Au secours / Win32.Trojan Downloader

meli-chan Messages postés 8 Statut Membre -
VincenVega-1 - 26 févr. 2008 à 14:26

Bonjour,

Vous êtes mon dernier espoir.
Samedi après midi mon ordinateur et plus particulièrement Norton, s'est affolé en me détectant un virus (le nom varie selon les différents scans) Le fameux win32 qui semble faire beaucoup de dégats actuellement.

J'ai utilisé tout ce qui était utilisable pour m'en débarasser je crois bien : Norton, Avast (après désintalation de Norton) Spyboth, Ad aware, CCleaner, voire même la version d'évaluation de Karpersky.
Rien n'y fait il persiste :
-Restriction en viogueur sur l'ordinateur (je suis le seul administrateur de l'ordi)
-Envoi de milliers de spam dans le monde (chacun analysé par norton... Invasion de mon écran par les analyses)
-Messages d'erreur par centaine...

En désespoir de cause, j'ai reformaté mon ordinateur... 4 fois. Le virus a persisté et il est toujours présent. Je n'en peux plus et je n'ai vraiment pas les moyens de racheter un ordinateur neuf.

Voici mon dernier scan en date :

Ad-Aware 2007 Build
Log File Created on: 2007-12-18 18:13:39
Using Definitions File: D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: 1036948703146
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 1
Processor type: AMD Athlon(tm) 64 Processor 3400+
Memory Available: 51%
Total Physical Memory: 1073070080 Bytes
Available Physical Memory: 546947072 Bytes
Total Page File Size: 2577854464 Bytes
Available On Page File: 2116956160 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1998151680 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3

Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Scanning registry for all users
Using permanent archive caching
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Logging Ad-Aware events
Blocking Pop-Ups aggressively
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Including Ad-aware command line parameters in log file
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Include reference summary in log file
Creating log file for removal operations
Including module info in log file
Include Alternate Data Stream details in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 40
Build Number: 0
Build Date and Time: 2007/12/17 08:47:35

Scan Statistics
===========================
Method: Smart
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 166532
Infections Detected: 229
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 118 118
Registry PE Scan: 0 0
Hosts File Scan.: 92 92
File Scan.......: 0 0
Folder Scan.....: 4 4
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 12 12
File Hash Scan..: 1 1

Infections Found
===========================
Family Id: 352 Name: FakeAlert Category: Malware TAI:5
Item Id: 300038140 Value: Root: HKCR Path: appid\{d27987b8-7244-4de0-ae10-39b826b492f1}
Item Id: 300038141 Value: Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{d27987b8-7244-4de0-ae10-39b826b492f1}
Item Id: 300033634 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows\currentversion\policies\explorer Value: nocontrolpanel
Item Id: 300033635 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows\currentversion\run Value: spoolsv
Item Id: 300033636 Value: Root: HKLM Path: software\microsoft\windows\currentversion\policies\system Value: disableregistrytools
Item Id: 300033637 Value: Root: HKLM Path: software\microsoft\windows\currentversion\policies\system Value: disabletaskmgr
Item Id: 300033638 Value: Root: HKLM Path: software\microsoft\windows\currentversion\run Value: printer
Item Id: 300033639 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033640 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033641 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033642 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033643 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033643 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033644 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033644 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033644 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033645 Value: Root: HKLM Path: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Value: Shell Data: Explorer.exe C:\WINDOWS\shell.exe
Item Id: 300038142 Value: Root: HKLM Path: software\microsoft\windows\currentversion\run Value: undefined
Item Id: 300038178 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038179 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038180 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038181 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038182 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038183 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038184 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038185 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038186 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038187 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038188 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038189 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038190 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038190 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038190 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038191 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038191 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038191 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038192 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038192 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038192 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038193 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038193 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038193 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038194 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038194 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038194 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038195 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038195 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038195 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038765 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows\currentversion\run Value: undefined
Family Id: 750 Name: Ultimate Defender Category: Misc TAI:3
Item Id: 300015811 Value: Root: HKLM Path: software\ultimate defender
Item Id: 300015812 Value: Root: HKLM Path: software\microsoft\windows\currentversion\uninstall\ultimate defender
Item Id: 300015814 Value: Root: HKLM Path: software\microsoft\windows\currentversion\run Value: ultimate defender
Item Id: 400001359 Value: Folder: C:\Program Files\ultimate defender
Item Id: 400001360 Value: Folder: D:\Documents and Settings\All Users\Menu Démarrer\Programmes\ultimate defender
Item Id: 400001958 Value: Folder: D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\Ultimate Defender
Family Id: 563 Name: Redirected hostfile entry Category: Misc TAI:4
Item Id: 500000624 Value: IP Address: 192.168.200.3 Host Name: AD.DOUBLECLICK.NET
Item Id: 500000625 Value: IP Address: 192.168.200.3 Host Name: AD.FASTCLICK.NET
Item Id: 500000626 Value: IP Address: 192.168.200.3 Host Name: ADS.FASTCLICK.NET
Item Id: 500000627 Value: IP Address: 192.168.200.3 Host Name: AR.ATWOLA.COM
Item Id: 500000628 Value: IP Address: 192.168.200.3 Host Name: ATDMT.COM
Item Id: 500000629 Value: IP Address: 192.168.200.3 Host Name: AVP.CH
Item Id: 500000630 Value: IP Address: 192.168.200.3 Host Name: AVP.COM
Item Id: 500000631 Value: IP Address: 192.168.200.3 Host Name: AVP.RU
Item Id: 500000632 Value: IP Address: 192.168.200.3 Host Name: AWAPS.NET
Item Id: 500000633 Value: IP Address: 192.168.200.3 Host Name: BANNER.FASTCLICK.NET
Item Id: 500000634 Value: IP Address: 192.168.200.3 Host Name: BANNERS.FASTCLICK.NET
Item Id: 500000635 Value: IP Address: 192.168.200.3 Host Name: CA.COM
Item Id: 500000636 Value: IP Address: 192.168.200.3 Host Name: CLICK.ATDMT.COM
Item Id: 500000637 Value: IP Address: 192.168.200.3 Host Name: CLICKS.ATDMT.COM
Item Id: 500000639 Value: IP Address: 192.168.200.3 Host Name: DISPATCH.MCAFEE.COM
Item Id: 500000640 Value: IP Address: 192.168.200.3 Host Name: DOWNLOAD.MCAFEE.COM
Item Id: 500000641 Value: IP Address: 192.168.200.3 Host Name: DOWNLOAD.MICROSOFT.COM
Item Id: 500000642 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS-US1.KASPERSKY-LABS.COM
Item Id: 500000643 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS-US2.KASPERSKY-LABS.COM
Item Id: 500000644 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS-US3.KASPERSKY-LABS.COM
Item Id: 500000645 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS.MICROSOFT.COM
Item Id: 500000646 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS1.KASPERSKY-LABS.COM
Item Id: 500000647 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS2.KASPERSKY-LABS.COM
Item Id: 500000648 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS3.KASPERSKY-LABS.COM
Item Id: 500000649 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS4.KASPERSKY-LABS.COM
Item Id: 500000650 Value: IP Address: 192.168.200.3 Host Name: ENGINE.AWAPS.NET
Item Id: 500000651 Value: IP Address: 192.168.200.3 Host Name: F-SECURE.COM
Item Id: 500000652 Value: IP Address: 192.168.200.3 Host Name: FASTCLICK.NET
Item Id: 500000653 Value: IP Address: 192.168.200.3 Host Name: FTP.AVP.CH
Item Id: 500000654 Value: IP Address: 192.168.200.3 Host Name: FTP.DOWNLOADS1.KASPERSKY-LABS.COM
Item Id: 500000655 Value: IP Address: 192.168.200.3 Host Name: FTP.DOWNLOADS2.KASPERSKY-LABS.COM
Item Id: 500000656 Value: IP Address: 192.168.200.3 Host Name: FTP.DOWNLOADS3.KASPERSKY-LABS.COM
Item Id: 500000657 Value: IP Address: 192.168.200.3 Host Name: FTP.F-SECURE.COM
Item Id: 500000658 Value: IP Address: 192.168.200.3 Host Name: FTP.KASPERSKYLAB.RU
Item Id: 500000659 Value: IP Address: 192.168.200.3 Host Name: FTP.SOPHOS.COM
Item Id: 500000660 Value: IP Address: 192.168.200.3 Host Name: GO.MICROSOFT.COM
Item Id: 500000661 Value: IP Address: 192.168.200.3 Host Name: IDS.KASPERSKY-LABS.COM
Item Id: 500000662 Value: IP Address: 192.168.200.3 Host Name: KASPERSKY-LABS.COM
Item Id: 500000663 Value: IP Address: 192.168.200.3 Host Name: KASPERSKY.COM
Item Id: 500000666 Value: IP Address: 192.168.200.3 Host Name: MAST.MCAFEE.COM
Item Id: 500000667 Value: IP Address: 192.168.200.3 Host Name: MCAFEE.COM
Item Id: 500000668 Value: IP Address: 192.168.200.3 Host Name: MEDIA.FASTCLICK.NET
Item Id: 500000669 Value: IP Address: 192.168.200.3 Host Name: MICROSOFT.COM
Item Id: 500000670 Value: IP Address: 192.168.200.3 Host Name: MSDN.MICROSOFT.COM
Item Id: 500000671 Value: IP Address: 192.168.200.3 Host Name: MY-ETRUST.COM
Item Id: 500000672 Value: IP Address: 192.168.200.3 Host Name: NAI.COM
Item Id: 500000673 Value: IP Address: 192.168.200.3 Host Name: NETWORKASSOCIATES.COM
Item Id: 500000674 Value: IP Address: 192.168.200.3 Host Name: NORTON.COM
Item Id: 500000675 Value: IP Address: 192.168.200.3 Host Name: OFFICE.MICROSOFT.COM
Item Id: 500000676 Value: IP Address: 192.168.200.3 Host Name: PANDASOFTWARE.COM
Item Id: 500000677 Value: IP Address: 192.168.200.3 Host Name: PHX.CORPORATE-IR.NET
Item Id: 500000678 Value: IP Address: 192.168.200.3 Host Name: RADS.MCAFEE.COM
Item Id: 500000679 Value: IP Address: 192.168.200.3 Host Name: SECURE.NAI.COM
Item Id: 500000682 Value: IP Address: 192.168.200.3 Host Name: SOPHOS.COM
Item Id: 500000683 Value: IP Address: 192.168.200.3 Host Name: SPD.ATDMT.COM
Item Id: 500000684 Value: IP Address: 192.168.200.3 Host Name: SUPPORT.MICROSOFT.COM
Item Id: 500000686 Value: IP Address: 192.168.200.3 Host Name: TRENDMICRO.COM
Item Id: 500000689 Value: IP Address: 192.168.200.3 Host Name: UPDATES1.KASPERSKY-LABS.COM
Item Id: 500000690 Value: IP Address: 192.168.200.3 Host Name: UPDATES2.KASPERSKY-LABS.COM
Item Id: 500000691 Value: IP Address: 192.168.200.3 Host Name: UPDATES3.KASPERSKY-LABS.COM
Item Id: 500000692 Value: IP Address: 192.168.200.3 Host Name: UPDATES4.KASPERSKY-LABS.COM
Item Id: 500000693 Value: IP Address: 192.168.200.3 Host Name: UPDATES5.KASPERSKY-LABS.COM
Item Id: 500000694 Value: IP Address: 192.168.200.3 Host Name: US.MCAFEE.COM
Item Id: 500000695 Value: IP Address: 192.168.200.3 Host Name: VIL.NAI.COM
Item Id: 500000696 Value: IP Address: 192.168.200.3 Host Name: VIRUSLIST.COM
Item Id: 500000697 Value: IP Address: 192.168.200.3 Host Name: VIRUSLIST.RU
Item Id: 500000698 Value: IP Address: 192.168.200.3 Host Name: VIRUSSCAN.JOTTI.ORG
Item Id: 500000699 Value: IP Address: 192.168.200.3 Host Name: VIRUSTOTAL.COM
Item Id: 500000700 Value: IP Address: 192.168.200.3 Host Name: WINDOWSUPDATE.MICROSOFT.COM
Item Id: 500000701 Value: IP Address: 192.168.200.3 Host Name: WWW.AVP.CH
Item Id: 500000702 Value: IP Address: 192.168.200.3 Host Name: WWW.AVP.COM
Item Id: 500000703 Value: IP Address: 192.168.200.3 Host Name: WWW.AVP.RU
Item Id: 500000704 Value: IP Address: 192.168.200.3 Host Name: WWW.AWAPS.NET
Item Id: 500000705 Value: IP Address: 192.168.200.3 Host Name: WWW.CA.COM
Item Id: 500000706 Value: IP Address: 192.168.200.3 Host Name: WWW.F-SECURE.COM
Item Id: 500000707 Value: IP Address: 192.168.200.3 Host Name: WWW.FASTCLICK.NET
Item Id: 500000708 Value: IP Address: 192.168.200.3 Host Name: WWW.GRISOFT.COM
Item Id: 500000709 Value: IP Address: 192.168.200.3 Host Name: WWW.KASPERSKY-LABS.COM
Item Id: 500000710 Value: IP Address: 192.168.200.3 Host Name: WWW.KASPERSKY.COM
Item Id: 500000711 Value: IP Address: 192.168.200.3 Host Name: WWW.KASPERSKY.RU
Item Id: 500000712 Value: IP Address: 192.168.200.3 Host Name: WWW.MCAFEE.COM
Item Id: 500000713 Value: IP Address: 192.168.200.3 Host Name: WWW.MICROSOFT.COM
Item Id: 500000714 Value: IP Address: 192.168.200.3 Host Name: WWW.MY-ETRUST.COM
Item Id: 500000715 Value: IP Address: 192.168.200.3 Host Name: WWW.NAI.COM
Item Id: 500000716 Value: IP Address: 192.168.200.3 Host Name: WWW.NETWORKASSOCIATES.COM
Item Id: 500000717 Value: IP Address: 192.168.200.3 Host Name: WWW.PANDASOFTWARE.COM
Item Id: 500000718 Value: IP Address: 192.168.200.3 Host Name: WWW.SOPHOS.COM
Item Id: 500000721 Value: IP Address: 192.168.200.3 Host Name: WWW.TRENDMICRO.COM
Item Id: 500000722 Value: IP Address: 192.168.200.3 Host Name: WWW.VIRUSLIST.COM
Item Id: 500000723 Value: IP Address: 192.168.200.3 Host Name: WWW.VIRUSLIST.RU
Item Id: 500000724 Value: IP Address: 192.168.200.3 Host Name: WWW.VIRUSTOTAL.COM
Item Id: 500000725 Value: IP Address: 192.168.200.3 Host Name: WWW3.CA.COM
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000263 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat mediaplex.com svid /
Item Id: 600000142 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat estat.com e /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat smartadserver.com TestIfCookieP /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat smartadserver.com pbw /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat smartadserver.com pid /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat smartadserver.com pbwmaj /
Item Id: 600000126 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat ehg-telecomitalia.hitbox.com DM56062648VEV6 /
Item Id: 600000126 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat hitbox.com CTG /
Item Id: 600000126 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat hitbox.com WSS_GW /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat weborama.fr AFFICHE_W /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat weborama.fr wbo_temps_reel /
Item Id: 600000173 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat bluestreak.com id /
Family Id: 1006 Name: Win32.TrojanDownloader.Agent Category: Virus TAI:10
Item Id: 70671 Value: File: C:\WINDOWS\system32\xlibgfl254.dll
Item Id: 300021291 Value: Root: HKLM Path: software\microsoft\tracing\fwcfg
Item Id: 300021307 Value: Root: HKLM Path: system\controlset001\services\ccevtmgr
Item Id: 300021311 Value: Root: HKLM Path: system\controlset001\services\symevent
Item Id: 300021312 Value: Root: HKLM Path: system\controlset001\services\symtdi
Item Id: 300021314 Value: Root: HKLM Path: system\currentcontrolset\services\ccevtmgr
Item Id: 300021318 Value: Root: HKLM Path: system\currentcontrolset\services\symevent
Item Id: 300021319 Value: Root: HKLM Path: system\currentcontrolset\services\symtdi
Item Id: 300021359 Value: Root: HKLM Path: software\microsoft\windows nt\currentversion Value: usr8321dt
Item Id: 300021360 Value: Root: HKLM Path: software\microsoft\windows nt\currentversion Value: usr8321id
Item Id: 300021361 Value: Root: HKLM Path: system\controlset001\control\securityproviders Value: SecurityProviders Data: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
Item Id: 300021362 Value: Root: HKLM Path: SYSTEM\ControlSet001\\control\securityproviders Value: SecurityProviders Data: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
Item Id: 300021362 Value: Root: HKLM Path: SYSTEM\ControlSet003\\control\securityproviders Value: SecurityProviders Data: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
Item Id: 300037854 Value: Root: HKLM Path: software\microsoft\windows\currentversion\uninstall\ultra soft
Item Id: 300037855 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows\currentversion\run Value: spoolsv
Item Id: 300037862 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037863 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037864 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037865 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037866 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037867 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037868 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037869 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037870 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037871 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037872 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037873 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037874 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037875 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037876 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037877 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037878 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037878 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037878 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037879 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037879 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037879 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037880 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037880 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037880 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037881 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037881 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037881 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037882 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037882 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037882 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037883 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037883 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037883 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037884 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037884 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037884 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037885 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037885 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037885 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038581 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows nt\currentversion Value: bar23id
Item Id: 300038582 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows nt\currentversion Value: fversion2
Item Id: 300038583 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows nt\currentversion Value: suid
Item Id: 300038584 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows nt\currentversion Value: tssversion2
Item Id: 300038585 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows nt\currentversion Value: upd_version2
Item Id: 300038801 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows\currentversion\policies\explorer Value: nocontrolpanel
Item Id: 300038802 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\policies\microsoft\windows\windows update Value: noautoupdate
Item Id: 300038803 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\policies\microsoft\windows\windows update Value: nowindowsupdate
Item Id: 300038804 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\policies\microsoft\windows\windowsupdate\au Value: autoupdate
Item Id: 300038805 Value: Root: HKLM Path: software\microsoft\windows\currentversion\run Value: printer
Item Id: 300038812 Value: Root: HKLM Path: software\microsoft\windows nt\currentversion Value: usr8321dt
Item Id: 300038813 Value: Root: HKLM Path: software\microsoft\windows nt\currentversion Value: usr8321id
Item Id: 400001558 Value: Folder: D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\ultra
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: D:\Documents and Settings\PATRICK.1036948703146.001\Recent Count: 1
Item Id: 3 Value: MRU Registry Key: S-1-5-21-1717695627-1231886836-686846662-1006\Software\Microsoft\Internet Explorer\TypedURLs Count: 2

Items Ignored During Scan
===========================

Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\sxs.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msgina.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ati2evxx.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\cscui.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\comres.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\cabinet.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msapsspc.dll

c:\windows\system32\msvcrt40.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\scecli.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ipsecsvc.dll

c:\windows\system32\authz.dll

c:\windows\system32\oakley.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\pstorsvc.dll

c:\windows\system32\psbase.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dssenh.dll

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
c:\windows\system32\ati2evxx.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ati2edxx.dll

c:\windows\system32\uxtheme.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\atl.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\schedsvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\rastls.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wininet.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\raschap.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\msidle.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\system32\es.dll

c:\windows\system32\ersvc.dll

c:\windows\system32\seclogon.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\srvsvc.dll

c:\windows\system32\hidserv.dll

c:\windows\system32\hid.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\trkwks.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\sens.dll

c:\windows\system32\wuauserv.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\browser.dll

c:\windows\system32\ipnathlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\wscsvc.dll

c:\windows\system32\msi.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\sxs.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\comsvcs.dll

c:\windows\system32\mtxclu.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\colbact.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\resutils.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\upnp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\tapisrv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\rasmans.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\rastapi.dll

c:\windows\system32\unimdm.tsp

c:\windows\system32\uniplat.dll

c:\windows\system32\unimdmat.dll

c:\windows\system32\modemui.dll

c:\windows\system32\kmddsp.tsp

c:\windows\system32\ndptsp.tsp

c:\windows\system32\ipconf.tsp

c:\windows\system32\h323.tsp

c:\windows\system32\hidphone.tsp

c:\windows\system32\rasppp.dll

c:\windows\system32\ntlsapi.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\rasdlg.dll

c:\windows\system32\wbem\ncprov.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mspatcha.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wups2.dll

c:\windows\system32\advpack.dll

c:\windows\system32\qmgr.dll

c:\windows\system32\mpr.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\catsrvut.dll

c:\windows\system32\mfcsubs.dll

c:\windows\system32\catsrv.dll

c:\windows\system32\wbem\wbemcons.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\webclnt.dll

c:\windows\system32\wininet.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\secur32.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\ssdpsrv.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\httpapi.dll

c:\windows\system32\winhttp.dll

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\spoolss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\localspl.dll

c:\windows\system32\secur32.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\winspool.drv

c:\windows\system32\netapi32.dll

c:\windows\system32\cnbjmon.dll

c:\windows\system32\pjlmon.dll

c:\windows\system32\tcpmon.dll

c:\windows\system32\usbmon.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\win32spl.dll

c:\windows\system32\netrap.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\inetpp.dll

c:\windows\system32\xpsp2res.dll

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
c:\windows\system32\ati2evxx.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\secur32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ati2edxx.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

C:\WINDOWS\EXPLORER.EXE
c:\wind

Afficher la suite

A voir également:

Au secours / Win32.Trojan Downloader
Downloader for pc - Télécharger - Téléchargement & Transfert
Freemake video downloader - Télécharger - Téléchargement & Transfert
Flash video downloader - Télécharger - Téléchargement & Transfert
Youtube downloader - Télécharger - Conversion & Codecs
Mass downloader - Télécharger - Outils Internet

44 réponses

Réponse 41 / 44

meli-chan

Profil entièrement supprimé !!! Youpi ! Ca fait plaisir ! C'est formidable d'avoir réponse à tout comme ça !

Concernant l'anti virus, j'ai norton qui est de base dans l'ordi et on a la licence avec le cd. De plus on a Avast au cas où ! De toute façon on installe toujours l'anti virus et tralala avant de se lancer sur le net.

Concernant mon mp3, j'ai un archos gmini qui est un mini disque dur. Il a une fonction formatage et un scan disque. Je peux le lancer. Mais seul pb, il faut que je le branche à un ordi (et je l'ai branché au miens tout hier soir pour recharger ma batterie... mais il ne s'est rien passé d'inquiétant) (Mon ordi -> un ordinateur portable différent de celui dont on s'occupe)

Pour le packard bell on l'a acheté en 2006 donc voila pourquoi j'ai eu ce mystère... Avant de reformater je vais tout désinstaller, tout retirer définitivement et le laisser comme à l'etat d'origine (après un formatage d'usine en gros)(donc retirer tous les logiciels et compagnie installés pour combattre le virus) Comme ça après le formatage plus de mauvaises surprises (normallement)

Merci merci ! \o/

Réponse 42 / 44

moe

Parfait, il n'a pas résisté !

C'est bien, vous avez de bons réflexes :-)
A propos de réflexes, je t'invite à visiter ce site, les conseils y sont avisés et abordables quel que soit ses connaissances en info, ils te serviront surement.
http://securite-facile.ovh.org/humain.php

Par contre Norton et Avast tu disais ?
J'espère qu'ils ne sont pas installés tous les deux en même temps sinon gare aux conflits...

Pour ton mp3, vu qu'il a été déjà connecté à ton autre ordi, est-ce que tu ne pourrais pas en profiter pour scanner son contenu par un AV en ligne et éventuellement celui de ton second pc par la même occasion ?
Au moins tu serais sure, qu'il ne s'est vraiment rien passé d'inquiétant...
Tu ne crois pas ?

Bon si je comprends bien c'est dans ton prochain message que tu me diras si tout c'est bien passé pour la restauration usine et si tout remarche comme avant... Y a pas de raisons tangibles pour qu'il en soit autrement !

Tsss.. :-P

@+ tard et tiens moi au courant !

Réponse 43 / 44

meli-chan

Bonjour !!!!

Devine quoi ??? Sans me porter malheur je crois bien que tu vas enfin pouvoir te débarasser de moi ! :-P
J'ai reformater l'ordinateur et j'ai récupéré tout ce que j'avais perdu (son, imprimante et compagnie) J'ai remis quasiment l'intégralité des données dessus et aucune trace de virus !
Il me restera plus qu'à retirer Norton pour mettre Avast et ce sera bon !

J'ai aussi réalisé un scan en ligne de mon portable et de mon mp3 -> Aucun virus et aucun fichier infesté en vue !

Je crois que je m'en suis enfin débarassé ! Youpi ! Juste avant Noël comme prévu !

Je te remercie encore pour tout, pour ta patience, pour ta compétence et pour tous tes conseils. Lorsque j'ai posté ici, je t'avoue que je n'espérait plus trop un miracle. Et aujourd'hui j'ai un ordinateur tout beau tout clean ! Ouf !

Donc merci et je te souhaite un très bon réveillon et un joyeux Noël si tu le fètes !

meli-chan

Réponse 44 / 44

moe

Hello meli-chan !

Excellent !
Je suis sincèrement content pour toi, c'est une très très bonne nouvelle.
Pas de miracle non, c'est ta persévérance qui aura été payante jusqu'au bout !

Pour ma part j'ai réellement pris plaisir à essayer de te dépanner dans la mesure de mes moyens et ta gentillesse et ta bonne humeur n'y sont pas étrangers ! :-P

Passez, toi et les tiens de très heureuses fêtes de fin d'année et j'espère bien ne pas te revoir de sitôt poster ici ! :-P

@++ et bon surf !

ps:
Avast...Si l'anglais ne te rebutte pas, préfères-lui Antivir, gratuit lui aussi mais bien plus performant et réactif.
Y a pas photo entre les deux...

Discussions similaires

C'est quoi "Win32:Trojan-gen {Other}"

Problème avec "PUADIManager:Win32/OfferCore

Menace détectée TrojanSMS-PA sur Google Huawei/Android

Au secours / Win32.Trojan Downloader

44 réponses

Votre réponse

Discussions similaires

Newsletters