Conhook.cf difficile à déloger

anne -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonsoir,

Bon grosse grosse galère, j'ai réussi à isoler un Troj nommé conhook situé dans C:\Windows\system32\_c006B529.dat que bien sûr je n'arrive pas à déloger.

Alors dans l'ordre, j'ai fait un scan en ligne qui m'a trouvé plein de************
Ensuite, Vundofix qui m'en a viré certains
Puis combofix dont voici le log :


ComboFix 07-12-08.1 - Valérie POULAIN 2007-12-08 19:02:48.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.523 [GMT 1:00]
Running from: C:\Documents and Settings\Valérie POULAIN\Local Settings\Temporary Internet Files\Content.IE5\Q0S23D5F\ComboFix[1].exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Valérie POULAIN\Application Data\installer_fr[1].exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c006B529.dat
C:\WINDOWS\system32\altqjiqv.dll
C:\WINDOWS\system32\aqvjndtw.dll
C:\WINDOWS\system32\bqcrdiln.dll
C:\WINDOWS\system32\bstnnmuh.dll
C:\WINDOWS\system32\cxankrul.dll
C:\WINDOWS\system32\cylsesrb.dll
C:\WINDOWS\system32\djcvnuhs.dll
C:\WINDOWS\system32\eghekbot.dll
C:\WINDOWS\system32\ehfoowqk.dll
C:\WINDOWS\system32\flxxxqml.dll
C:\WINDOWS\system32\ftejtgun.dll
C:\WINDOWS\system32\fuwoyhhk.dll
C:\WINDOWS\system32\gfarjgqp.dll
C:\WINDOWS\system32\gjefibhv.dll
C:\WINDOWS\system32\ivwmvobc.dll
C:\WINDOWS\system32\jjmrouck.dll
C:\WINDOWS\system32\jkbwward.dll
C:\WINDOWS\system32\juqluvfe.dll
C:\WINDOWS\system32\kginjijf.dll
C:\WINDOWS\system32\kqlrutkh.dll
C:\WINDOWS\system32\lgyskgbq.dll
C:\WINDOWS\system32\lmqxxxlf.ini
C:\WINDOWS\system32\lvijedkk.dll
C:\WINDOWS\system32\lvpwtiic.dll
C:\WINDOWS\system32\macnlvqh.dll
C:\WINDOWS\system32\msqysrah.dll
C:\WINDOWS\system32\myoqbmex.dll
C:\WINDOWS\system32\ncghpbqr.dll
C:\WINDOWS\system32\nilkolvb.dll
C:\WINDOWS\system32\nkdxaoxk.dll
C:\WINDOWS\system32\nugkgiot.dll
C:\WINDOWS\system32\oredwkcj.dll
C:\WINDOWS\system32\orxrsovm.dll
C:\WINDOWS\system32\oujpcnyv.dll
C:\WINDOWS\system32\pprhwkul.dll
C:\WINDOWS\system32\qbqobcjn.dll
C:\WINDOWS\system32\qkgauphf.dll
C:\WINDOWS\system32\rgcfjceo.dll
C:\WINDOWS\system32\rnonvyeu.dll
C:\WINDOWS\system32\ryblrufx.dll
C:\WINDOWS\system32\sgkifhni.dll
C:\WINDOWS\system32\tiwkmsty.dll
C:\WINDOWS\system32\tniswelq.dll
C:\WINDOWS\system32\twtufnuo.dll
C:\WINDOWS\system32\uvfyntcu.dll
C:\WINDOWS\system32\uwxcpllq.dll
C:\WINDOWS\system32\vwuknpma.dll
C:\WINDOWS\system32\xmgofcnu.dll
C:\WINDOWS\system32\xyadd.bak1
C:\WINDOWS\system32\xyadd.bak2
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\xyadd.tmp
C:\WINDOWS\system32\yciwkmeb.dll
C:\WINDOWS\system32\yyrivjlx.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))))))))
.

2007-12-08 20:19 . 2007-12-08 20:19 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor
2007-12-08 18:51 . 2007-12-08 18:51 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-12-08 18:50 . 2007-12-08 18:50 <REP> d-------- C:\Program Files\Alwil Software
2007-12-08 18:50 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-08 18:50 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-08 18:50 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-08 18:50 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-08 18:50 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-08 18:50 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-08 18:50 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-08 18:50 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-08 18:12 . 2007-12-08 18:56 <REP> d-------- C:\VundoFix Backups
2007-12-08 17:58 . 2007-12-08 17:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DefenseNetSurfage
2007-12-08 17:57 . 2007-12-08 17:57 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-07 21:58 . 2007-12-08 12:30 834,188 ---hs---- C:\WINDOWS\system32\guvvoiuk.ini
2007-12-07 21:41 . 2007-12-07 21:41 834,400 ---hs---- C:\WINDOWS\system32\uyxljosc.ini
2007-12-07 21:13 . 2007-03-28 19:42 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-12-07 21:12 . 2007-12-07 21:16 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
2007-12-07 21:11 . 2007-12-07 21:11 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-07 21:11 . 2007-12-07 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-12-07 20:59 . 2007-12-08 17:11 <REP> d-------- C:\WINDOWS\report
2007-12-07 20:59 . 2007-12-07 20:59 <REP> d-------- C:\WINDOWS\AU_Backup
2007-12-07 20:59 . 2007-12-07 20:59 39,917,509 --a------ C:\WINDOWS\VPTNFILE.869
2007-12-07 20:59 . 2007-12-07 20:59 1,902,547 --a------ C:\WINDOWS\tsc.ptn
2007-12-07 20:59 . 2007-12-07 20:59 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-12-07 20:59 . 2007-12-07 20:59 267,845 --a------ C:\WINDOWS\tsc.exe
2007-12-07 20:59 . 2007-12-07 20:59 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-12-07 20:59 . 2007-12-07 20:59 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-12-07 20:58 . 2007-12-07 20:58 170 --a------ C:\WINDOWS\GetServer.ini
2007-12-07 20:34 . 2007-12-08 18:07 823 --a------ C:\WINDOWS\TSC.INI
2007-12-07 20:32 . 2007-12-07 20:32 <REP> d-------- C:\WINDOWS\AU_Log
2007-12-07 20:31 . 2007-12-07 20:31 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-12-07 20:31 . 2007-12-07 20:31 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-12-07 20:31 . 2007-12-07 20:31 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-12-07 20:23 . 2007-12-07 21:33 834,349 ---hs---- C:\WINDOWS\system32\yjtfdtka.ini
2007-12-07 20:22 . 2007-12-07 20:22 <REP> d-------- C:\Program Files\Trend Micro
2007-12-07 17:21 . 2007-12-07 20:17 834,160 ---hs---- C:\WINDOWS\system32\miqggnvp.ini
2007-12-07 11:29 . 2007-12-07 17:16 823,541 ---hs---- C:\WINDOWS\system32\sshaygdo.ini
2007-12-06 15:04 . 2007-12-07 11:26 797,483 ---hs---- C:\WINDOWS\system32\dnavkqio.ini
2007-12-06 14:55 . 2007-12-06 14:56 797,567 ---hs---- C:\WINDOWS\system32\wvrdqyhi.ini
2007-12-06 08:43 . 2007-12-06 14:55 797,507 ---hs---- C:\WINDOWS\system32\hhxdpwxe.ini
2007-12-05 22:57 . 2007-12-06 08:38 797,567 ---hs---- C:\WINDOWS\system32\pehgakcy.ini
2007-12-05 21:18 . 2007-12-05 22:48 797,447 ---hs---- C:\WINDOWS\system32\tbultvix.ini
2007-12-05 21:13 . 2007-12-05 21:13 807,419 ---hs---- C:\WINDOWS\system32\bpgpkrad.ini
2007-12-05 19:00 . 2007-12-05 21:13 669,112 ---hs---- C:\WINDOWS\system32\xxfgdxch.ini
2007-12-05 18:57 . 2007-12-05 18:58 668,992 ---hs---- C:\WINDOWS\system32\xcmoxegx.ini
2007-12-05 17:57 . 2007-12-05 17:58 668,932 ---hs---- C:\WINDOWS\system32\mmkaouvr.ini
2007-12-05 08:41 . 2007-12-05 17:55 669,052 ---hs---- C:\WINDOWS\system32\hemolnkb.ini
2007-12-04 08:36 . 2007-12-05 08:37 668,932 ---hs---- C:\WINDOWS\system32\kjiobhfs.ini
2007-12-03 18:20 . 2007-12-04 08:26 792,589 ---hs---- C:\WINDOWS\system32\uxyjudyl.ini
2007-12-02 20:50 . 2007-12-02 20:50 6,283 --a------ C:\WINDOWS\system32\btsbaobq.dll
2007-12-02 20:38 . 2007-12-02 20:38 <REP> d-------- C:\Program Files\Micro Application
2007-12-02 10:00 . 2007-12-03 18:10 1,153,111 ---hs---- C:\WINDOWS\system32\lefbcnmq.ini
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 09:42 . 2007-12-02 09:58 1,160,147 ---hs---- C:\WINDOWS\system32\mwvwvdpg.ini
2007-11-30 08:45 . 2007-11-30 08:45 1,176,938 ---hs---- C:\WINDOWS\system32\cbrmcwui.ini
2007-11-29 08:41 . 2007-11-30 08:42 1,341,551 ---hs---- C:\WINDOWS\system32\lkagbnoh.ini
2007-11-28 16:35 . 2007-11-29 08:33 667,434 ---hs---- C:\WINDOWS\system32\mvjipnxj.ini
2007-11-28 16:32 . 2007-11-28 16:32 667,314 ---hs---- C:\WINDOWS\system32\kktkspwm.ini
2007-11-28 15:32 . 2007-11-28 15:32 667,254 ---hs---- C:\WINDOWS\system32\hmechagl.ini
2007-11-28 14:29 . 2007-11-28 14:29 667,194 ---hs---- C:\WINDOWS\system32\xphrhhnp.ini
2007-11-28 14:26 . 2007-11-28 14:26 667,134 ---hs---- C:\WINDOWS\system32\xlmonxoi.ini
2007-11-28 08:51 . 2007-11-28 14:26 667,554 ---hs---- C:\WINDOWS\system32\hnlqqgoq.ini
2007-11-27 08:47 . 2007-11-28 08:48 702,600 ---hs---- C:\WINDOWS\system32\circsgmn.ini
2007-11-26 08:46 . 2007-11-27 08:47 708,632 ---hs---- C:\WINDOWS\system32\untwhbbg.ini
2007-11-25 12:31 . 2007-11-26 08:44 695,874 ---hs---- C:\WINDOWS\system32\apocdubf.ini
2007-11-24 10:35 . 2007-11-25 12:25 695,754 ---hs---- C:\WINDOWS\system32\kmapfufr.ini
2007-11-23 10:29 . 2007-11-24 10:30 749,968 ---hs---- C:\WINDOWS\system32\xksnvqba.ini
2007-11-23 09:27 . 2007-11-23 09:27 750,088 ---hs---- C:\WINDOWS\system32\oidjhenn.ini
2007-11-23 08:26 . 2007-11-23 08:26 750,028 ---hs---- C:\WINDOWS\system32\mspayxou.ini
2007-11-23 08:22 . 2007-11-23 08:22 749,968 ---hs---- C:\WINDOWS\system32\nlwmhffk.ini
2007-11-22 08:47 . 2007-11-23 08:21 719,272 ---hs---- C:\WINDOWS\system32\qnirgjlh.ini
2007-11-22 08:33 . 2007-11-22 08:33 859,602 ---hs---- C:\WINDOWS\system32\tkyijgap.ini
2007-11-21 08:45 . 2007-11-22 08:30 688,390 ---hs---- C:\WINDOWS\system32\irhdxhxo.ini
2007-11-20 09:56 . 2007-11-21 08:40 688,600 ---hs---- C:\WINDOWS\system32\vbbintkm.ini
2007-11-19 11:26 . 2007-11-20 08:39 679,055 ---hs---- C:\WINDOWS\system32\hlgqxffm.ini
2007-11-18 09:14 . 2007-11-19 11:20 678,935 ---hs---- C:\WINDOWS\system32\cfdbifyb.ini
2007-11-17 08:37 . 2007-11-18 09:09 678,100 ---hs---- C:\WINDOWS\system32\soumppcj.ini
2007-11-16 08:43 . 2007-11-17 08:28 675,949 ---hs---- C:\WINDOWS\system32\mobivqva.ini
2007-11-15 10:30 . 2007-11-16 08:35 671,316 ---hs---- C:\WINDOWS\system32\sxkapxty.ini
2007-11-15 09:45 . 2007-11-15 10:25 671,196 ---hs---- C:\WINDOWS\system32\dxvrsgop.ini
2007-11-14 09:42 . 2007-11-14 09:42 <REP> d-------- C:\HSF
2007-11-14 09:42 . 2007-11-14 09:46 0 --a------ C:\WINDOWS\WD.INI
2007-11-13 13:30 . 2007-11-15 09:42 671,256 ---hs---- C:\WINDOWS\system32\qtfcljtu.ini
2007-11-13 11:26 . 2007-11-13 11:26 658,621 ---hs---- C:\WINDOWS\system32\bexegkyx.ini
2007-11-13 09:18 . 2007-11-13 09:19 614,282 ---hs---- C:\WINDOWS\system32\upbawlqt.ini
2007-11-12 09:09 . 2007-11-12 09:09 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2007-11-11 20:31 . 2007-11-13 08:30 535,664 ---hs---- C:\WINDOWS\system32\cvvsgcha.ini
2007-11-10 13:54 . 2007-11-11 20:25 535,544 ---hs---- C:\WINDOWS\system32\mjgncigr.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-08 17:58 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-07 20:18 --------- d-----w C:\Program Files\Wanadoo
2007-12-07 20:18 --------- d-----w C:\Program Files\Smart Panel
2007-12-07 20:18 --------- d-----w C:\Program Files\PDFCreator
2007-12-07 20:18 --------- d-----w C:\Program Files\Microsoft Works
2007-12-07 20:18 --------- d-----w C:\Program Files\LimeWire
2007-12-07 20:18 --------- d-----w C:\Program Files\Disc2Phone
2007-12-05 07:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 07:40 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 07:40 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 07:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 07:40 --------- d-----w C:\Program Files\Symantec
2007-12-02 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-23 07:19 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-02 11:50 --------- d-----w C:\Program Files\Fichiers communs\Nettordinateur
2007-10-31 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-10-31 13:09 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-10-31 13:09 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-10-31 13:08 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-10-31 13:07 --------- d-----w C:\Program Files\Logitech
2007-10-31 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-31 12:01 --------- d-----w C:\Program Files\DefenseDuDisque
2007-10-30 22:00 --------- d-----w C:\Program Files\Fichiers communs\DefenseNetSurfage
2007-10-09 06:46 --------- d-----w C:\Program Files\CCleaner
2007-10-08 09:04 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-09-13 07:43 6,440 --sh--w C:\WINDOWS\system32\kjllm.bak2
2007-09-09 14:53 23,552 ----a-w C:\WINDOWS\system32\opnoopo.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{547691FA-560B-4F7B-840F-3C1599D6CCD2}]
C:\WINDOWS\system32\ddayx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-09-03 00:04]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
"Salestart(1)"="C:\Program Files\Fichiers communs\Nettordinateur\mc.exe" [2007-10-09 15:09]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys
R0 SiSRaid2;SiSRaid2;C:\WINDOWS\system32\drivers\SiSRaid2.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f451c4a9-41e1-11dc-94a6-00c0a8be533e}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6ac3ed9-53f8-11dc-94ae-00147f049dbf}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-07 20:13:39 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-02 19:02:19 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - Valérie POULAIN.job"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\VALRIE~1\LOCALS~1\Temp\uvuuqdwr.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 20:20:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 20:21:17 - machine was rebooted
.
--- E O F ---


Eventuellement je balance aussi un log d'Hijack, si ça peut servir.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:02, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Nettordinateur\mc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/redirect/startpage/adsl/fra
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {547691FA-560B-4F7B-840F-3C1599D6CCD2} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\Nettordinateur\mc.exe" dm=http://nettordinateur.com; ad=http://nettordinateur.com
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photoservice.photos.orange.fr/migrationorange/index.cfm
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

12 réponses

Réponse 1 / 12
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ça c'est de l'infection !!

Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp


++
0
Réponse 2 / 12
anne
 
Alors, je l'ai refait, il n'a rien trouvé, voici le log qui tient compte du 1er scan visiblement :


VundoFix V6.7.0

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 18:12:55 08/12/2007

Listing files found while scanning....

C:\windows\system32\__c0019C90.dat
C:\windows\system32\__c0019FD0.dat
C:\windows\system32\__c001DE2.dat
C:\windows\system32\__c001E7CA.dat
C:\windows\system32\__c001EE09.dat
C:\windows\system32\__c0021160.dat
C:\windows\system32\__c0022550.dat
C:\windows\system32\__c0026CD4.dat
C:\windows\system32\__c0027BB1.dat
C:\windows\system32\__c0031D0.dat
C:\windows\system32\__c0032361.dat
C:\windows\system32\__c0034E28.dat
C:\windows\system32\__c0041F41.dat
C:\windows\system32\__c0042B22.dat
C:\windows\system32\__c0048332.dat
C:\windows\system32\__c0050588.dat
C:\windows\system32\__c0059869.dat
C:\windows\system32\__c005B32A.dat
C:\windows\system32\__c005D116.dat
C:\windows\system32\__c005D6E4.dat
C:\windows\system32\__c005EAC.dat
C:\windows\system32\__c005FE1A.dat
C:\windows\system32\__c006390A.dat
C:\windows\system32\__c0064829.dat
C:\windows\system32\__c0064EE9.dat
C:\windows\system32\__c0065001.dat
C:\windows\system32\__c0065AFA.dat
C:\windows\system32\__c006737.dat
C:\windows\system32\__c006B529.dat
C:\windows\system32\__c0072471.dat
C:\windows\system32\__c0075E83.dat
C:\windows\system32\__c0076DC2.dat
C:\windows\system32\__c007D881.dat
C:\windows\system32\__c007F2C4.dat
C:\windows\system32\__c008034E.dat
C:\windows\system32\__c0086B2C.dat
C:\windows\system32\__c008A99.dat
C:\windows\system32\__c008E24C.dat
C:\windows\system32\__c00951F8.dat
C:\windows\system32\__c0095FF9.dat
C:\windows\system32\__c0099573.dat
C:\windows\system32\__c009FAE4.dat
C:\windows\system32\__c00A0166.dat
C:\windows\system32\__c00A1E98.dat
C:\windows\system32\__c00A3266.dat
C:\windows\system32\__c00A4DEF.dat
C:\windows\system32\__c00A4F82.dat
C:\windows\system32\__c00A52E2.dat
C:\windows\system32\__c00A9676.dat
C:\windows\system32\__c00ABD8A.dat
C:\windows\system32\__c00AEBAE.dat
C:\windows\system32\__c00B2109.dat
C:\windows\system32\__c00B3424.dat
C:\windows\system32\__c00B515B.dat
C:\windows\system32\__c00B8F84.dat
C:\windows\system32\__c00BB2D1.dat
C:\windows\system32\__c00CF440.dat
C:\windows\system32\__c00D7007.dat
C:\windows\system32\__c00DF451.dat
C:\windows\system32\__c00E0AE4.dat
C:\windows\system32\__c00E7AEE.dat
C:\windows\system32\__c00ECD0A.dat
C:\windows\system32\__c00EF502.dat
C:\windows\system32\__c00F1C44.dat
C:\windows\system32\__c00F9B51.dat
C:\windows\system32\__c00FCEA8.dat
C:\windows\system32\apaifpiy.dll
C:\windows\system32\apjijqnd.dll
C:\windows\system32\arpjarur.dll
C:\windows\system32\ayevqxwt.dll
C:\windows\system32\bivbrkmk.dll
C:\windows\system32\bluppwhv.dll
C:\windows\system32\bqtcucbt.dll
C:\windows\system32\btyhyovp.dll
C:\WINDOWS\system32\byxwwuu.dll
C:\WINDOWS\system32\ccvjmlbd.ini
C:\windows\system32\cdmncnio.dll
C:\windows\system32\chydgmnh.dll
C:\WINDOWS\system32\dblmjvcc.dll
C:\WINDOWS\system32\ddayx.dll
C:\windows\system32\dfhvosnl.dll
C:\windows\system32\djbmwxci.dll
C:\windows\system32\dqwhkcid.dll
C:\windows\system32\dxcayawe.dll
C:\windows\system32\eveardhc.dll
C:\windows\system32\fqjcscyo.dll
C:\windows\system32\fyfgwpot.dll
C:\windows\system32\geloruwc.dll
C:\windows\system32\gfihuegp.dll
C:\windows\system32\ghlxykiq.dll
C:\windows\system32\gojgeaqu.dll
C:\windows\system32\hcxxypcn.dll
C:\windows\system32\hsrstvno.dll
C:\windows\system32\hvnxdqvq.dll
C:\windows\system32\hvwcyffc.dll
C:\windows\system32\hwcrdlts.dll
C:\windows\system32\iaiosqpp.dll
C:\windows\system32\iasffpny.dll
C:\windows\system32\ihdfreqn.dll
C:\windows\system32\iiuiawrv.dll
C:\windows\system32\ipfmngii.dll
C:\windows\system32\ivlumsli.dll
C:\windows\system32\jvqvoovt.dll
C:\windows\system32\kbugqlbp.dll
C:\windows\system32\kihbiyej.dll
C:\windows\system32\kpvggcqe.dll
C:\windows\system32\kvebfgpt.dll
C:\windows\system32\leqjibuq.dll
C:\windows\system32\lkcjkpty.dll
C:\windows\system32\lkjqiptn.dll
C:\windows\system32\lmadqeux.dll
C:\windows\system32\lmiwxwqg.dll
C:\windows\system32\lruishmm.dll
C:\windows\system32\lvrsxrfk.dll
C:\windows\system32\lvrxoogd.dll
C:\windows\system32\mddwlgca.dll
C:\windows\system32\mgmdqxlw.dll
C:\windows\system32\mhvfxime.dll
C:\windows\system32\mldutpnm.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mlljk.dll
C:\windows\system32\ncswhwoa.dll
C:\windows\system32\ndsooqjs.dll
C:\windows\system32\nfaexobg.dll
C:\windows\system32\nhhleeml.dll
C:\windows\system32\nrrjwxpg.dll
C:\windows\system32\ohmdmvjy.dll
C:\windows\system32\ojqgwkuj.dll
C:\windows\system32\olsqbqip.dll
C:\windows\system32\onomoqde.dll
C:\windows\system32\ooyxpaae.dll
C:\windows\system32\orpxgdjp.dll
C:\windows\system32\pfalfqrn.dll
C:\windows\system32\pfycdisr.dll
C:\windows\system32\plwjniwd.dll
C:\windows\system32\psjbntra.dll
C:\windows\system32\qoylbyen.dll
C:\windows\system32\qyexnieb.dll
C:\windows\system32\rdsrfqap.dll
C:\windows\system32\rhommvjr.dll
C:\windows\system32\ridhrjdu.dll
C:\windows\system32\rodalrhb.dll
C:\windows\system32\rrcpfanu.dll
C:\windows\system32\ruhmgpom.dll
C:\windows\system32\ruiphevy.dll
C:\windows\system32\rysosnap.dll
C:\windows\system32\saxvbftq.dll
C:\windows\system32\skbxrtlu.dll
C:\windows\system32\sqbwqqdt.dll
C:\windows\system32\srjfojkn.dll
C:\windows\system32\tgavilyg.dll
C:\windows\system32\tkanqgxu.dll
C:\windows\system32\toiolubm.dll
C:\windows\system32\tuwdwinr.dll
C:\windows\system32\tvyccitk.dll
C:\windows\system32\ufhffeyo.dll
C:\windows\system32\ujgeoupj.dll
C:\windows\system32\ujilixbb.dll
C:\windows\system32\usxuxytv.dll
C:\windows\system32\uvqqvtdi.dll
C:\windows\system32\vjsmklat.dll
C:\windows\system32\vllepken.dll
C:\windows\system32\vrkvsuyu.dll
C:\windows\system32\vufyjlgx.dll
C:\windows\system32\wterfnes.dll
C:\windows\system32\xcktxaky.dll
C:\windows\system32\xgguqyrg.dll
C:\windows\system32\xjxptneb.dll
C:\windows\system32\xmyjjluw.dll
C:\windows\system32\xuemhkkv.dll
C:\windows\system32\yfsliqbi.dll
C:\windows\system32\ymlkdjmx.dll
C:\windows\system32\yxvholhm.dll

Beginning removal...

Attempting to delete C:\windows\system32\__c0019C90.dat
C:\windows\system32\__c0019C90.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0019FD0.dat
C:\windows\system32\__c0019FD0.dat Has been deleted!

Attempting to delete C:\windows\system32\__c001DE2.dat
C:\windows\system32\__c001DE2.dat Has been deleted!

Attempting to delete C:\windows\system32\__c001E7CA.dat
C:\windows\system32\__c001E7CA.dat Has been deleted!

Attempting to delete C:\windows\system32\__c001EE09.dat
C:\windows\system32\__c001EE09.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0021160.dat
C:\windows\system32\__c0021160.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0022550.dat
C:\windows\system32\__c0022550.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0026CD4.dat
C:\windows\system32\__c0026CD4.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0027BB1.dat
C:\windows\system32\__c0027BB1.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0031D0.dat
C:\windows\system32\__c0031D0.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0032361.dat
C:\windows\system32\__c0032361.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0034E28.dat
C:\windows\system32\__c0034E28.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0041F41.dat
C:\windows\system32\__c0041F41.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0042B22.dat
C:\windows\system32\__c0042B22.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0048332.dat
C:\windows\system32\__c0048332.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0050588.dat
C:\windows\system32\__c0050588.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0059869.dat
C:\windows\system32\__c0059869.dat Has been deleted!

Attempting to delete C:\windows\system32\__c005B32A.dat
C:\windows\system32\__c005B32A.dat Has been deleted!

Attempting to delete C:\windows\system32\__c005D116.dat
C:\windows\system32\__c005D116.dat Has been deleted!

Attempting to delete C:\windows\system32\__c005D6E4.dat
C:\windows\system32\__c005D6E4.dat Has been deleted!

Attempting to delete C:\windows\system32\__c005EAC.dat
C:\windows\system32\__c005EAC.dat Has been deleted!

Attempting to delete C:\windows\system32\__c005FE1A.dat
C:\windows\system32\__c005FE1A.dat Has been deleted!

Attempting to delete C:\windows\system32\__c006390A.dat
C:\windows\system32\__c006390A.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0064829.dat
C:\windows\system32\__c0064829.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0064EE9.dat
C:\windows\system32\__c0064EE9.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0065001.dat
C:\windows\system32\__c0065001.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0065AFA.dat
C:\windows\system32\__c0065AFA.dat Has been deleted!

Attempting to delete C:\windows\system32\__c006737.dat
C:\windows\system32\__c006737.dat Has been deleted!

Attempting to delete C:\windows\system32\__c006B529.dat
C:\windows\system32\__c006B529.dat Could not be deleted.

Attempting to delete C:\windows\system32\__c0072471.dat
C:\windows\system32\__c0072471.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0075E83.dat
C:\windows\system32\__c0075E83.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0076DC2.dat
C:\windows\system32\__c0076DC2.dat Has been deleted!

Attempting to delete C:\windows\system32\__c007D881.dat
C:\windows\system32\__c007D881.dat Has been deleted!

Attempting to delete C:\windows\system32\__c007F2C4.dat
C:\windows\system32\__c007F2C4.dat Has been deleted!

Attempting to delete C:\windows\system32\__c008034E.dat
C:\windows\system32\__c008034E.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0086B2C.dat
C:\windows\system32\__c0086B2C.dat Has been deleted!

Attempting to delete C:\windows\system32\__c008A99.dat
C:\windows\system32\__c008A99.dat Has been deleted!

Attempting to delete C:\windows\system32\__c008E24C.dat
C:\windows\system32\__c008E24C.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00951F8.dat
C:\windows\system32\__c00951F8.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0095FF9.dat
C:\windows\system32\__c0095FF9.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0099573.dat
C:\windows\system32\__c0099573.dat Has been deleted!

Attempting to delete C:\windows\system32\__c009FAE4.dat
C:\windows\system32\__c009FAE4.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00A0166.dat
C:\windows\system32\__c00A0166.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00A1E98.dat
C:\windows\system32\__c00A1E98.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00A3266.dat
C:\windows\system32\__c00A3266.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00A4DEF.dat
C:\windows\system32\__c00A4DEF.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00A4F82.dat
C:\windows\system32\__c00A4F82.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00A52E2.dat
C:\windows\system32\__c00A52E2.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00A9676.dat
C:\windows\system32\__c00A9676.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00ABD8A.dat
C:\windows\system32\__c00ABD8A.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00AEBAE.dat
C:\windows\system32\__c00AEBAE.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00B2109.dat
C:\windows\system32\__c00B2109.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00B3424.dat
C:\windows\system32\__c00B3424.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00B515B.dat
C:\windows\system32\__c00B515B.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00B8F84.dat
C:\windows\system32\__c00B8F84.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00BB2D1.dat
C:\windows\system32\__c00BB2D1.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00CF440.dat
C:\windows\system32\__c00CF440.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00D7007.dat
C:\windows\system32\__c00D7007.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00DF451.dat
C:\windows\system32\__c00DF451.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00E0AE4.dat
C:\windows\system32\__c00E0AE4.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00E7AEE.dat
C:\windows\system32\__c00E7AEE.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00ECD0A.dat
C:\windows\system32\__c00ECD0A.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00EF502.dat
C:\windows\system32\__c00EF502.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00F1C44.dat
C:\windows\system32\__c00F1C44.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00F9B51.dat
C:\windows\system32\__c00F9B51.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00FCEA8.dat
C:\windows\system32\__c00FCEA8.dat Has been deleted!

Attempting to delete C:\windows\system32\apaifpiy.dll
C:\windows\system32\apaifpiy.dll Has been deleted!

Attempting to delete C:\windows\system32\apjijqnd.dll
C:\windows\system32\apjijqnd.dll Has been deleted!

Attempting to delete C:\windows\system32\arpjarur.dll
C:\windows\system32\arpjarur.dll Has been deleted!

Attempting to delete C:\windows\system32\ayevqxwt.dll
C:\windows\system32\ayevqxwt.dll Has been deleted!

Attempting to delete C:\windows\system32\bivbrkmk.dll
C:\windows\system32\bivbrkmk.dll Has been deleted!

Attempting to delete C:\windows\system32\bluppwhv.dll
C:\windows\system32\bluppwhv.dll Has been deleted!

Attempting to delete C:\windows\system32\bqtcucbt.dll
C:\windows\system32\bqtcucbt.dll Has been deleted!

Attempting to delete C:\windows\system32\btyhyovp.dll
C:\windows\system32\btyhyovp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxwwuu.dll
C:\WINDOWS\system32\byxwwuu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ccvjmlbd.ini
C:\WINDOWS\system32\ccvjmlbd.ini Has been deleted!

Attempting to delete C:\windows\system32\cdmncnio.dll
C:\windows\system32\cdmncnio.dll Has been deleted!

Attempting to delete C:\windows\system32\chydgmnh.dll
C:\windows\system32\chydgmnh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dblmjvcc.dll
C:\WINDOWS\system32\dblmjvcc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ddayx.dll Has been deleted!

Attempting to delete C:\windows\system32\dfhvosnl.dll
C:\windows\system32\dfhvosnl.dll Has been deleted!

Attempting to delete C:\windows\system32\djbmwxci.dll
C:\windows\system32\djbmwxci.dll Has been deleted!

Attempting to delete C:\windows\system32\dqwhkcid.dll
C:\windows\system32\dqwhkcid.dll Has been deleted!

Attempting to delete C:\windows\system32\dxcayawe.dll
C:\windows\system32\dxcayawe.dll Has been deleted!

Attempting to delete C:\windows\system32\eveardhc.dll
C:\windows\system32\eveardhc.dll Has been deleted!

Attempting to delete C:\windows\system32\fqjcscyo.dll
C:\windows\system32\fqjcscyo.dll Has been deleted!

Attempting to delete C:\windows\system32\fyfgwpot.dll
C:\windows\system32\fyfgwpot.dll Has been deleted!

Attempting to delete C:\windows\system32\geloruwc.dll
C:\windows\system32\geloruwc.dll Has been deleted!

Attempting to delete C:\windows\system32\gfihuegp.dll
C:\windows\system32\gfihuegp.dll Has been deleted!

Attempting to delete C:\windows\system32\ghlxykiq.dll
C:\windows\system32\ghlxykiq.dll Has been deleted!

Attempting to delete C:\windows\system32\gojgeaqu.dll
C:\windows\system32\gojgeaqu.dll Has been deleted!

Attempting to delete C:\windows\system32\hcxxypcn.dll
C:\windows\system32\hcxxypcn.dll Has been deleted!

Attempting to delete C:\windows\system32\hsrstvno.dll
C:\windows\system32\hsrstvno.dll Has been deleted!

Attempting to delete C:\windows\system32\hvnxdqvq.dll
C:\windows\system32\hvnxdqvq.dll Has been deleted!

Attempting to delete C:\windows\system32\hvwcyffc.dll
C:\windows\system32\hvwcyffc.dll Has been deleted!

Attempting to delete C:\windows\system32\hwcrdlts.dll
C:\windows\system32\hwcrdlts.dll Has been deleted!

Attempting to delete C:\windows\system32\iaiosqpp.dll
C:\windows\system32\iaiosqpp.dll Has been deleted!

Attempting to delete C:\windows\system32\iasffpny.dll
C:\windows\system32\iasffpny.dll Has been deleted!

Attempting to delete C:\windows\system32\ihdfreqn.dll
C:\windows\system32\ihdfreqn.dll Has been deleted!

Attempting to delete C:\windows\system32\iiuiawrv.dll
C:\windows\system32\iiuiawrv.dll Has been deleted!

Attempting to delete C:\windows\system32\ipfmngii.dll
C:\windows\system32\ipfmngii.dll Has been deleted!

Attempting to delete C:\windows\system32\ivlumsli.dll
C:\windows\system32\ivlumsli.dll Has been deleted!

Attempting to delete C:\windows\system32\jvqvoovt.dll
C:\windows\system32\jvqvoovt.dll Has been deleted!

Attempting to delete C:\windows\system32\kbugqlbp.dll
C:\windows\system32\kbugqlbp.dll Has been deleted!

Attempting to delete C:\windows\system32\kihbiyej.dll
C:\windows\system32\kihbiyej.dll Has been deleted!

Attempting to delete C:\windows\system32\kpvggcqe.dll
C:\windows\system32\kpvggcqe.dll Has been deleted!

Attempting to delete C:\windows\system32\kvebfgpt.dll
C:\windows\system32\kvebfgpt.dll Has been deleted!

Attempting to delete C:\windows\system32\leqjibuq.dll
C:\windows\system32\leqjibuq.dll Has been deleted!

Attempting to delete C:\windows\system32\lkcjkpty.dll
C:\windows\system32\lkcjkpty.dll Has been deleted!

Attempting to delete C:\windows\system32\lkjqiptn.dll
C:\windows\system32\lkjqiptn.dll Has been deleted!

Attempting to delete C:\windows\system32\lmadqeux.dll
C:\windows\system32\lmadqeux.dll Has been deleted!

Attempting to delete C:\windows\system32\lmiwxwqg.dll
C:\windows\system32\lmiwxwqg.dll Has been deleted!

Attempting to delete C:\windows\system32\lruishmm.dll
C:\windows\system32\lruishmm.dll Has been deleted!

Attempting to delete C:\windows\system32\lvrsxrfk.dll
C:\windows\system32\lvrsxrfk.dll Has been deleted!

Attempting to delete C:\windows\system32\lvrxoogd.dll
C:\windows\system32\lvrxoogd.dll Has been deleted!

Attempting to delete C:\windows\system32\mddwlgca.dll
C:\windows\system32\mddwlgca.dll Has been deleted!

Attempting to delete C:\windows\system32\mgmdqxlw.dll
C:\windows\system32\mgmdqxlw.dll Has been deleted!

Attempting to delete C:\windows\system32\mhvfxime.dll
C:\windows\system32\mhvfxime.dll Has been deleted!

Attempting to delete C:\windows\system32\mldutpnm.dll
C:\windows\system32\mldutpnm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mlljk.dll Has been deleted!

Attempting to delete C:\windows\system32\ncswhwoa.dll
C:\windows\system32\ncswhwoa.dll Has been deleted!

Attempting to delete C:\windows\system32\ndsooqjs.dll
C:\windows\system32\ndsooqjs.dll Has been deleted!

Attempting to delete C:\windows\system32\nfaexobg.dll
C:\windows\system32\nfaexobg.dll Has been deleted!

Attempting to delete C:\windows\system32\nhhleeml.dll
C:\windows\system32\nhhleeml.dll Has been deleted!

Attempting to delete C:\windows\system32\nrrjwxpg.dll
C:\windows\system32\nrrjwxpg.dll Has been deleted!

Attempting to delete C:\windows\system32\ohmdmvjy.dll
C:\windows\system32\ohmdmvjy.dll Has been deleted!

Attempting to delete C:\windows\system32\ojqgwkuj.dll
C:\windows\system32\ojqgwkuj.dll Has been deleted!

Attempting to delete C:\windows\system32\olsqbqip.dll
C:\windows\system32\olsqbqip.dll Has been deleted!

Attempting to delete C:\windows\system32\onomoqde.dll
C:\windows\system32\onomoqde.dll Has been deleted!

Attempting to delete C:\windows\system32\ooyxpaae.dll
C:\windows\system32\ooyxpaae.dll Has been deleted!

Attempting to delete C:\windows\system32\orpxgdjp.dll
C:\windows\system32\orpxgdjp.dll Has been deleted!

Attempting to delete C:\windows\system32\pfalfqrn.dll
C:\windows\system32\pfalfqrn.dll Has been deleted!

Attempting to delete C:\windows\system32\pfycdisr.dll
C:\windows\system32\pfycdisr.dll Has been deleted!

Attempting to delete C:\windows\system32\plwjniwd.dll
C:\windows\system32\plwjniwd.dll Has been deleted!

Attempting to delete C:\windows\system32\psjbntra.dll
C:\windows\system32\psjbntra.dll Has been deleted!

Attempting to delete C:\windows\system32\qoylbyen.dll
C:\windows\system32\qoylbyen.dll Has been deleted!

Attempting to delete C:\windows\system32\qyexnieb.dll
C:\windows\system32\qyexnieb.dll Has been deleted!

Attempting to delete C:\windows\system32\rdsrfqap.dll
C:\windows\system32\rdsrfqap.dll Has been deleted!

Attempting to delete C:\windows\system32\rhommvjr.dll
C:\windows\system32\rhommvjr.dll Has been deleted!

Attempting to delete C:\windows\system32\ridhrjdu.dll
C:\windows\system32\ridhrjdu.dll Has been deleted!

Attempting to delete C:\windows\system32\rodalrhb.dll
C:\windows\system32\rodalrhb.dll Has been deleted!

Attempting to delete C:\windows\system32\rrcpfanu.dll
C:\windows\system32\rrcpfanu.dll Has been deleted!

Attempting to delete C:\windows\system32\ruhmgpom.dll
C:\windows\system32\ruhmgpom.dll Has been deleted!

Attempting to delete C:\windows\system32\ruiphevy.dll
C:\windows\system32\ruiphevy.dll Has been deleted!

Attempting to delete C:\windows\system32\rysosnap.dll
C:\windows\system32\rysosnap.dll Has been deleted!

Attempting to delete C:\windows\system32\saxvbftq.dll
C:\windows\system32\saxvbftq.dll Has been deleted!

Attempting to delete C:\windows\system32\skbxrtlu.dll
C:\windows\system32\skbxrtlu.dll Has been deleted!

Attempting to delete C:\windows\system32\sqbwqqdt.dll
C:\windows\system32\sqbwqqdt.dll Has been deleted!

Attempting to delete C:\windows\system32\srjfojkn.dll
C:\windows\system32\srjfojkn.dll Has been deleted!

Attempting to delete C:\windows\system32\tgavilyg.dll
C:\windows\system32\tgavilyg.dll Has been deleted!

Attempting to delete C:\windows\system32\tkanqgxu.dll
C:\windows\system32\tkanqgxu.dll Has been deleted!

Attempting to delete C:\windows\system32\toiolubm.dll
C:\windows\system32\toiolubm.dll Has been deleted!

Attempting to delete C:\windows\system32\tuwdwinr.dll
C:\windows\system32\tuwdwinr.dll Has been deleted!

Attempting to delete C:\windows\system32\tvyccitk.dll
C:\windows\system32\tvyccitk.dll Has been deleted!

Attempting to delete C:\windows\system32\ufhffeyo.dll
C:\windows\system32\ufhffeyo.dll Has been deleted!

Attempting to delete C:\windows\system32\ujgeoupj.dll
C:\windows\system32\ujgeoupj.dll Has been deleted!

Attempting to delete C:\windows\system32\ujilixbb.dll
C:\windows\system32\ujilixbb.dll Has been deleted!

Attempting to delete C:\windows\system32\usxuxytv.dll
C:\windows\system32\usxuxytv.dll Has been deleted!

Attempting to delete C:\windows\system32\uvqqvtdi.dll
C:\windows\system32\uvqqvtdi.dll Has been deleted!

Attempting to delete C:\windows\system32\vjsmklat.dll
C:\windows\system32\vjsmklat.dll Has been deleted!

Attempting to delete C:\windows\system32\vllepken.dll
C:\windows\system32\vllepken.dll Has been deleted!

Attempting to delete C:\windows\system32\vrkvsuyu.dll
C:\windows\system32\vrkvsuyu.dll Has been deleted!

Attempting to delete C:\windows\system32\vufyjlgx.dll
C:\windows\system32\vufyjlgx.dll Has been deleted!

Attempting to delete C:\windows\system32\wterfnes.dll
C:\windows\system32\wterfnes.dll Has been deleted!

Attempting to delete C:\windows\system32\xcktxaky.dll
C:\windows\system32\xcktxaky.dll Has been deleted!

Attempting to delete C:\windows\system32\xgguqyrg.dll
C:\windows\system32\xgguqyrg.dll Has been deleted!

Attempting to delete C:\windows\system32\xjxptneb.dll
C:\windows\system32\xjxptneb.dll Has been deleted!

Attempting to delete C:\windows\system32\xmyjjluw.dll
C:\windows\system32\xmyjjluw.dll Has been deleted!

Attempting to delete C:\windows\system32\xuemhkkv.dll
C:\windows\system32\xuemhkkv.dll Has been deleted!

Attempting to delete C:\windows\system32\yfsliqbi.dll
C:\windows\system32\yfsliqbi.dll Has been deleted!

Attempting to delete C:\windows\system32\ymlkdjmx.dll
C:\windows\system32\ymlkdjmx.dll Has been deleted!

Attempting to delete C:\windows\system32\yxvholhm.dll
C:\windows\system32\yxvholhm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.0

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 18:33:19 08/12/2007

Listing files found while scanning....

C:\windows\system32\__c006B529.dat

Beginning removal...

Attempting to delete C:\windows\system32\__c006B529.dat
C:\windows\system32\__c006B529.dat Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.0

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 20:32:26 08/12/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...


Et maintenant, je saute de joie où je m'effondre parce qu'il y a encore du bazar???
0
Réponse 3 / 12
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
lol c'est le bazar complet !

j'ai jamais vu des rapports aussi infecté !! mais on va virer tous ces bébéttes ! :)

Télécharger VirtumundoBegone sur le bureau: http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe


Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau poste le stp

++
0
Réponse 4 / 12
anne
 
Et voilà!!!


[12/08/2007, 21:07:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Valérie POULAIN\Bureau\VirtumundoBeGone.exe" )
[12/08/2007, 21:07:11] - Detected System Information:
[12/08/2007, 21:07:11] - Windows Version: 5.1.2600, Service Pack 2
[12/08/2007, 21:07:11] - Current Username: Valérie POULAIN (Admin)
[12/08/2007, 21:07:11] - Windows is in NORMAL mode.
[12/08/2007, 21:07:11] - Searching for Browser Helper Objects:
[12/08/2007, 21:07:11] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[12/08/2007, 21:07:11] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[12/08/2007, 21:07:11] - BHO 3: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[12/08/2007, 21:07:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/08/2007, 21:07:11] - Checking for HKLM\...\Winlogon\Notify\NppBho
[12/08/2007, 21:07:11] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[12/08/2007, 21:07:11] - BHO 4: {547691FA-560B-4F7B-840F-3C1599D6CCD2} ()
[12/08/2007, 21:07:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/08/2007, 21:07:11] - Checking for HKLM\...\Winlogon\Notify\ddayx
[12/08/2007, 21:07:11] - Key not found: HKLM\...\Winlogon\Notify\ddayx, continuing.
[12/08/2007, 21:07:11] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/08/2007, 21:07:11] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/08/2007, 21:07:11] - BHO 7: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[12/08/2007, 21:07:11] - Finished Searching Browser Helper Objects
[12/08/2007, 21:07:11] - Finishing up...
[12/08/2007, 21:07:11] - Nothing found! Exiting...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum stp

++
0
Réponse 6 / 12
anne
 
Merci pour la réponse mais pas eu le temps de m'en occuper aujourd'hui, ce sera chose faite demain au bureau.
De toutes façons, je ne lâcherais pas avant 'avoir un portable "clean"!!!!!
0
Réponse 7 / 12
anne
 
Hello, me revoilà, avec le rapport de SDFix :


SDFix: Version 1.117

Run by Valérie POULAIN on 10/12/2007 at 09:07

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\VALRIE~1\Bureau\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 09:15:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\miss_chieuse_20@hotmail.fr\DFSR\Staging\CS{8D04368D-A815-9DB1-2494-63CDF7B6DF09}\01\11-{8D04368D-A815-9DB1-2494-63CDF7B6DF09}-v1-{051441C5-9B29-4140-883C-20942CF1EA03}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\miss_chieuse_20@hotmail.fr\DFSR\Staging\CS{8D04368D-A815-9DB1-2494-63CDF7B6DF09}\12\28-{051441C5-9B29-4140-883C-20942CF1EA03}-v12-{051441C5-9B29-4140-883C-20942CF1EA03}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11154 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\miss_chieuse_20@hotmail.fr\DFSR\Staging\CS{8D04368D-A815-9DB1-2494-63CDF7B6DF09}\12\28-{051441C5-9B29-4140-883C-20942CF1EA03}-v12-{051441C5-9B29-4140-883C-20942CF1EA03}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1256 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\miss_chieuse_20@hotmail.fr\DFSR\Staging\CS{8D04368D-A815-9DB1-2494-63CDF7B6DF09}\13\27-{051441C5-9B29-4140-883C-20942CF1EA03}-v13-{051441C5-9B29-4140-883C-20942CF1EA03}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 38964 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\miss_chieuse_20@hotmail.fr\DFSR\Staging\CS{8D04368D-A815-9DB1-2494-63CDF7B6DF09}\13\27-{051441C5-9B29-4140-883C-20942CF1EA03}-v13-{051441C5-9B29-4140-883C-20942CF1EA03}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4432 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\patetlaurence@hotmail.fr\DFSR\Staging\CS{092809CF-B44B-6712-4DAC-0AEED5E41731}\01\29-{092809CF-B44B-6712-4DAC-0AEED5E41731}-v1-{051441C5-9B29-4140-883C-20942CF1EA03}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\patetlaurence@hotmail.fr\DFSR\Staging\CS{092809CF-B44B-6712-4DAC-0AEED5E41731}\11\11-{C2F2F321-677C-46E4-A9FB-BBA0B550A19C}-v11-{C2F2F321-677C-46E4-A9FB-BBA0B550A19C}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1536 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\patetlaurence@hotmail.fr\DFSR\Staging\CS{092809CF-B44B-6712-4DAC-0AEED5E41731}\12\12-{C2F2F321-677C-46E4-A9FB-BBA0B550A19C}-v12-{C2F2F321-677C-46E4-A9FB-BBA0B550A19C}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2032 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\patetlaurence@hotmail.fr\DFSR\Staging\CS{092809CF-B44B-6712-4DAC-0AEED5E41731}\13\13-{C2F2F321-677C-46E4-A9FB-BBA0B550A19C}-v13-{C2F2F321-677C-46E4-A9FB-BBA0B550A19C}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1480 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\patetlaurence@hotmail.fr\DFSR\Staging\CS{092809CF-B44B-6712-4DAC-0AEED5E41731}\14\14-{C2F2F321-677C-46E4-A9FB-BBA0B550A19C}-v14-{C2F2F321-677C-46E4-A9FB-BBA0B550A19C}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2000 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\patetlaurence@hotmail.fr\DFSR\Staging\CS{092809CF-B44B-6712-4DAC-0AEED5E41731}\15\15-{C2F2F321-677C-46E4-A9FB-BBA0B550A19C}-v15-{C2F2F321-677C-46E4-A9FB-BBA0B550A19C}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1528 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\voilivaly@hotmail.fr\DFSR\Staging\CS{A353966E-6C0D-7841-B159-BA9EE824CDC2}\01\10-{A353966E-6C0D-7841-B159-BA9EE824CDC2}-v1-{051441C5-9B29-4140-883C-20942CF1EA03}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\voilivaly@hotmail.fr\DFSR\Staging\CS{A353966E-6C0D-7841-B159-BA9EE824CDC2}\11\23-{861D43CF-8348-4031-B7DD-06789EAD31C9}-v211-{051441C5-9B29-4140-883C-20942CF1EA03}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2892 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\voilivaly@hotmail.fr\DFSR\Staging\CS{A353966E-6C0D-7841-B159-BA9EE824CDC2}\11\23-{861D43CF-8348-4031-B7DD-06789EAD31C9}-v211-{051441C5-9B29-4140-883C-20942CF1EA03}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 312 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\voilivaly@hotmail.fr\DFSR\Staging\CS{A353966E-6C0D-7841-B159-BA9EE824CDC2}\14\216-{861D43CF-8348-4031-B7DD-06789EAD31C9}-v214-{861D43CF-8348-4031-B7DD-06789EAD31C9}-v216-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\voilivaly@hotmail.fr\DFSR\Staging\CS{A353966E-6C0D-7841-B159-BA9EE824CDC2}\18\26-{051441C5-9B29-4140-883C-20942CF1EA03}-v18-{051441C5-9B29-4140-883C-20942CF1EA03}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 3324 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\voilivaly@hotmail.fr\DFSR\Staging\CS{A353966E-6C0D-7841-B159-BA9EE824CDC2}\18\26-{051441C5-9B29-4140-883C-20942CF1EA03}-v18-{051441C5-9B29-4140-883C-20942CF1EA03}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 368 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\voilivaly@hotmail.fr\DFSR\Staging\CS{A353966E-6C0D-7841-B159-BA9EE824CDC2}\22\224-{861D43CF-8348-4031-B7DD-06789EAD31C9}-v222-{861D43CF-8348-4031-B7DD-06789EAD31C9}-v224-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\voilivaly@hotmail.fr\DFSR\Staging\CS{A353966E-6C0D-7841-B159-BA9EE824CDC2}\92\25-{861D43CF-8348-4031-B7DD-06789EAD31C9}-v192-{051441C5-9B29-4140-883C-20942CF1EA03}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 38964 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\belette-91@hotmail.fr\SharingMetadata\voilivaly@hotmail.fr\DFSR\Staging\CS{A353966E-6C0D-7841-B159-BA9EE824CDC2}\92\25-{861D43CF-8348-4031-B7DD-06789EAD31C9}-v192-{051441C5-9B29-4140-883C-20942CF1EA03}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4432 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\miss_chieuse_20@hotmail.fr\SharingMetadata\loupiote_60@hotmail.com\DFSR\Staging\CS{9F452EB4-79A3-677B-836A-BE9AE7AA695C}\01\11-{9F452EB4-79A3-677B-836A-BE9AE7AA695C}-v1-{5E0114FC-1935-4F78-9D23-F5D42A53A5F7}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\miss_chieuse_20@hotmail.fr\SharingMetadata\loupiote_60@hotmail.com\DFSR\Staging\CS{9F452EB4-79A3-677B-836A-BE9AE7AA695C}\11\11-{2A9C76F9-8CE6-4F38-A4A0-18243B7CC184}-v11-{2A9C76F9-8CE6-4F38-A4A0-18243B7CC184}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1216 bytes hidden from API
C:\Documents and Settings\Valérie POULAIN\Local Settings\Application Data\Microsoft\Messenger\miss_chieuse_20@hotmail.fr\SharingMetadata\loupiote_60@hotmail.com\DFSR\Staging\CS{9F452EB4-79A3-677B-836A-BE9AE7AA695C}\12\12-{2A9C76F9-8CE6-4F38-A4A0-18243B7CC184}-v12-{2A9C76F9-8CE6-4F38-A4A0-18243B7CC184}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1272 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 23


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Thu 4 Oct 2007 6,363 ..SH. --- "C:\WINDOWS\system32\jjkmp.tmp"
Thu 13 Sep 2007 6,440 ..SH. --- "C:\WINDOWS\system32\kjllm.bak2"
Sat 15 Sep 2007 6,585 ..SH. --- "C:\WINDOWS\system32\vyadd.tmp"
Fri 29 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 21 Oct 2004 40,960 A..H. --- "C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Installer\Setup.exe"
Thu 29 Mar 2007 5,966,336 ...H. --- "C:\Documents and Settings\Val‚rie POULAIN\Application Data\Microsoft\Word\~WRL0005.tmp"
Tue 18 Oct 2005 5,751,808 A..H. --- "Ca\Documents and Settings\Val‚rie POULAIN\Bureau\2006-2007\Conseil D‚partemental\~WRL0004.tmp"
Wed 30 Aug 2006 3,030,016 A..H. --- "C:\Documents and Settings\Val‚rie POULAIN\Bureau\2006-2007\M‚mento\~WRL0435.tmp"
Wed 30 Aug 2006 3,030,016 A..H. --- "C:\Documents and Settings\Val‚rie POULAIN\Bureau\UNSS 07_08\M‚mento\~WRL0435.tmp"
Fri 5 Oct 2007 583,680 A..H. --- "C:\Documents and Settings\Val‚rie POULAIN\Bureau\UNSS 07_08\Pr‚sentation de l'UNSS\~WRL3596.tmp"
Wed 30 Aug 2006 3,030,016 A..H. --- "C:\Documents and Settings\Val‚rie POULAIN\Bureau\UNSS 07_08\AG Septembre\M‚mento\~WRL0435.tmp"
Fri 9 Nov 2007 914,432 A..H. --- "C:\Documents and Settings\Val‚rie POULAIN\Bureau\UNSS 07_08\CROSS\cars\~WRL0005.tmp"
Tue 16 Oct 2007 1,142,784 A..H. --- "C:\Documents and Settings\Val‚rie POULAIN\Bureau\UNSS 07_08\CROSS\cars\~WRL0497.tmp"
Fri 14 Sep 2007 35,328 A..H. --- "C:\Documents and Settings\Val‚rie POULAIN\Bureau\UNSS 07_08\CROSS\remerciements\~WRL0004.tmp"
Tue 18 Sep 2007 82,944 A..H. --- "C:\Documents and Settings\Val‚rie POULAIN\Bureau\UNSS 07_08\Districts\Documents\~WRL0003.tmp"
Tue 18 Sep 2007 83,968 A..H. --- "C:\Documents and Settings\Val‚rie POULAIN\Bureau\UNSS 07_08\Districts\Documents\~WRL2553.tmp"
Wed 30 Aug 2006 3,030,016 A..H. --- "C:\Documents and Settings\Val‚rie POULAIN\Bureau\UNSS 07_08\Dossier de rentr‚e\M‚mento\~WRL0435.tmp"
Sun 2 Apr 2006 139,776 A..H. --- "C:\Documents and Settings\Val‚rie POULAIN\Bureau\CMN\JOFF\ESTIVAL COLLEGE\SARAN 2006\exam jo SARAN 2006 JO\~WRL0002.tmp"
Thu 13 Apr 2006 270,848 A..H. --- "C:\Documents and Settings\Val‚rie POULAIN\Bureau\CMN\JOFF\ESTIVAL COLLEGE\SARAN 2006\exam jo SARAN 2006 JO\~WRL0004.tmp"

Finished!


Je tente un scan en ligne pour vérif
0
Réponse 8 / 12
anne
 
Re-coucou, le scan en ligne chez secuser n'a rien trouvé. cela signifierait donc que youpiiiiiiiiiii le PC est clean!!!

Si c'est bien le cas, merci beaucoup pour ton aide précieuse. S'il reste encore des bricoles à virer, merci de me dire comment faire.
0
Réponse 9 / 12
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok, fais ce que est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++
0
Réponse 10 / 12
anne
 
OK, je ferais ça à midi, ma collègue se sert du PC pour l'instant.
0
Réponse 11 / 12
anne
 
bon alors me revoici:

Rapport de AVG :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:07:56 10/12/2007

+ Résultat de l'analyse:



C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054438.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054439.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054440.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054441.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054442.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054443.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054444.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054445.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054447.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054448.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054451.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054452.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054453.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054454.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054455.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054456.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054457.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054458.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054459.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054460.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054461.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054462.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054463.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054464.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054465.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054466.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054467.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054468.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054469.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054470.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054471.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054472.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054473.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054474.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054475.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054476.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054477.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054478.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054479.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054480.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054481.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054482.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054483.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054484.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054485.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054486.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054487.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054488.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054489.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054492.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054493.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054494.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054495.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054496.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054497.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054498.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054499.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054500.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054501.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054502.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054503.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054504.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054505.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054506.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054507.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054508.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054509.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054510.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054511.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054512.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054513.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054515.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054516.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054517.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054518.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054519.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054520.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054522.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054523.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054524.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054525.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054526.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054527.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054528.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054529.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054530.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054531.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054532.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054533.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054534.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054535.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054536.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054537.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054538.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054539.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054540.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054541.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054542.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054543.dll -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0019C90.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0019FD0.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c001DE2.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c001E7CA.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c001EE09.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0021160.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0022550.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0026CD4.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0027BB1.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0031D0.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0032361.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0034E28.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0041F41.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0042B22.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0048332.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0050588.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0059869.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c005B32A.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c005D116.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c005D6E4.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c005EAC.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c005FE1A.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c006390A.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0064829.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0064EE9.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0065001.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0065AFA.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c006737.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c006B529.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0072471.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0075E83.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0076DC2.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c007D881.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c007F2C4.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c008034E.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0086B2C.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c008A99.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c008E24C.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00951F8.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0095FF9.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c0099573.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c009FAE4.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00A0166.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00A1E98.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00A3266.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00A4DEF.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00A4F82.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00A52E2.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00A9676.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00ABD8A.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00AEBAE.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00B2109.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00B3424.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00B515B.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00B8F84.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00BB2D1.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00CF440.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00D7007.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00DF451.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00E0AE4.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00E7AEE.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00ECD0A.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00EF502.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00F1C44.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00F9B51.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\__c00FCEA8.dat.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\apaifpiy.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\apjijqnd.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\arpjarur.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ayevqxwt.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\bivbrkmk.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\bluppwhv.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\bqtcucbt.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\btyhyovp.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\cdmncnio.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\chydgmnh.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\dfhvosnl.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\djbmwxci.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\dqwhkcid.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\dxcayawe.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\eveardhc.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\fqjcscyo.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\fyfgwpot.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\geloruwc.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\gfihuegp.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ghlxykiq.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\gojgeaqu.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\hcxxypcn.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\hsrstvno.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\hvnxdqvq.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\hvwcyffc.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\hwcrdlts.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\iaiosqpp.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\iasffpny.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ihdfreqn.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\iiuiawrv.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ipfmngii.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ivlumsli.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\jvqvoovt.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\kbugqlbp.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\kihbiyej.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\kpvggcqe.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\kvebfgpt.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\leqjibuq.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\lkcjkpty.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\lkjqiptn.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\lmadqeux.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\lmiwxwqg.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\lruishmm.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\lvrsxrfk.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\lvrxoogd.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\mddwlgca.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\mgmdqxlw.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\mhvfxime.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\mldutpnm.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ncswhwoa.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ndsooqjs.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\nfaexobg.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\nhhleeml.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\nrrjwxpg.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ohmdmvjy.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ojqgwkuj.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\olsqbqip.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\onomoqde.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ooyxpaae.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\orpxgdjp.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\pfalfqrn.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\pfycdisr.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\plwjniwd.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\psjbntra.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\qoylbyen.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\qyexnieb.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\rdsrfqap.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\rhommvjr.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ridhrjdu.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\rodalrhb.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\rrcpfanu.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ruiphevy.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\rysosnap.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\saxvbftq.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\skbxrtlu.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\sqbwqqdt.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\srjfojkn.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\tkanqgxu.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\toiolubm.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\tuwdwinr.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\tvyccitk.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ufhffeyo.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ujgeoupj.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ujilixbb.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\usxuxytv.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\uvqqvtdi.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\vjsmklat.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\vllepken.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\vrkvsuyu.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\vufyjlgx.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\wterfnes.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\xcktxaky.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\xgguqyrg.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\xjxptneb.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\xmyjjluw.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\xuemhkkv.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\yfsliqbi.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\ymlkdjmx.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\VundoFix Backups\yxvholhm.dll.bad -> Downloader.ConHook.hl : Aucune action entreprise.
C:\qoobox\Quarantine\catchme2007-12-08_201950.09.zip/__c006B529.dat -> Downloader.ConHook.hl : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP273\A0044850.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP273\A0044851.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP273\A0044852.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP273\A0044853.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP273\A0044854.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044963.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044964.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044965.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044966.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044967.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044968.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044969.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044970.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044971.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044972.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044979.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044983.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044984.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044985.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044986.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP280\A0047220.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP280\A0047275.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP281\A0049303.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054557.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\VundoFix Backups\byxwwuu.dll.bad -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\WINDOWS\system32\opnoopo.dll -> Not-A-Virus.Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP299\A0054427.exe -> Not-A-Virus.Downloader.Win32.WinFixer.au : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP300\A0054560.exe -> Not-A-Virus.Downloader.Win32.WinFixer.au : Aucune action entreprise.
C:\qoobox\Quarantine\C\Documents and Settings\Valérie POULAIN\Application Data\installer_fr[1].exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.au : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044961.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044962.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044973.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044974.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044975.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044976.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044980.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044981.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044982.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : Aucune action entreprise.
C:\System Volume Information\_restore{D16DBCB1-3D04-4B37-B959-EE489F792850}\RP274\A0044988.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : Aucune action entreprise.
C:\Documents and Settings\Valérie POULAIN\Cookies\valérie poulain@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Valérie POULAIN\Cookies\valérie poulain@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\Valérie POULAIN\Cookies\valérie poulain@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Aucune action entreprise.
C:\Documents and Settings\Valérie POULAIN\Cookies\valérie poulain@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Valérie POULAIN\Cookies\valérie poulain@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Valérie POULAIN\Cookies\valérie poulain@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.


Fin du rapport



Rapport de Bitdefender :

BitDefender Online Scanner - Rapport virus en temps réel



Généré à: Wed, Dec 12, 2007 - 14:23:28


--------------------------------------------------------------------------------





Info d'analyse



Fichiers scannés
355802

Infectés Fichiers
464








Virus Détectés



Trojan.Generic.73213
1

Trojan.Vundo.DQO
35

Adware.Virtumonde.GHD
1

Trojan.Vundo.DQP
6

DeepScan:Generic.Virtumod.A22966E3
1

Trojan.Vundo.DRA
2

DeepScan:Generic.Virtumod.F1B758F8
1

Trojan.Vundo.DRS
2

Trojan.Vundo.DQR
2

Trojan.Vundo.DRB
2

DeepScan:Generic.Virtumod.25FFC9B7
2

DeepScan:Generic.Virtumod.B92F2260
6

Trojan.Agent.AFSH
2

Adware.Virtumonde.GGX
11

DeepScan:Generic.Virtumod.E1DE6FAD
1

Trojan.Downloader.Conhook.BI
265

Trojan.Agent.AFTJ
20

Trojan.Generic.70831
3

Trojan.Generic.71019
5

DeepScan:Generic.Virtumod.C81129A4
1

Trojan.Vundo.DRV
2

Adware.Virtumonde.GGZ
7

DeepScan:Generic.Virtumod.E555A5D0
2

Trojan.Vundo.DRF
2

Trojan.Agent.AFSK
2

Trojan.Vundo.DQX
2

DeepScan:Generic.Virtumod.101D988B
1

Trojan.Vundo.DQY
2

Trojan.Downloader.BUA
2

Trojan.Vundo.DPY
4

Trojan.Vundo.DNW
52

Trojan.Vundo.DQZ
4

Win32.Netsky.C@mm
1

Trojan.Vundo.DRK
2

Trojan.Generic.45237
3

DeepScan:Generic.Virtumod.9F3BD9D1
1

Trojan.Generic.45239
2

Trojan.Vundo.DRO
4










--------------------------------------------------------------------------------



Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.



Et pour finir le hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:07, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nettordinateur\mc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/redirect/startpage/adsl/fra
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {547691FA-560B-4F7B-840F-3C1599D6CCD2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\Nettordinateur\mc.exe" dm=http://nettordinateur.com; ad=http://nettordinateur.com
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photoservice.photos.orange.fr/migrationorange/index.cfm
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 12 / 12
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

est-ce que tu as supprimé tout ce qu'avg a trouvé ???

comment évolue la situation ??

++
0

Discussions similaires

Virus dans le dossier Winsxs, comment déloger
Anna Maria -
Anna Maria -

9 réponses