Sujet Précédent Sujet Suivant

Virus windows live messenger

Oxford trainee -  
 Oxford trainee -
Bonjour,
j'ai moi aussi été infecté par le virus de "l'album photo". Si quelqu'un peut m'aider... Un grand merci d'avance.
Voici le rapport de Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:36, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\DOCUME~1\PIERRO~1\LOCALS~1\Temp\services.exe
C:\WINDOWS\mrofinu1148.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\PIERRO~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
A voir également:

31 réponses

  • 1
  • 2
Réponse 1 / 31
tristan07 Messages postés 899 Statut Membre 35
 
https://www.malekal.com/supprimer-virus-desinfecter-pc/ tout est expliqué
0
Réponse 2 / 31
Oxford trainee
 
Merci pour l'astuce.
Cependant, quand je lance MSNFix, il me fait bien un scan, mais se ferme au bout de 15 secondes. Est-ce que ça veut dire qu'il ne détecte rien? Et dans ce cas, qu'est ce que je dois faire?
Merci
0
Réponse 3 / 31
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

tu peux vérifier que tu n'as pas un rapport de MSNFix.

fais rechercher dans le poste de travail sur *.txt avec une date de modification 19 janvier 2008.

donne moi les noms complets de ce que tu as trouvé.
0
Réponse 4 / 31
Oxford trainee
 
Bonjour,
je n'ai pas de fichiers datant d'hier, mais j'en ai qui sont d'aujourd'hui. Voilà les noms que je trouve :
cookies.txt
dossier.txt
fichier.txt
upload.txt
svc.txt
Sinon, depuis une heure, avaast m'a signalé 2virus et un trojan, ce qu'il ne m'avait jamais fait jusqu'à présent. Je viens aussi de télécharger ad-aware qui vient de me trouver 10 virus et 7 objets malveillants....... Est-ce que je demande à les supprimer au risque de supprimer un fichier important, ou est-ce que je les mets juste en quarantaine?
Merci bcp de prêter ton attention à mon problème.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 31
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

mets en quarantaine et poste le rapport.

poste aussi celui de avast.
0
Réponse 6 / 31
Oxford trainee
 
re,
voici le rapport complet de ad-aware
suivra celui de avast

Scan Results
Ad-Aware 2007 Free Edition
Log File Created on:2008-01-2012:46:18
Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name:PIERRE
Name of user performing scan:SYSTEM
Name of user ordering scan:Pierrot et Clairette
Scan completed successfully

System Information
File Version Information
Ad-Aware 2007 Settings
Extended Ad-Aware 2007 Settings
Database Information
Scan Statistics
Scan Detailed Statistics
Infections Found
Listing of running processes
System Information
Number of processors:2
Processor type:Genuine Intel(R) CPU T2130 @ 1.86GHz
Memory Available:63%
Total Physical Memory:2012426240 Bytes
Available Physical Memory:1258487808 Bytes
Total Page File Size:4001804288 Bytes
Available On Page File:3374592000 Bytes
Total Virtual Memory:2147352576 Bytes
Available Virtual Memory:1979383808 Bytes
OS:Microsoft Windows XP 5.1 (Build 2600)
[to top]
File Verion Information
File Version
CEAPI.dll 7,0,2,6
aawservice.exe 7,0,2,6
Ad-Aware2007.exe 7.0.2.6
[to top]
Ad-Aware 2007 Settings
Skipping files larger than:1048576 Bytes
Ignoring infections with lower TAI than:3
Safe Mode:False
[to top]
Extended Ad-Aware 2007 Settings
Unload malicious processes and modules
Unload Modules
Let Windows remove files at Start-Up
Deactivate Ad-Watch
Re-analyze Scan Result
Delete Restored Items
Write Protect System Files
Create Log file
Include basic settings
Include advanced settings
Include user and computer name
Environment information
Running processes
Running processes and modules
Include info about ignored objects in log file
Consider definitions File Outdated after x days
Proxy URL
Proxy Port
[to top]
Database Info
Version number:44
Build Number:0
Build Date and Time:2008/01/1410:22:58
[to top]
Scan Statistics
Method:Full

Items Scanned:289627
Infections Detected:150
Infections Removed:0
Infections Quarantined:0
Infections Ignored:0
[to top]
Scan Detailed Statistics
Type Critical Total
Process Scan 0 0
Registry Scan 6 6
Registry PE Scan 0 0
Hosts Scan 0 0
File Scan 1 1
Folder Scan 1 1
LSP Scan 0 0
ADS Scan 0 0
Cookie Scan 139 139
File Hash Scan 3 3
[to top]
Infections Found
Family Id Name Category TAI
725 Tracking Cookie DataMiner 3
[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat sfr.122.2o7.net s_vi /
[600000173] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat bluestreak.com id /
[600000179] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat atdmt.com AA002 /
[600000225] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat weborama.fr oo240953 /
[600000225] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat weborama.fr AFFICHE_W /
[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat 2o7.net s_vi_x7Cbx7Fx7Ctcrdbeprx60acx7Eu /
[600000144] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat doubleclick.net id /
[600000171] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat bs.serving-sys.com eyeblaster /
[600000408] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat serving-sys.com U /
[600000408] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat serving-sys.com A2 /
[600000408] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat serving-sys.com B2 /
[600000408] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat serving-sys.com C3 /
[600000408] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat serving-sys.com D3 /
[600000408] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat serving-sys.com E2 /
[600000415] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt revsci.net NETSEGS_K05540 /
[600000415] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt revsci.net NETSEGS_C07584 /
[600000415] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt revsci.net NETID01 /
[600000415] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt revsci.net rsi_segs_1000000 /
[600000415] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt revsci.net rsi_cls_1000000 /
[600000144] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt doubleclick.net rsi_segs /
[600000144] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt doubleclick.net id /
[600000171] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt bs.serving-sys.com eyeblaster /
[600000408] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt serving-sys.com D3 /
[600000408] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt serving-sys.com C3 /
[600000408] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt serving-sys.com B2 /
[600000408] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt serving-sys.com U /
[600000408] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt serving-sys.com A2 /
[600000408] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt serving-sys.com E2 /
[600000001] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt smartadserver.com pid /
[600000001] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt smartadserver.com pbw /
[600000001] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt smartadserver.com pbwmaj /
[600000001] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt smartadserver.com TestIfCookieP /
[600000083] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 247realmedia.com RMFD /
[600000083] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 247realmedia.com RMID /
[600000234] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt tradedoubler.com TD_PIC /
[600000234] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt tradedoubler.com TD_UNIQUE_IMP /
[600000234] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt tradedoubler.com TD_EH_0 /
[600000234] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt tradedoubler.com TradeDoublerGUID /
[600000234] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt tradedoubler.com TD_POOL /
[600000187] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt advertising.com F1 /
[600000187] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt advertising.com ROLL /
[600000187] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt advertising.com ACID /
[600000187] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt advertising.com C2 /
[600000187] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt advertising.com BASE /
[600000173] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt bluestreak.com id /
[600000179] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt atdmt.com AA002 /
[600000085] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt questionmarket.com ES /
[600000085] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt questionmarket.com CS1 /
[600000295] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt adtech.de JEB2 /
[600000263] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt mediaplex.com svid /
[600000225] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt weborama.fr aimfarcapping /
[600000225] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt weborama.fr wous /
[600000225] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt weborama.fr AFFICHE_W /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_x7Exxcbx7Dhcbkkdnh /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_bzbx7Byokxxib /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_ex7Dex7Czznhx7Ehx60hl /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_gx7Fgx7Ejbjnx7Cx7Bx60x7Djix7D /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_ex7Dex7Cnhx7Ekx7Fhcne /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_cx7Bczx7Bydohjx7F /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 112.2o7.net s_vi_gjxxx7Ffbemymy /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_x7Cbx7Fx7Ctcrdbeprx60acx7Eu /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_zx7Cgnefkhe /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_bzbx7Bmfehkf /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_ex7Dex7Czzexxox7Ehx7Fx7B /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_ex7Dex7Chx60hlx7Eybx7Fh /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_x60xxx60ymemi /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_atamox7Ecaihem /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_ex7Dex7Chlx7Etoxxtx7Bx3F /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_bzbx7Bogoklxx /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt 2o7.net s_vi_cx7Bcznfnjccd /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt msnportal.112.2o7.net s_vi /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt ice.112.2o7.net s_vi /
[600000523] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt webstats4u.com w4u_cid_regiment /
[600000523] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt webstats4u.com w4u_cid_mcbdnt /
[600000523] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt webstats4u.com w4u_cid_toussaint /
[600000142] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt estat.com e /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt ad.yieldmanager.com ih /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt ad.yieldmanager.com pv1 /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt ad.yieldmanager.com fl_inst /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt ad.yieldmanager.com uid /
[600000201] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt media.adrevolver.com freq /adrevolver/
[600000201] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt adrevolver.com prefs /
[600000201] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt media.adrevolver.com BIGipServerar-slave /
[600000201] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt media.adrevolver.com uid /adrevolver/
[600000201] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt media.adrevolver.com adrevid /
[600000073] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt specificclick.net smk /
[600000073] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt specificclick.net dmc /
[600000073] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt specificclick.net dmk /
[600000073] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt specificclick.net smc /
[600000101] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt overture.com CMUserData /
[600000142] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt be.sitestat.com s1 /belgacom/skynet/
[600000142] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt be.sitestat.com c1 /belgacom/
[600000476] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt statcounter.com session_2213683 /
[600000476] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt statcounter.com session_2201126 /
[600000461] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt ad.uk.tangozebra.com TZID /s
[600000190] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1071629467/
[600000293] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt adviva.net ansv4_uid /
[600000142] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt int.sitestat.com s1 /touchplc/local/
[600000050] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt tribalfusion.com ANON_ID /
[600000190] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1063574342/
[600000190] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1062302391/
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt hotelscom.122.2o7.net s_vi /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt opodo.122.2o7.net s_vi /
[600000488] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt indextools.com itvisitorid10001265057056 /
[600000068] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt statse.webtrendslive.com ACOOKIE /
[600000119] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt kelkoo.fr kelkooCountry /
[600000119] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt kelkoo.fr kelkooID /
[600000142] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt www.addfreestats.com NC1U /cgi-bin
[600000138] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt fastclick.net adv_ic /
[600000138] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt fastclick.net pluto /
[600000095] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt perf.overture.com SYSTEM_USER_ID /
[600000447] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt apmebf.com S /
[600000447] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt apmebf.com LCLK /
[600000416] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt revenue.net Train0 /
[600000434] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt casalemedia.com CMX1 /
[600000434] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt casalemedia.com CMPP /
[600000434] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt casalemedia.com CMPH /
[600000434] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt casalemedia.com CMFP /
[600000434] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt casalemedia.com CMPS /
[600000434] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt casalemedia.com CMID /
[600000434] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt casalemedia.com CMS /
[600000412] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt searchportal.information.com Spusr /
[600000126] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt ehg-telecomitalia.hitbox.com DM56062648VEV6 /
[600000126] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt hitbox.com WSS_GW /
[600000190] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1068494144/
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt sfr.122.2o7.net s_vi /
[600000190] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1070869922/
[600000190] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1063480824/
[600000126] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt ehg-fxcm.hitbox.com DM540515HBSBV6 /
[600000126] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt ehg-fxcm.hitbox.com DM5507214MFBV6 /
[600000190] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1070434660/
[600000083] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt real.com __utma /
[600000083] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt real.com __utmz /
[600000083] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt real.com RNsites /
[600000083] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt real.com locin /
[600000083] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt real.com RNSeg /
[600000173] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt iv2.bluestreak.com IONVIEW_ID /
[600000190] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1071535024/
[600000457] Browser: Firefox Cookie: C:\Documents and Settings\Pierrot et Clairette\Application Data\Mozilla\Firefox\Profiles/hbxvype4.default\cookies.txt adopt.euroclick.com UI /

1006 Win32.TrojanDownloader.Agent Virus 10
[74574] File: C:\Documents and Settings\Pierrot et Clairette\Local Settings\Temporary Internet Files\Content.IE5\46HLIIK8\2c1dbeb1361cce3acfbbca0488dfd6ee[1].zip
[69803] File: C:\Documents and Settings\Pierrot et Clairette\Local Settings\Temporary Internet Files\Content.IE5\9LKABQQD\8154ff2675af1b6e0677560871425153[1].zip
[300021367] Root: HKLM Path: software\microsoft\windows\currentversion\run Value: runner1
[300027143] Root: HKLM Path: software\microsoft\windows\currentversion\run Value: runner1
[300037266] Root: HKLM Path: software\microsoft\windows\currentversion\uninstall\outerinfo
[300038801] Root: HKU Path: S-1-5-21-1343024091-179605362-839522115-1003\software\microsoft\windows\currentversion\policies\explorer Value: nocontrolpanel
[700006832] File: C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
[400002414] Folder: C:\Program Files\InetGet2

1032 Win32.TrojanDownloader.Small Malware 7
[69832] File: C:\Documents and Settings\Pierrot et Clairette\Local Settings\Temporary Internet Files\Content.IE5\UFY0H0GB\718f466754402ac597de014577627f96[1].zip
[300028358] Root: HKCR Path: wr
[300029752] Root: HKLM Path: software\microsoft\windows\currentversion\run Value: runner1

Quarantined Objects
Family Id Name Category TAI
1006 Win32.TrojanDownloader.Agent Virus 10
[74574] File: C:\Documents and Settings\Pierrot et Clairette\Local Settings\Temporary Internet Files\Content.IE5\46HLIIK8\2c1dbeb1361cce3acfbbca0488dfd6ee[1].zip
[69803] File: C:\Documents and Settings\Pierrot et Clairette\Local Settings\Temporary Internet Files\Content.IE5\9LKABQQD\8154ff2675af1b6e0677560871425153[1].zip
[300021367] Root: HKLM Path: software\microsoft\windows\currentversion\run Value: runner1
[300027143] Root: HKLM Path: software\microsoft\windows\currentversion\run Value: runner1
[300037266] Root: HKLM Path: software\microsoft\windows\currentversion\uninstall\outerinfo
[300038801] Root: HKU Path: S-1-5-21-1343024091-179605362-839522115-1003\software\microsoft\windows\currentversion\policies\explorer Value: nocontrolpanel
[700006832] File: C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
[400002414] Folder: C:\Program Files\InetGet2

1032 Win32.TrojanDownloader.Small Malware 7
[69832] File: C:\Documents and Settings\Pierrot et Clairette\Local Settings\Temporary Internet Files\Content.IE5\UFY0H0GB\718f466754402ac597de014577627f96[1].zip
[300028358] Root: HKCR Path: wr
[300029752] Root: HKLM Path: software\microsoft\windows\currentversion\run Value: runner1

Removed Objects
Family Id Name Category TAI
1006 Win32.TrojanDownloader.Agent Virus 10
[300021367] Root: HKLM Path: software\microsoft\windows\currentversion\run Value: runner1
[300037266] Root: HKLM Path: software\microsoft\windows\currentversion\uninstall\outerinfo
[300038801] Root: HKU Path: S-1-5-21-1343024091-179605362-839522115-1003\software\microsoft\windows\currentversion\policies\explorer Value: nocontrolpanel
[74574] File: C:\Documents and Settings\Pierrot et Clairette\Local Settings\Temporary Internet Files\Content.IE5\46HLIIK8\2c1dbeb1361cce3acfbbca0488dfd6ee[1].zip
[69803] File: C:\Documents and Settings\Pierrot et Clairette\Local Settings\Temporary Internet Files\Content.IE5\9LKABQQD\8154ff2675af1b6e0677560871425153[1].zip
[700006832] File: C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
[400002414] Folder: C:\Program Files\InetGet2

1032 Win32.TrojanDownloader.Small Malware 7
[300028358] Root: HKCR Path: wr
[69832] File: C:\Documents and Settings\Pierrot et Clairette\Local Settings\Temporary Internet Files\Content.IE5\UFY0H0GB\718f466754402ac597de014577627f96[1].zip

725 Tracking Cookie DataMiner 3
[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat sfr.122.2o7.net s_vi /
[600000173] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat bluestreak.com id /
[600000179] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat atdmt.com AA002 /
[600000225] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat weborama.fr oo240953 /
[600000225] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat weborama.fr AFFICHE_W /
[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat 2o7.net s_vi_x7Cbx7Fx7Ctcrdbeprx60acx7Eu /
[600000144] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat doubleclick.net id /
[600000171] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat bs.serving-sys.com eyeblaster /
[600000408] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat serving-sys.com U /
[600000408] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat serving-sys.com A2 /
[600000408] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat serving-sys.com B2 /
[600000408] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat serving-sys.com C3 /
[600000408] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat serving-sys.com D3 /
[600000408] Browser: Internet Explorer Cookie: C:\Documents and Settings\Pierrot et Clairette\Cookies\index.dat serving-sys.com E2 /

[to top]
Listing of Running Processes
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe
c:\windows\system32\ntdll.dll
C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\authz.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nddeapi.dll
c:\windows\system32\profmap.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\regapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\msgina.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\winscard.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ati2evxx.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\wlnotify.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wgalogon.dll
c:\windows\system32\samlib.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cscui.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\scesrv.dll
c:\windows\system32\authz.dll
c:\windows\system32\umpnpmgr.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\eventlog.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lsasrv.dll
c:\windows\system32\mpr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samsrv.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msprivs.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\netlogon.dll
c:\windows\system32\w32time.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wdigest.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\ipsecsvc.dll
c:\windows\system32\authz.dll
c:\windows\system32\oakley.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\pstorsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\psbase.dll
c:\windows\system32\dssenh.dll
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ati2edxx.dll
c:\windows\system32\atipdlxx.dll
c:\windows\system32\uxtheme.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\icaapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\mstlsapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\atl.dll
c:\windows\system32\regapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wzcsvc.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\wmi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\esent.dll
c:\windows\system32\atl.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rastls.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\winscard.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\raschap.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\wzcsapi.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\msidle.dll
c:\windows\system32\audiosrv.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wkssvc.dll
c:\windows\system32\qmgr.dll
c:\windows\system32\mpr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ersvc.dll
c:\windows\system32\cryptsvc.dll
c:\windows\system32\certcli.dll
c:\windows\system32\dmserver.dll
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
c:\windows\system32\es.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\seclogon.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\trkwks.dll
c:\windows\system32\sens.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\w32time.dll
c:\windows\system32\wuauserv.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cabinet.dll
c:\windows\system32\mspatcha.dll
c:\windows\system32\sxs.dll
c:\windows\system32\ipnathlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\colbact.dll
c:\windows\system32\mtxclu.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\resutils.dll
c:\windows\system32\browser.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\rasmans.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\upnp.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rastapi.dll
c:\windows\system32\unimdm.tsp
c:\windows\system32\uniplat.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\kmddsp.tsp
c:\windows\system32\ndptsp.tsp
c:\windows\system32\ipconf.tsp
c:\windows\system32\h323.tsp
c:\windows\system32\hidphone.tsp
c:\windows\system32\hid.dll
c:\windows\system32\rasppp.dll
c:\windows\system32\ntlsapi.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\rasdlg.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\dssenh.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\msi.dll
c:\windows\system32\advpack.dll
c:\windows\system32\mlang.dll
c:\windows\system32\xmlprovi.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\dnsrslvr.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\lmhsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\webclnt.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ssdpsrv.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\secur32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\winhttp.dll
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ati2edxx.dll
c:\windows\system32\atipdlxx.dll
c:\windows\system32\ati2evxx.dll
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\alwil software\avast4\aswupdsv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\alwil software\avast4\aswcmns.dll
c:\program files\alwil software\avast4\aswcmnos.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcp71.dll
c:\windows\system32\msvcr71.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\program files\alwil software\avast4\aswcmnb.dll
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\alwil software\avast4\ashserv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\program files\alwil software\avast4\aswaux.dll
c:\windows\system32\msvcp71.dll
c:\windows\system32\msvcr71.dll
c:\program files\alwil software\avast4\aswcmnb.dll
c:\program files\alwil software\avast4\aswcmnos.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\program files\alwil software\avast4\aswengin.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\program files\alwil software\avast4\aswscan.dll
c:\program files\alwil software\avast4\aswcmns.dll
c:\windows\system32\oleaut32.dll
c:\program files\alwil software\avast4\ashbase.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\program files\alwil software\avast4\ashtask.dll
c:\program files\alwil software\avast4\aswinteg.dll
c:\program files\alwil software\avast4\aswidle.dll
c:\program files\alwil software\avast4\aavm4h.dll
c:\windows\system32\dbghelp.dll
c:\program files\alwil software\avast4\french\base.dll
c:\program files\alwil software\avast4\unacev2.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\program files\alwil software\avast4\ahresmai.dll
c:\program files\alwil software\avast4\ahresmes.dll
c:\program files\alwil software\avast4\ahresns.dll
c:\program files\alwil software\avast4\ahresout.dll
c:\program files\alwil software\avast4\ahresp2p.dll
c:\program files\alwil software\avast4\ahresstd.dll
c:\program files\alwil software\avast4\ahresws.dll
c:\program files\alwil software\avast4\ashssqlt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\icmp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\perfos.dll
c:\program files\alwil software\avast4\aswres.dll
c:\windows\system32\secur32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\atl.dll
c:\windows\system32\userenv.dll
c:\windows\system32\setupapi.dll
C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\browseui.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\userenv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\themeui.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\atl.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\winsta.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\midimap.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\wzcsapi.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\browselc.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\zipfldr.dll
c:\program files\alwil software\avast4\ashshell.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\mydocs.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\netui0.dll
c:\windows\system32\netui1.dll
c:\windows\system32\netrap.dll
c:\windows\system32\samlib.dll
c:\windows\system32\davclnt.dll
c:\program files\windows live\messenger\fsshext.8.5.1302.1018.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
c:\windows\system32\shgina.dll
c:\windows\system32\msgina.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\cabinet.dll
c:\program files\openoffice.org 2.3\program\shlxthdl.dll
c:\program files\openoffice.org 2.3\program\uwinapi.dll
c:\program files\openoffice.org 2.3\program\msvcr71.dll
c:\program files\openoffice.org 2.3\program\stlport_vc7145.dll
c:\program files\openoffice.org 2.3\program\msvcp71.dll
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
c:\program files\microsoft office\office12\msohevi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\actxprxy.dll
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\spoolss.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\localspl.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winspool.drv
c:\windows\system32\netapi32.dll
c:\windows\system32\cnbjmon.dll
c:\windows\system32\pjlmon.dll
c:\windows\system32\tcpmon.dll
c:\windows\system32\usbmon.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\win32spl.dll
c:\windows\system32\netrap.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\inetpp.dll
c:\windows\system32\xpsp2res.dll
C:\PROGRA~1\ALWILS~1\AVAST4\ASHDISP.EXE
c:\progra~1\alwils~1\avast4\ashdisp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\progra~1\alwils~1\avast4\aswcmnos.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcp71.dll
c:\windows\system32\msvcr71.dll
c:\windows\syst
0
Réponse 7 / 31
Oxford trainee
 
hum,
est ce que je peux avoir un rapport d'avast autrement qu'en attendant la fin d'un scan complet? notamment le rapport de ce qu'il y a en quarantaine?
Merci
0
Réponse 8 / 31
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

vide la quarantaine d'ad aware.

pour avast, non, on attend la fin.
0
Réponse 9 / 31
Oxford trainee
 
Voici donc le contenu de la quarantaine d'avast

fichier infecté localisation d'origine Virus
b104.exe C:\WINDOWS Win32:Trojan-gen [other]
b138.exe C:\WINDOWS Win32:Trojan-gen [other]
b151.exe C:\WINDOWS Win32:Agent-PQR [Trj]
TTC.dll C:\Program Files Win32:Adloader-KH [Trj]
virus2.com C:\WINDOWS\system32 EICAR Test-NOT virus!!

Le dernier vient sûrement du fait que j'ai lancé PC SECURITY TEST. Voilà, merci d'avance.
0
Réponse 10 / 31
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

tu peux vider aussi la quarantaine d'avast.

remets un rapport hijackthis.
0
Réponse 11 / 31
Oxford trainee
 
re, je sais vraiment pas comment tu fais pour t'y retrouver dans tant de bazar, lol, mais voici le nouveau rapport hijackthis (il scan en 10sec, c normal?je trouve ç rapide...). Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:36, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\DOCUME~1\PIERRO~1\LOCALS~1\Temp\services.exe
C:\WINDOWS\system32\E0E0E0E4E9E3ECE.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ED7259EB-14F0-4880-ACE2-3742F32FA7BF} - C:\Program Files\Windows Media Player\meqocadonC:\DOCUME~1\PIERRO~1\LOCALS~1\Temp\mst455101.exe.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\PIERRO~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [050505090E0811110] E0E0E0E4E9E3ECE.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 12 / 31
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
re,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
0
Réponse 13 / 31
Oxford trainee
 
re,
voici déjà le rapport SDFix. Par contre, au redémarrage, j'ai une fenêtre Windows qui me dit : "Des fichiers nécessaires au fonctionnement de windows ont étéremplacés par des fichiers d'une version non reconnue. Pour maintenir la stabilité du système, Windows doit restaurer la version originale de ces fichiers." Que faire??? merci

SDFix: Version 1.129

Run by Pierrot et Clairette on 20/01/2008 at 15:42

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\PIERRO~1\Bureau\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\DOCUME~1\PIERRO~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\b14?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted

Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Temporary - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 15:47:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D\n\21]
"DisplayName"="\xb973\x778e"
"DeviceDesc"="\xb973\x778e"
"ProviderName"="\x27fc\21\xee18\x7c91\x286c\21\b"
"MFG"="\xc1bf\b\xe12b\x1803\x684"
"ReinstallString"=".10.1000.6"
"DeviceInstanceIds"=str(7):"c:\documents and settings\pierrot et clairette\bureau\vga_xp32_070824\sbdrv\smbus\smbusati.inf"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"
"C:\\DOCUME~1\\PIERRO~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\PIERRO~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Disabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\PIERRO~1\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT5.tmp"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT8.tmp"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITC.tmp"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT4.tmp"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT9.tmp"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT6.tmp"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BITB.tmp"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT7.tmp"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITA.tmp"

Finished!
0
Réponse 14 / 31
Oxford trainee
 
... et le rapport hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:00, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\E0E0E0E4E9E3ECE.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ED7259EB-14F0-4880-ACE2-3742F32FA7BF} - C:\Program Files\Windows Media Player\meqocadonC:\DOCUME~1\PIERRO~1\LOCALS~1\Temp\mst455101.exe.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [050505090E0811110] E0E0E0E4E9E3ECE.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 15 / 31
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]
========================================

1) Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\E0E0E0E4E9E3ECE.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

2) Relance HijackThis.

Choisis Do a scan only

Coche la case devant les lignes suivantes

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {ED7259EB-14F0-4880-ACE2-3742F32FA7BF} - C:\Program Files\Windows Media Player\meqocadonC:\DOCUME~1\PIERRO~1\LOCALS~1\Temp\mst455101.exe.dll (file missing)
O4 - HKLM\..\Run: [050505090E0811110] E0E0E0E4E9E3ECE.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
Inconnu
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
Inconnu
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.
0
Réponse 16 / 31
Matt0013 Messages postés 117 Statut Membre
 
Salut Lyonnais92 desolé de poster ici, tu as le temps pour qu'on finisse notre manip?
0
Réponse 17 / 31
Oxford trainee
 
re,
Voilà le rapport de virustotal

Fichier 2128272B2C2B2.EXE reçu le 2008.01.15 17:16:31 (CET)
Situation actuelle: terminé
Résultat: 4/32 (12.50%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - Trojan-Spy.Win32.Banbra.z
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Win32.EPO.gen (suspicious)
Information additionnelle
MD5: 2a51f6176a685c3205f6ca5d1220d0fe
SHA1: c6cee85fcbc65799fae36d2d1cf64f78cf831034
SHA256: cca35f16bec27aee5ea76335646b96c2fe454d08ec1f278b7c10d46de98c2eab
SHA512: 729007133a95c230ecbda29452ccd6177a98459b1adb810eba2436d7b0aa992d c509bf5e1529c7bcdef963ecc55b70ee07e4e551cd19e8ead6aeaa20c12f74a8
0
Réponse 18 / 31
Oxford trainee
 
re,
ça y est, tout est fait comme tu me l'as demandé. Qu'est ce que je dois faire maintenant? Et qu'est ce je dois penser de la fenetre windows dont je t'ai parlé?
Merci
0
Réponse 19 / 31
Oxford trainee
 
re-bonjour,
je ne sais pas si mon histoire de virus est résolue, mais du coup, le message de windows concernant les fichiers qui risquent de rendre le système moins stable s'affiche chaque fois que j'allume mon pc, même lorsque je mets les cd service pack 2 pour qu'il y remédie...
Y a-t-il autre chose à faire? je commence un peu à désespérer, ça m'embête d'en arriver là, mais s'il le faut, je vais reformater le disque dur.
Merci
0
Réponse 20 / 31
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

remets un rapport hijackthis.

au pire on fera une réparation de Windows.

On ne te donne pas la liste des fichiers remplacés ?

0

Discussions similaires

impossible d envoyer message a un contact sans être bloquée
vic -
bazfile -

1 réponse