1
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
C:\WINDOWS\system32\lbewqsxx.dll
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799
______________________
AVG antispyware
https://www.01net.com/telecharger/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
C:\WINDOWS\system32\lbewqsxx.dll
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799
______________________
AVG antispyware
https://www.01net.com/telecharger/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan:
Service
Service load: 0% 100%
File: lbewqsxx.dll
Status: INFECTED/MALWARE
MD5: e957ea2ce83b70d3fca457f7a3c36988
Packers detected: -
Bit9 reports: File not found
Scanner results
Scan taken on 29 Oct 2007 14:10:13 (GMT)
A-Squared Found nothing
AntiVir Found TR/Dldr.ConHook.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic8.EGL
BitDefender Found Trojan.Vundo.DNW
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found Win32/Adware.Virtumonde application
Norman Virus Control Found Vundo.gen42
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Troj/Virtum-Gen
VirusBuster Found nothing
VBA32 Found nothing
Powered by
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.
Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.
Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.
Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.
Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.
Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!
--------------------------------------------------------------------------------
Statistics
Last file scanned at least one scanner reported something about: Swz59.dll (MD5: 7e64bab9e2ff4a6dadaefa87f8813e58, size: 129536 bytes), detected by:
Scanner Malware name
A-Squared Trojan-Spy.Win32.Delf.uc
AntiVir HEUR/Malware
ArcaVir Trojan.Spy.Delf.Uc
Avast Win32:Hupigon-AMD
AVG Antivirus Delf.ANB
BitDefender Trojan.Spy.Delf.UC
ClamAV Trojan.Spy-3638
CPsecure X
Dr.Web BackDoor.Bifrost.59
F-Prot Antivirus W32/Trojan.TVG
F-Secure Anti-Virus Trojan-Spy.Win32.Delf.uc
Fortinet X
Kaspersky Anti-Virus Trojan-Spy.Win32.Delf.uc
NOD32 Win32/Hupigon.NFN
Norman Virus Control W32/Delf.AAFB
Panda Antivirus Bck/Bifrose.AOP
Rising Antivirus Trojan.Spy.Delf.bse
Sophos Antivirus Mal/Behav-010
VirusBuster X
VBA32 BackDoor.Bifrost.59
You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
Frequently asked questions - Feedback - Privacy policy
Page generated by JTPL
© 2004-2007 Jordi Bosveld <jotti@jotti.org>
File to upload & scan:
Service
Service load: 0% 100%
File: lbewqsxx.dll
Status: INFECTED/MALWARE
MD5: e957ea2ce83b70d3fca457f7a3c36988
Packers detected: -
Bit9 reports: File not found
Scanner results
Scan taken on 29 Oct 2007 14:10:13 (GMT)
A-Squared Found nothing
AntiVir Found TR/Dldr.ConHook.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic8.EGL
BitDefender Found Trojan.Vundo.DNW
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found Win32/Adware.Virtumonde application
Norman Virus Control Found Vundo.gen42
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Troj/Virtum-Gen
VirusBuster Found nothing
VBA32 Found nothing
Powered by
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.
Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.
Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.
Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.
Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.
Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!
--------------------------------------------------------------------------------
Statistics
Last file scanned at least one scanner reported something about: Swz59.dll (MD5: 7e64bab9e2ff4a6dadaefa87f8813e58, size: 129536 bytes), detected by:
Scanner Malware name
A-Squared Trojan-Spy.Win32.Delf.uc
AntiVir HEUR/Malware
ArcaVir Trojan.Spy.Delf.Uc
Avast Win32:Hupigon-AMD
AVG Antivirus Delf.ANB
BitDefender Trojan.Spy.Delf.UC
ClamAV Trojan.Spy-3638
CPsecure X
Dr.Web BackDoor.Bifrost.59
F-Prot Antivirus W32/Trojan.TVG
F-Secure Anti-Virus Trojan-Spy.Win32.Delf.uc
Fortinet X
Kaspersky Anti-Virus Trojan-Spy.Win32.Delf.uc
NOD32 Win32/Hupigon.NFN
Norman Virus Control W32/Delf.AAFB
Panda Antivirus Bck/Bifrose.AOP
Rising Antivirus Trojan.Spy.Delf.bse
Sophos Antivirus Mal/Behav-010
VirusBuster X
VBA32 BackDoor.Bifrost.59
You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
Frequently asked questions - Feedback - Privacy policy
Page generated by JTPL
© 2004-2007 Jordi Bosveld <jotti@jotti.org>
Voici le rapportde avg:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 15:38:57 29/10/2007
+ Résultat de l'analyse:
HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-2708840701-3223677912-2286348422-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-2708840701-3223677912-2286348422-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP606\A0029040.dll -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP606\A0029046.dll -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP606\A0029047.exe -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.41:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.42:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.43:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.252:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.258:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.336:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.361:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.44:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.45:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.46:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.47:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.48:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.49:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.50:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.51:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.87:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@bidzcom.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.471:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Adobe : Nettoyé.
:mozilla.472:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Adobe : Nettoyé.
:mozilla.63:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.64:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.65:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.66:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.67:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.68:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.69:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.88:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
:mozilla.420:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.421:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.422:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.157:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.495:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.207:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.208:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.452:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.453:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.272:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.280:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@real[1].txt -> TrackingCookie.Real : Nettoyé.
:mozilla.319:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.101:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.326:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.327:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.328:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.329:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.330:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.110:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.111:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.112:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.113:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.408:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.424:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.425:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.426:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.14:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.15:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.17:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.21:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.22:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.23:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.189:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Starware : Nettoyé.
:mozilla.190:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Starware : Nettoyé.
:mozilla.465:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Starware : Nettoyé.
:mozilla.350:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.351:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.364:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.18:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.19:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.20:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.238:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.433:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.394:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.395:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.396:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.397:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 15:38:57 29/10/2007
+ Résultat de l'analyse:
HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-2708840701-3223677912-2286348422-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-2708840701-3223677912-2286348422-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP606\A0029040.dll -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP606\A0029046.dll -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP606\A0029047.exe -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.41:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.42:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.43:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.252:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.258:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.336:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.361:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.44:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.45:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.46:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.47:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.48:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.49:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.50:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.51:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.87:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@bidzcom.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.471:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Adobe : Nettoyé.
:mozilla.472:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Adobe : Nettoyé.
:mozilla.63:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.64:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.65:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.66:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.67:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.68:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.69:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.88:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
:mozilla.420:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.421:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.422:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.157:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.495:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.207:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.208:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.452:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.453:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.272:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.280:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@real[1].txt -> TrackingCookie.Real : Nettoyé.
:mozilla.319:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.101:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.326:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.327:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.328:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.329:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.330:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.110:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.111:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.112:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.113:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.408:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.424:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.425:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.426:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.14:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.15:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.17:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.21:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.22:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.23:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.189:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Starware : Nettoyé.
:mozilla.190:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Starware : Nettoyé.
:mozilla.465:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Starware : Nettoyé.
:mozilla.350:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.351:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.364:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.18:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.19:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.20:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.238:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.433:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\BOUDEAU JM\Cookies\boudeau jm@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.394:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.395:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.396:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.397:C:\Documents and Settings\BOUDEAU JM\Application Data\Mozilla\Firefox\Profiles\di0y5qdz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
ok
Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :
C:\WINDOWS\system32\lbewqsxx.dll
* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis
Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :
C:\WINDOWS\system32\lbewqsxx.dll
* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:59, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EA802B1-E09F-41BE-B893-86B803FE0812} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Global Startup: Fenêtre d'état Canon LBP-810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{969C720D-089F-44D9-8523-C12010C31B54}: NameServer = 192.168.1.1
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
Scan saved at 15:57:59, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EA802B1-E09F-41BE-B893-86B803FE0812} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Global Startup: Fenêtre d'état Canon LBP-810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{969C720D-089F-44D9-8523-C12010C31B54}: NameServer = 192.168.1.1
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
fix ces lignes avec hijackthis (fix cheked ) apres les avoir fixées sur la gauche
O2 - BHO: (no name) - {2EA802B1-E09F-41BE-B893-86B803FE0812} - C:\WINDOWS\system32\awtss.dll (file missing)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
________
vundofix a bien supprimé :
C:\WINDOWS\system32\lbewqsxx.dll ? comme je n'ai pas vu le rapport
________
si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
___________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
______________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
--------------------------
encore des problemes?
O2 - BHO: (no name) - {2EA802B1-E09F-41BE-B893-86B803FE0812} - C:\WINDOWS\system32\awtss.dll (file missing)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
________
vundofix a bien supprimé :
C:\WINDOWS\system32\lbewqsxx.dll ? comme je n'ai pas vu le rapport
________
si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
___________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
______________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
--------------------------
encore des problemes?
si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans puis réactive là
Merci de me detailler la procedure :sais pas faire
Merci de me detailler la procedure :sais pas faire
BitDefender Online Scanner
Rapport d'analyse généré à: Mon, Oct 29, 2007 - 17:11:23
Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;H:\;
Statistiques
Temps
00:25:39
Fichiers
171042
Directoires
5160
Secteurs de boot
3
Archives
6865
Paquets programmes
9519
Résultats
Virus identifiés
13
Fichiers infectés
87
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
87
Info sur les moteurs
Définition virus
858659
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
14
Archive des plugins
38
Unpack des plugins
7
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\qoobox\Quarantine\C\WINDOWS\system32\dlpgjujq.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\dlpgjujq.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\eqijmfit.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\eqijmfit.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\fkwyuppv.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\fkwyuppv.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\gedijphr.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\gedijphr.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\ggqqaikg.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\ggqqaikg.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\gqluegpn.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\gqluegpn.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\hbefyyot.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\hbefyyot.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\jnmtqwjn.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\jnmtqwjn.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\jvfaggff.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\jvfaggff.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\kchngeow.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\kchngeow.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\lcqtskfn.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\lcqtskfn.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\ldctyspi.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\ldctyspi.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\mcpcdxbj.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\mcpcdxbj.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\mxrgivpb.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\mxrgivpb.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\nebgpvlq.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\nebgpvlq.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\okjxdytg.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\okjxdytg.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\okssjjlp.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\okssjjlp.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\pyqpbudk.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\pyqpbudk.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\qagrutsd.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\qagrutsd.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\qdkcjpxe.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\qdkcjpxe.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\xexdgeee.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\xexdgeee.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\ywdfnaqe.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\ywdfnaqe.dll.vir
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP608\A0029135.dll
Infecté par: DeepScan:Generic.Virtumod.E2AF24CA
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP608\A0029135.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP608\A0029135.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP609\A0029196.dll
Infecté par: DeepScan:Generic.Virtumod.C59CC9A2
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP609\A0029196.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP609\A0029196.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP610\A0029216.dll
Infecté par: DeepScan:Generic.Virtumod.599E33B8
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP610\A0029216.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP610\A0029216.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP612\A0029244.dll
Infecté par: DeepScan:Generic.Virtumod.5FEACDE9
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP612\A0029244.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP612\A0029244.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP614\A0030282.dll
Infecté par: DeepScan:Generic.Virtumod.9DBF95A2
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP614\A0030282.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP614\A0030282.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP618\A0030411.dll
Infecté par: Trojan.Downloader.Agent.YPN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP618\A0030411.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP618\A0030412.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP618\A0030412.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP618\A0030412.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP619\A0031440.dll
Infecté par: Trojan.Downloader.Agent.YPN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP619\A0031440.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP619\A0031441.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP619\A0031441.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP619\A0031441.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052450.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052450.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052450.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052451.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052451.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052451.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052452.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052452.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052452.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052453.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052453.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052453.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0084450.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0084450.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0084450.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0084451.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0084451.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0084451.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0093458.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0093458.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0093458.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0093459.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0093459.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0093459.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0102470.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0102470.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0102470.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0102471.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0102471.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0102471.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0105483.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0105483.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0105483.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP625\A0106515.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP625\A0106515.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP625\A0106515.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP625\A0106516.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP625\A0106516.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP625\A0106516.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107587.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107587.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107587.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107588.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107588.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107588.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107615.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107615.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107615.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP628\A0107635.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP628\A0107635.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP628\A0107635.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP628\A0107636.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP628\A0107636.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP628\A0107636.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP629\A0107680.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP629\A0107680.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP629\A0107680.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP629\A0107681.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP629\A0107681.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP629\A0107681.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP630\A0107719.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP630\A0107719.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP630\A0107719.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP630\A0107720.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP630\A0107720.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP630\A0107720.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP631\A0107752.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP631\A0107752.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP631\A0107752.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP632\A0107792.dll
Détecté avec: Adware.Virtumonde.GGZ
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP632\A0107792.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP632\A0107792.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP632\A0107793.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP632\A0107793.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP632\A0107793.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP633\A0107818.dll
Détecté avec: Adware.Virtumonde.GGZ
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP633\A0107818.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP633\A0107818.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP633\A0107819.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP633\A0107819.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP633\A0107819.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP634\A0107850.dll
Détecté avec: Adware.Virtumonde.GGZ
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP634\A0107850.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP634\A0107850.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP635\A0107879.dll
Détecté avec: Adware.Virtumonde.GGZ
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP635\A0107879.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP635\A0107879.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP636\A0107946.dll
Détecté avec: Adware.Virtumonde.GHD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP636\A0107946.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP636\A0107946.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP637\A0108003.dll
Infecté par: DeepScan:Generic.Virtumod.248004AA
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP637\A0108003.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP637\A0108003.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP637\A0108004.dll
Infecté par: DeepScan:Generic.Virtumod.DE489CEC
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP637\A0108004.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP637\A0108004.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129259.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129259.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129260.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129260.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129261.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129261.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129262.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129262.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129263.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129263.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129264.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129264.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129265.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129265.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129267.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129267.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129268.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129268.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129269.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129269.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129270.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129270.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129271.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129271.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129272.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129272.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129273.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129273.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129274.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129274.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129275.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129275.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129276.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129276.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129277.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129277.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129278.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129278.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129279.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129279.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129280.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129280.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129281.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129281.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129397.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129397.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129397.dll
Supprimé
C:\VundoFix Backups\lbewqsxx.dll .bad
Infecté par: Trojan.Vundo.DNW
C:\VundoFix Backups\lbewqsxx.dll .bad
Echec de la désinfection
C:\VundoFix Backups\lbewqsxx.dll .bad
Supprimé
Rapport d'analyse généré à: Mon, Oct 29, 2007 - 17:11:23
Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;H:\;
Statistiques
Temps
00:25:39
Fichiers
171042
Directoires
5160
Secteurs de boot
3
Archives
6865
Paquets programmes
9519
Résultats
Virus identifiés
13
Fichiers infectés
87
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
87
Info sur les moteurs
Définition virus
858659
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
14
Archive des plugins
38
Unpack des plugins
7
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\qoobox\Quarantine\C\WINDOWS\system32\dlpgjujq.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\dlpgjujq.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\eqijmfit.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\eqijmfit.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\fkwyuppv.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\fkwyuppv.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\gedijphr.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\gedijphr.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\ggqqaikg.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\ggqqaikg.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\gqluegpn.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\gqluegpn.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\hbefyyot.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\hbefyyot.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\jnmtqwjn.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\jnmtqwjn.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\jvfaggff.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\jvfaggff.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\kchngeow.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\kchngeow.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\lcqtskfn.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\lcqtskfn.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\ldctyspi.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\ldctyspi.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\mcpcdxbj.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\mcpcdxbj.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\mxrgivpb.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\mxrgivpb.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\nebgpvlq.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\nebgpvlq.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\okjxdytg.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\okjxdytg.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\okssjjlp.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\okssjjlp.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\pyqpbudk.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\pyqpbudk.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\qagrutsd.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\qagrutsd.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\qdkcjpxe.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\qdkcjpxe.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\xexdgeee.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\xexdgeee.dll.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\ywdfnaqe.dll.vir
Infecté par: Trojan.Vundo.DOD
C:\qoobox\Quarantine\C\WINDOWS\system32\ywdfnaqe.dll.vir
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP608\A0029135.dll
Infecté par: DeepScan:Generic.Virtumod.E2AF24CA
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP608\A0029135.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP608\A0029135.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP609\A0029196.dll
Infecté par: DeepScan:Generic.Virtumod.C59CC9A2
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP609\A0029196.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP609\A0029196.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP610\A0029216.dll
Infecté par: DeepScan:Generic.Virtumod.599E33B8
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP610\A0029216.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP610\A0029216.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP612\A0029244.dll
Infecté par: DeepScan:Generic.Virtumod.5FEACDE9
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP612\A0029244.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP612\A0029244.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP614\A0030282.dll
Infecté par: DeepScan:Generic.Virtumod.9DBF95A2
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP614\A0030282.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP614\A0030282.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP618\A0030411.dll
Infecté par: Trojan.Downloader.Agent.YPN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP618\A0030411.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP618\A0030412.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP618\A0030412.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP618\A0030412.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP619\A0031440.dll
Infecté par: Trojan.Downloader.Agent.YPN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP619\A0031440.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP619\A0031441.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP619\A0031441.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP619\A0031441.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052450.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052450.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052450.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052451.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052451.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052451.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052452.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052452.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052452.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052453.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052453.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0052453.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0084450.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0084450.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0084450.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0084451.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0084451.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP623\A0084451.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0093458.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0093458.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0093458.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0093459.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0093459.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0093459.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0102470.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0102470.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0102470.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0102471.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0102471.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0102471.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0105483.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0105483.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP624\A0105483.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP625\A0106515.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP625\A0106515.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP625\A0106515.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP625\A0106516.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP625\A0106516.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP625\A0106516.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107587.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107587.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107587.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107588.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107588.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107588.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107615.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107615.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP627\A0107615.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP628\A0107635.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP628\A0107635.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP628\A0107635.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP628\A0107636.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP628\A0107636.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP628\A0107636.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP629\A0107680.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP629\A0107680.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP629\A0107680.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP629\A0107681.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP629\A0107681.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP629\A0107681.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP630\A0107719.dll
Détecté avec: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP630\A0107719.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP630\A0107719.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP630\A0107720.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP630\A0107720.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP630\A0107720.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP631\A0107752.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP631\A0107752.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP631\A0107752.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP632\A0107792.dll
Détecté avec: Adware.Virtumonde.GGZ
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP632\A0107792.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP632\A0107792.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP632\A0107793.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP632\A0107793.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP632\A0107793.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP633\A0107818.dll
Détecté avec: Adware.Virtumonde.GGZ
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP633\A0107818.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP633\A0107818.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP633\A0107819.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP633\A0107819.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP633\A0107819.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP634\A0107850.dll
Détecté avec: Adware.Virtumonde.GGZ
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP634\A0107850.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP634\A0107850.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP635\A0107879.dll
Détecté avec: Adware.Virtumonde.GGZ
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP635\A0107879.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP635\A0107879.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP636\A0107946.dll
Détecté avec: Adware.Virtumonde.GHD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP636\A0107946.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP636\A0107946.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP637\A0108003.dll
Infecté par: DeepScan:Generic.Virtumod.248004AA
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP637\A0108003.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP637\A0108003.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP637\A0108004.dll
Infecté par: DeepScan:Generic.Virtumod.DE489CEC
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP637\A0108004.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP637\A0108004.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129259.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129259.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129260.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129260.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129261.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129261.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129262.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129262.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129263.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129263.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129264.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129264.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129265.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129265.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129267.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129267.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129268.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129268.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129269.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129269.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129270.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129270.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129271.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129271.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129272.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129272.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129273.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129273.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129274.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129274.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129275.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129275.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129276.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129276.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129277.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129277.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129278.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129278.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129279.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129279.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129280.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129280.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129281.dll
Infecté par: Trojan.Vundo.DOD
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129281.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129397.dll
Infecté par: Trojan.Vundo.DNW
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129397.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129397.dll
Supprimé
C:\VundoFix Backups\lbewqsxx.dll .bad
Infecté par: Trojan.Vundo.DNW
C:\VundoFix Backups\lbewqsxx.dll .bad
Echec de la désinfection
C:\VundoFix Backups\lbewqsxx.dll .bad
Supprimé
vire ce qui est dans le fichier quarantine en allant dans poste de travail puis C puis qoobox puis quarantine:
C:\qoobox\Quarantine\C\WINDOWS\system32\dlpgjujq.dll.vir ....................
___________________
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129397.dll
ca c'est ta restauration systeme
alors desactive la comme indiqué, redemarre ton ordi puis reactive la
là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre
puis desactive la restauration)
__________________
ensuite recolle un raport hijackthis et tu dis tes pbs surtout
C:\qoobox\Quarantine\C\WINDOWS\system32\dlpgjujq.dll.vir ....................
___________________
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP641\A0129397.dll
ca c'est ta restauration systeme
alors desactive la comme indiqué, redemarre ton ordi puis reactive la
là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre
puis desactive la restauration)
__________________
ensuite recolle un raport hijackthis et tu dis tes pbs surtout
