Win32:tratHBO à l'aide!!!
Fermé
v1n3ss0
Messages postés
68
Date d'inscription
lundi 21 janvier 2008
Statut
Membre
Dernière intervention
11 juillet 2012
-
25 janv. 2008 à 19:40
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 26 janv. 2008 à 07:51
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 26 janv. 2008 à 07:51
A voir également:
- Win32:tratHBO à l'aide!!!
- Win32:malware-gen ✓ - Forum Virus
- Trojan win32 - Forum Virus
- Win32 pup gen ✓ - Forum Linux / Unix
- Télécharger win32 valide pour windows 7 gratuit - Forum Windows
- Puadimanager win32 ✓ - Forum Virus
7 réponses
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
25 janv. 2008 à 19:45
25 janv. 2008 à 19:45
salut v1n3ss0.
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
@+
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
@+
v1n3ss0
Messages postés
68
Date d'inscription
lundi 21 janvier 2008
Statut
Membre
Dernière intervention
11 juillet 2012
10
25 janv. 2008 à 20:06
25 janv. 2008 à 20:06
Voici le rapport combofix. Merci beaucoup pour ton aide!!
ComboFix 08-01-23.1C - Wesh ! 2008-01-25 19:52:10.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.59 [GMT 1:00]
Endroit: C:\Documents and Settings\Wesh !\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\ijllm.ini2
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\system32\RCX25.tmp
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
.
2008-01-25 19:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 16:36 . 2008-01-24 16:36 331,776 --a------ C:\WINDOWS\system32\ssqpp.VIR
2008-01-22 13:36 . 2007-01-23 19:02 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-21 22:15 . 2008-01-21 22:15 <REP> d-------- C:\Program Files\Avira
2008-01-21 21:43 . 2008-01-21 21:43 <REP> d-------- C:\Program Files\Trend Micro
2008-01-21 21:26 . 2008-01-21 21:26 334,848 --a------ C:\WINDOWS\system32\mllji.VIR
2008-01-21 20:43 . 2008-01-21 20:44 <REP> d-------- C:\Program Files\Panda Security
2008-01-13 00:20 . 2008-01-13 00:20 39,936 --------- C:\WINDOWS\system32\xxywtur.dll
2008-01-12 20:21 . 2008-01-22 21:45 39,936 --a------ C:\WINDOWS\system32\NTSpool.exe
2008-01-12 20:21 . 2008-01-12 20:24 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-01-09 11:47 . 2008-01-24 14:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-09 11:47 . 2008-01-09 11:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-04 00:04 . 2008-01-04 00:04 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-02 21:27 . 2008-01-03 01:09 <REP> d-------- C:\Program Files\Free Easy Burner
2008-01-02 21:27 . 2000-11-29 00:07 307,200 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-01-02 21:27 . 2006-11-18 10:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx
2008-01-02 21:27 . 1998-07-12 21:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-01-02 21:27 . 1999-03-25 17:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-01-02 21:27 . 2003-04-18 14:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-01-02 21:27 . 2003-04-18 14:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-01-02 21:27 . 1998-07-13 16:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
2008-01-02 21:27 . 2003-01-26 11:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-01-02 21:27 . 1998-07-12 17:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-01-02 21:27 . 1998-07-12 21:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-01-02 20:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-02 20:46 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-02 20:46 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-02 20:46 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-28 18:14 . 2007-12-28 18:14 <REP> d-------- C:\Program Files\On2 Technologies
2007-12-28 18:14 . 2004-08-30 13:25 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-28 18:14 . 2004-08-30 13:23 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2007-12-28 18:14 . 2004-08-30 13:26 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
2007-12-28 18:11 . 2007-12-28 18:11 <REP> d-------- C:\Program Files\Matroska Pack
2007-12-28 18:10 . 2007-12-28 18:10 <REP> d-------- C:\Program Files\XviD
2007-12-28 18:10 . 2007-12-28 18:10 <REP> d-------- C:\Program Files\x264
2007-12-28 18:10 . 2007-12-28 18:10 421,394 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-12-28 18:09 . 2008-01-02 21:43 10,022 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-28 18:09 . 2008-01-02 21:43 56 -r-hs---- C:\WINDOWS\system32\E5DFE12874.sys
2007-12-28 18:08 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-28 18:06 . 2007-12-28 18:06 <REP> d-------- C:\Program Files\Ripp-It Codec Pack
2007-12-28 18:00 . 2007-12-28 18:00 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-12-28 17:59 . 2008-01-02 22:55 <REP> d-------- C:\Program Files\Ripp-it_AM
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 18:56 --------- d-----w C:\Program Files\iTunes
2008-01-25 18:56 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-25 16:22 --------- d-----w C:\Program Files\Webtarot
2008-01-24 19:08 --------- d-----w C:\Program Files\MSN Messenger
2008-01-22 13:13 --------- d-----w C:\Program Files\QuickTime
2008-01-21 18:50 --------- d-----w C:\Program Files\eMule
2007-12-28 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 17:09 --------- d-----w C:\Program Files\DivX
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
.
[code]<pre>
----a-w 39,792 2008-01-23 18:02:15 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 249,896 2008-01-23 18:02:20 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
----a-w 171,464 2008-01-23 18:02:47 C:\Program Files\DAEMON Tools\daemon .exe
----a-w 185,632 2008-01-23 18:02:12 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
----a-w 68,856 2008-01-23 18:02:30 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 267,064 2008-01-23 18:02:15 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-23 18:02:17 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 1,694,208 2008-01-24 10:18:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 5,674,352 2008-01-23 01:42:57 C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w 15,360 2007-01-23 18:02:25 C:\WINDOWS\system32\ctfmon .exe
----a-w 131,072 2008-01-23 18:02:11 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBEE .EXE
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F1CE1D3-7143-4BB1-80A3-0190A52CDF48}]
2008-01-13 00:20 39936 --------- C:\WINDOWS\system32\xxywtur.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D82B18D2-FB7A-4828-BB60-EDF46F7A9431}]
C:\WINDOWS\system32\mllji.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F38CEF60-147C-405C-BB01-039502DBAB69}]
C:\WINDOWS\system32\ssqpp.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-23 22:15 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
C:\Documents and Settings\Wesh !\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"NTSpool"= NTSpool.exe
"System Patcher"= BTCPatcher.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3F1CE1D3-7143-4BB1-80A3-0190A52CDF48}"= C:\WINDOWS\system32\xxywtur.dll [2008-01-13 00:20 39936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywtur]
xxywtur.dll 2008-01-13 00:20 39936 C:\WINDOWS\system32\xxywtur.dll
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-20 10:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 19:58:55
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
Temps d'accomplissement: 2008-01-25 20:03:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 19:02:51
.
2008-01-22 12:54:29 --- E O F ---
ComboFix 08-01-23.1C - Wesh ! 2008-01-25 19:52:10.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.59 [GMT 1:00]
Endroit: C:\Documents and Settings\Wesh !\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\ijllm.ini2
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\system32\RCX25.tmp
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
.
2008-01-25 19:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 16:36 . 2008-01-24 16:36 331,776 --a------ C:\WINDOWS\system32\ssqpp.VIR
2008-01-22 13:36 . 2007-01-23 19:02 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-21 22:15 . 2008-01-21 22:15 <REP> d-------- C:\Program Files\Avira
2008-01-21 21:43 . 2008-01-21 21:43 <REP> d-------- C:\Program Files\Trend Micro
2008-01-21 21:26 . 2008-01-21 21:26 334,848 --a------ C:\WINDOWS\system32\mllji.VIR
2008-01-21 20:43 . 2008-01-21 20:44 <REP> d-------- C:\Program Files\Panda Security
2008-01-13 00:20 . 2008-01-13 00:20 39,936 --------- C:\WINDOWS\system32\xxywtur.dll
2008-01-12 20:21 . 2008-01-22 21:45 39,936 --a------ C:\WINDOWS\system32\NTSpool.exe
2008-01-12 20:21 . 2008-01-12 20:24 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-01-09 11:47 . 2008-01-24 14:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-09 11:47 . 2008-01-09 11:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-04 00:04 . 2008-01-04 00:04 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-02 21:27 . 2008-01-03 01:09 <REP> d-------- C:\Program Files\Free Easy Burner
2008-01-02 21:27 . 2000-11-29 00:07 307,200 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-01-02 21:27 . 2006-11-18 10:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx
2008-01-02 21:27 . 1998-07-12 21:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-01-02 21:27 . 1999-03-25 17:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-01-02 21:27 . 2003-04-18 14:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-01-02 21:27 . 2003-04-18 14:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-01-02 21:27 . 1998-07-13 16:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
2008-01-02 21:27 . 2003-01-26 11:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-01-02 21:27 . 1998-07-12 17:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-01-02 21:27 . 1998-07-12 21:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-01-02 20:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-02 20:46 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-02 20:46 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-02 20:46 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-28 18:14 . 2007-12-28 18:14 <REP> d-------- C:\Program Files\On2 Technologies
2007-12-28 18:14 . 2004-08-30 13:25 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-28 18:14 . 2004-08-30 13:23 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2007-12-28 18:14 . 2004-08-30 13:26 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
2007-12-28 18:11 . 2007-12-28 18:11 <REP> d-------- C:\Program Files\Matroska Pack
2007-12-28 18:10 . 2007-12-28 18:10 <REP> d-------- C:\Program Files\XviD
2007-12-28 18:10 . 2007-12-28 18:10 <REP> d-------- C:\Program Files\x264
2007-12-28 18:10 . 2007-12-28 18:10 421,394 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-12-28 18:09 . 2008-01-02 21:43 10,022 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-28 18:09 . 2008-01-02 21:43 56 -r-hs---- C:\WINDOWS\system32\E5DFE12874.sys
2007-12-28 18:08 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-28 18:06 . 2007-12-28 18:06 <REP> d-------- C:\Program Files\Ripp-It Codec Pack
2007-12-28 18:00 . 2007-12-28 18:00 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-12-28 17:59 . 2008-01-02 22:55 <REP> d-------- C:\Program Files\Ripp-it_AM
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 18:56 --------- d-----w C:\Program Files\iTunes
2008-01-25 18:56 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-25 16:22 --------- d-----w C:\Program Files\Webtarot
2008-01-24 19:08 --------- d-----w C:\Program Files\MSN Messenger
2008-01-22 13:13 --------- d-----w C:\Program Files\QuickTime
2008-01-21 18:50 --------- d-----w C:\Program Files\eMule
2007-12-28 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 17:09 --------- d-----w C:\Program Files\DivX
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
.
[code]<pre>
----a-w 39,792 2008-01-23 18:02:15 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 249,896 2008-01-23 18:02:20 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
----a-w 171,464 2008-01-23 18:02:47 C:\Program Files\DAEMON Tools\daemon .exe
----a-w 185,632 2008-01-23 18:02:12 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
----a-w 68,856 2008-01-23 18:02:30 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 267,064 2008-01-23 18:02:15 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-23 18:02:17 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 1,694,208 2008-01-24 10:18:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 5,674,352 2008-01-23 01:42:57 C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w 15,360 2007-01-23 18:02:25 C:\WINDOWS\system32\ctfmon .exe
----a-w 131,072 2008-01-23 18:02:11 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBEE .EXE
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F1CE1D3-7143-4BB1-80A3-0190A52CDF48}]
2008-01-13 00:20 39936 --------- C:\WINDOWS\system32\xxywtur.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D82B18D2-FB7A-4828-BB60-EDF46F7A9431}]
C:\WINDOWS\system32\mllji.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F38CEF60-147C-405C-BB01-039502DBAB69}]
C:\WINDOWS\system32\ssqpp.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-23 22:15 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
C:\Documents and Settings\Wesh !\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"NTSpool"= NTSpool.exe
"System Patcher"= BTCPatcher.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3F1CE1D3-7143-4BB1-80A3-0190A52CDF48}"= C:\WINDOWS\system32\xxywtur.dll [2008-01-13 00:20 39936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywtur]
xxywtur.dll 2008-01-13 00:20 39936 C:\WINDOWS\system32\xxywtur.dll
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-20 10:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 19:58:55
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
Temps d'accomplissement: 2008-01-25 20:03:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 19:02:51
.
2008-01-22 12:54:29 --- E O F ---
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
25 janv. 2008 à 20:17
25 janv. 2008 à 20:17
re,
par feu : kerio
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
ou zone alarm plus facil a configurer mais moins performant
http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html
Copie le texte ci-dessous :
File::
C:\WINDOWS\system32\xxywtur.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\mllji.VIR
C:\WINDOWS\system32\NTSpool.exe
C:\WINDOWS\system32\rar.exe
C:\WINDOWS\system32\ssqpp.VIR
C:\WINDOWS\system32\BTCPatcher.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F1CE1D3-7143-4BB1-80A3-0190A52CDF48}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D82B18D2-FB7A-4828-BB60-EDF46F7A9431}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F38CEF60-147C-405C-BB01-039502DBAB69}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"NTSpool"=-
"System Patcher"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3F1CE1D3-7143-4BB1-80A3-0190A52CDF48}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywtur]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
par feu : kerio
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
ou zone alarm plus facil a configurer mais moins performant
http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html
Copie le texte ci-dessous :
File::
C:\WINDOWS\system32\xxywtur.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\mllji.VIR
C:\WINDOWS\system32\NTSpool.exe
C:\WINDOWS\system32\rar.exe
C:\WINDOWS\system32\ssqpp.VIR
C:\WINDOWS\system32\BTCPatcher.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F1CE1D3-7143-4BB1-80A3-0190A52CDF48}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D82B18D2-FB7A-4828-BB60-EDF46F7A9431}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F38CEF60-147C-405C-BB01-039502DBAB69}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"NTSpool"=-
"System Patcher"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3F1CE1D3-7143-4BB1-80A3-0190A52CDF48}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywtur]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
v1n3ss0
Messages postés
68
Date d'inscription
lundi 21 janvier 2008
Statut
Membre
Dernière intervention
11 juillet 2012
10
25 janv. 2008 à 21:10
25 janv. 2008 à 21:10
Le nouveau rapport Combofix
ComboFix 08-01-23.1C - Wesh ! 2008-01-25 20:46:13.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.74 [GMT 1:00]
Endroit: C:\Documents and Settings\Wesh !\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Wesh !\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE
C:\WINDOWS\system32\BTCPatcher.exe
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mllji.VIR
C:\WINDOWS\system32\NTSpool.exe
C:\WINDOWS\system32\rar.exe
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ssqpp.VIR
C:\WINDOWS\system32\xxywtur.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\mllji.VIR
C:\WINDOWS\system32\NTSpool.exe
C:\WINDOWS\system32\rar.exe
C:\WINDOWS\system32\ssqpp.VIR
C:\WINDOWS\system32\xxywtur.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
.
2008-01-25 20:27 . 2008-01-25 20:27 <REP> d-------- C:\Program Files\Kerio
2008-01-25 19:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 13:36 . 2007-01-23 19:02 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-21 22:15 . 2008-01-21 22:15 <REP> d-------- C:\Program Files\Avira
2008-01-21 21:43 . 2008-01-21 21:43 <REP> d-------- C:\Program Files\Trend Micro
2008-01-21 20:43 . 2008-01-21 20:44 <REP> d-------- C:\Program Files\Panda Security
2008-01-09 11:47 . 2008-01-24 14:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-09 11:47 . 2008-01-09 11:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-04 00:04 . 2008-01-04 00:04 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-02 21:27 . 2008-01-03 01:09 <REP> d-------- C:\Program Files\Free Easy Burner
2008-01-02 21:27 . 2000-11-29 00:07 307,200 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-01-02 21:27 . 2006-11-18 10:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx
2008-01-02 21:27 . 1998-07-12 21:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-01-02 21:27 . 1999-03-25 17:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-01-02 21:27 . 2003-04-18 14:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-01-02 21:27 . 2003-04-18 14:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-01-02 21:27 . 1998-07-13 16:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
2008-01-02 21:27 . 2003-01-26 11:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-01-02 21:27 . 1998-07-12 17:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-01-02 21:27 . 1998-07-12 21:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-01-02 20:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-02 20:46 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-02 20:46 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-02 20:46 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-28 18:14 . 2007-12-28 18:14 <REP> d-------- C:\Program Files\On2 Technologies
2007-12-28 18:14 . 2004-08-30 13:25 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-28 18:14 . 2004-08-30 13:23 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2007-12-28 18:14 . 2004-08-30 13:26 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
2007-12-28 18:11 . 2007-12-28 18:11 <REP> d-------- C:\Program Files\Matroska Pack
2007-12-28 18:10 . 2007-12-28 18:10 <REP> d-------- C:\Program Files\XviD
2007-12-28 18:10 . 2007-12-28 18:10 <REP> d-------- C:\Program Files\x264
2007-12-28 18:10 . 2007-12-28 18:10 421,394 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-12-28 18:09 . 2008-01-02 21:43 10,022 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-28 18:09 . 2008-01-02 21:43 56 -r-hs---- C:\WINDOWS\system32\E5DFE12874.sys
2007-12-28 18:08 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-28 18:06 . 2007-12-28 18:06 <REP> d-------- C:\Program Files\Ripp-It Codec Pack
2007-12-28 18:00 . 2007-12-28 18:00 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-12-28 17:59 . 2008-01-02 22:55 <REP> d-------- C:\Program Files\Ripp-it_AM
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 18:56 --------- d-----w C:\Program Files\iTunes
2008-01-25 18:56 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-25 16:22 --------- d-----w C:\Program Files\Webtarot
2008-01-24 19:08 --------- d-----w C:\Program Files\MSN Messenger
2008-01-22 13:13 --------- d-----w C:\Program Files\QuickTime
2008-01-21 18:50 --------- d-----w C:\Program Files\eMule
2007-12-28 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 17:09 --------- d-----w C:\Program Files\DivX
.
[code]<pre>
----a-w 39,792 2008-01-23 18:02:15 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 249,896 2008-01-23 18:02:20 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
----a-w 171,464 2008-01-23 18:02:47 C:\Program Files\DAEMON Tools\daemon .exe
----a-w 185,632 2008-01-23 18:02:12 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
----a-w 68,856 2008-01-23 18:02:30 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 267,064 2008-01-23 18:02:15 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-23 18:02:17 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 1,694,208 2008-01-24 10:18:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 5,674,352 2008-01-23 01:42:57 C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w 15,360 2007-01-23 18:02:25 C:\WINDOWS\system32\ctfmon .exe
----a-w 131,072 2008-01-23 18:02:11 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBEE .EXE
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-25_20.02.21.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 18:50:31 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-25 19:45:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-25 18:50:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-25 19:45:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-25 18:50:31 3,256,320 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-25 19:45:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-25 18:50:32 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-25 19:45:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-25 18:50:32 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-25 19:45:43 3,268,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-25 18:50:32 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-25 19:45:43 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2004-04-15 10:02:56 147,456 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-23 22:15 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
C:\Documents and Settings\Wesh !\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-04-15 11:02]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-20 10:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 21:03:49
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
Temps d'accomplissement: 2008-01-25 21:08:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 20:08:12
ComboFix2.txt 2008-01-25 19:03:00
.
2008-01-22 12:54:29 --- E O F ---
Le rapport HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:12, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
ComboFix 08-01-23.1C - Wesh ! 2008-01-25 20:46:13.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.74 [GMT 1:00]
Endroit: C:\Documents and Settings\Wesh !\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Wesh !\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE
C:\WINDOWS\system32\BTCPatcher.exe
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mllji.VIR
C:\WINDOWS\system32\NTSpool.exe
C:\WINDOWS\system32\rar.exe
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ssqpp.VIR
C:\WINDOWS\system32\xxywtur.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\mllji.VIR
C:\WINDOWS\system32\NTSpool.exe
C:\WINDOWS\system32\rar.exe
C:\WINDOWS\system32\ssqpp.VIR
C:\WINDOWS\system32\xxywtur.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
.
2008-01-25 20:27 . 2008-01-25 20:27 <REP> d-------- C:\Program Files\Kerio
2008-01-25 19:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 13:36 . 2007-01-23 19:02 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-21 22:15 . 2008-01-21 22:15 <REP> d-------- C:\Program Files\Avira
2008-01-21 21:43 . 2008-01-21 21:43 <REP> d-------- C:\Program Files\Trend Micro
2008-01-21 20:43 . 2008-01-21 20:44 <REP> d-------- C:\Program Files\Panda Security
2008-01-09 11:47 . 2008-01-24 14:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-09 11:47 . 2008-01-09 11:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-04 00:04 . 2008-01-04 00:04 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-02 21:27 . 2008-01-03 01:09 <REP> d-------- C:\Program Files\Free Easy Burner
2008-01-02 21:27 . 2000-11-29 00:07 307,200 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-01-02 21:27 . 2006-11-18 10:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx
2008-01-02 21:27 . 1998-07-12 21:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-01-02 21:27 . 1999-03-25 17:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-01-02 21:27 . 2003-04-18 14:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-01-02 21:27 . 2003-04-18 14:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-01-02 21:27 . 1998-07-13 16:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
2008-01-02 21:27 . 2003-01-26 11:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-01-02 21:27 . 1998-07-12 17:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-01-02 21:27 . 1998-07-12 21:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-01-02 20:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-02 20:46 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-02 20:46 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-02 20:46 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-28 18:14 . 2007-12-28 18:14 <REP> d-------- C:\Program Files\On2 Technologies
2007-12-28 18:14 . 2004-08-30 13:25 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-28 18:14 . 2004-08-30 13:23 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2007-12-28 18:14 . 2004-08-30 13:26 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
2007-12-28 18:11 . 2007-12-28 18:11 <REP> d-------- C:\Program Files\Matroska Pack
2007-12-28 18:10 . 2007-12-28 18:10 <REP> d-------- C:\Program Files\XviD
2007-12-28 18:10 . 2007-12-28 18:10 <REP> d-------- C:\Program Files\x264
2007-12-28 18:10 . 2007-12-28 18:10 421,394 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-12-28 18:09 . 2008-01-02 21:43 10,022 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-28 18:09 . 2008-01-02 21:43 56 -r-hs---- C:\WINDOWS\system32\E5DFE12874.sys
2007-12-28 18:08 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-28 18:06 . 2007-12-28 18:06 <REP> d-------- C:\Program Files\Ripp-It Codec Pack
2007-12-28 18:00 . 2007-12-28 18:00 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-12-28 17:59 . 2008-01-02 22:55 <REP> d-------- C:\Program Files\Ripp-it_AM
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 18:56 --------- d-----w C:\Program Files\iTunes
2008-01-25 18:56 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-25 16:22 --------- d-----w C:\Program Files\Webtarot
2008-01-24 19:08 --------- d-----w C:\Program Files\MSN Messenger
2008-01-22 13:13 --------- d-----w C:\Program Files\QuickTime
2008-01-21 18:50 --------- d-----w C:\Program Files\eMule
2007-12-28 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 17:09 --------- d-----w C:\Program Files\DivX
.
[code]<pre>
----a-w 39,792 2008-01-23 18:02:15 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 249,896 2008-01-23 18:02:20 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
----a-w 171,464 2008-01-23 18:02:47 C:\Program Files\DAEMON Tools\daemon .exe
----a-w 185,632 2008-01-23 18:02:12 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
----a-w 68,856 2008-01-23 18:02:30 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 267,064 2008-01-23 18:02:15 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-23 18:02:17 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 1,694,208 2008-01-24 10:18:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 5,674,352 2008-01-23 01:42:57 C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w 15,360 2007-01-23 18:02:25 C:\WINDOWS\system32\ctfmon .exe
----a-w 131,072 2008-01-23 18:02:11 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBEE .EXE
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-25_20.02.21.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 18:50:31 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-25 19:45:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-25 18:50:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-25 19:45:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-25 18:50:31 3,256,320 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-25 19:45:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-25 18:50:32 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-25 19:45:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-25 18:50:32 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-25 19:45:43 3,268,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-25 18:50:32 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-25 19:45:43 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2004-04-15 10:02:56 147,456 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-23 22:15 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
C:\Documents and Settings\Wesh !\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-04-15 11:02]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-20 10:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 21:03:49
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
Temps d'accomplissement: 2008-01-25 21:08:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 20:08:12
ComboFix2.txt 2008-01-25 19:03:00
.
2008-01-22 12:54:29 --- E O F ---
Le rapport HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:12, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
25 janv. 2008 à 21:22
25 janv. 2008 à 21:22
ok
c´est beaucoup mieux, avira a du se calmer non ?
maintenant :
tu surf avec internet explorer 6.0 = failles de securitées importantes
alors fais les mises a jour windows : tu veux la version 7.0
et pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox
http://www.firefox.fr/
ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme
et instale la derniere :
https://get2.adobe.com/reader/otherversions/
ou foxit plus léger :
https://www.clubic.com/telecharger-fiche13808-foxit-reader.html
anti spyware :
spywareblaster :
http://www.brightfort.com/spywareblaster.html
c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"
tuto : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/question-spywareblaser-sujet_174747_1.htm
telecharge aussi cet anti spyware il a aussi un resident le teatimer :
spybot :
http://www.commentcamarche.net/telecharger/telecharger 122 spybot
http://www.safer-networking.org/fr/faq/33.html
spyware gard :
https://www.zebulon.fr/dossiers/securite/47-spywareguard.html
tous les trois sont complementaires, alors si tu veux; tu peux tous les installer...
puis j´amerais que tu fasse un scan complet de ta machine avec antivir
avec les réglages suivant :
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
post le rapport d´antivir stp
@+
c´est beaucoup mieux, avira a du se calmer non ?
maintenant :
tu surf avec internet explorer 6.0 = failles de securitées importantes
alors fais les mises a jour windows : tu veux la version 7.0
et pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox
http://www.firefox.fr/
ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme
et instale la derniere :
https://get2.adobe.com/reader/otherversions/
ou foxit plus léger :
https://www.clubic.com/telecharger-fiche13808-foxit-reader.html
anti spyware :
spywareblaster :
http://www.brightfort.com/spywareblaster.html
c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"
tuto : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/question-spywareblaser-sujet_174747_1.htm
telecharge aussi cet anti spyware il a aussi un resident le teatimer :
spybot :
http://www.commentcamarche.net/telecharger/telecharger 122 spybot
http://www.safer-networking.org/fr/faq/33.html
spyware gard :
https://www.zebulon.fr/dossiers/securite/47-spywareguard.html
tous les trois sont complementaires, alors si tu veux; tu peux tous les installer...
puis j´amerais que tu fasse un scan complet de ta machine avec antivir
avec les réglages suivant :
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
post le rapport d´antivir stp
@+
v1n3ss0
Messages postés
68
Date d'inscription
lundi 21 janvier 2008
Statut
Membre
Dernière intervention
11 juillet 2012
10
25 janv. 2008 à 23:38
25 janv. 2008 à 23:38
Voila le rapport d'antivir . Apparemment y a encore pas mal de choses à nettoyer. attend instructions... Bonne nuit
AntiVir PersonalEdition Classic
Report file date: vendredi 25 janvier 2008 21:45
Scanning for 1067417 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: WESH-39DA78910D
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 21:19:56
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:19:57
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 21:19:57
ANTIVIR3.VDF : 7.0.2.43 376832 Bytes 24/01/2008 21:15:13
AVEWIN32.DLL : 7.6.0.53 3211776 Bytes 24/01/2008 21:15:13
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 21/01/2008 21:19:57
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: vendredi 25 janvier 2008 21:45
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '17' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\QuickTime\qttask.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '480e59d5.qua'!
C:\QooBox\Quarantine\catchme2008-01-25_210323.31.zip
[0] Archive type: ZIP
--> xxywtur.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '480e5dff.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '48005e18.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mllji.VIR.vir
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '48065e13.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX25.tmp.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[INFO] The file was moved to '47f25dec.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqpp.VIR.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '480b5e1e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xxywtur.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '48135e26.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP115\A0009646.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e0d.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP117\A0009692.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e0f.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP122\A0009927.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e16.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010031.dll
[DETECTION] Is the Trojan horse TR/Vundo.DNL
[INFO] The file was moved to '47ca5e1b.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010032.dll
[DETECTION] Is the Trojan horse TR/Vundo.DNL
[INFO] The file was moved to '46a4092c.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010033.exe
[DETECTION] Is the Trojan horse TR/Drop.Age.1499136
[INFO] The file was moved to '47ca5e1d.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010034.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.22
[INFO] The file was moved to '47ca5e1c.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010035.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWL.1
[INFO] The file was moved to '46a4092d.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010036.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWL.1
[INFO] The file was moved to '47ca5e1e.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010037.dll
[DETECTION] Is the Trojan horse TR/Vundo.DNL
[INFO] The file was moved to '46a4092e.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010038.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWL.1
[INFO] The file was moved to '47ca5e1f.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010039.dll
[DETECTION] Is the Trojan horse TR/Vundo.DNL
[INFO] The file was moved to '46a40910.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010040.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.22
[INFO] The file was moved to '47ca5e21.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010041.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.22
[INFO] The file was moved to '46a4092f.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010042.dll
[DETECTION] Is the Trojan horse TR/Vundo.DNL
[INFO] The file was moved to '47ca5e00.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010043.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWL.1
[INFO] The file was moved to '46a40931.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010044.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[INFO] The file was moved to '47ca5e02.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010045.dll
[DETECTION] Is the Trojan horse TR/Vundo.DNL
[INFO] The file was moved to '46a40912.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010046.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.22
[INFO] The file was moved to '47ca5e23.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010047.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.22
[INFO] The file was moved to '46a40914.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010048.dll
[DETECTION] Is the Trojan horse TR/Vundo.DNL
[INFO] The file was moved to '47ca5e25.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010049.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.22
[INFO] The file was moved to '47ca5e20.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010050.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.22
[INFO] The file was moved to '46a40911.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010061.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a40916.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010063.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e27.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010064.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a40918.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010065.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e22.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010066.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a40913.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010067.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e29.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010068.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a4091a.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010069.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e2b.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010075.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e24.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010094.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e26.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010095.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478cf.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010096.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478c0.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010097.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478c2.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010098.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478c4.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010099.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e28.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010101.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478c1.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010102.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e2a.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010103.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e2d.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010115.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e2c.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010123.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[INFO] The file was moved to '46a478c6.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010181.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e2f.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010182.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478d8.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010183.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e30.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010184.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478d9.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010185.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e32.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010186.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e31.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010187.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478da.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010188.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e33.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010189.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478db.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010192.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.8
[INFO] The file was moved to '47ca5e34.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010202.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478dc.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010222.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e36.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010224.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478df.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010225.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e08.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010226.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e37.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010227.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478d0.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010228.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e39.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010229.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e38.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010230.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478d1.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010231.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478d2.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010232.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[INFO] The file was moved to '47ca5e3b.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010243.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e3a.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010299.dll
[DETECTION] Is the Trojan horse TR/Dldr.Small.hva
[INFO] The file was moved to '46a478d4.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010304.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e3c.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010305.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478d5.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010340.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e3d.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP126\A0010374.dll
[DETECTION] Is the Trojan horse TR/Dldr.Small.hva
[INFO] The file was moved to '47ca5e3f.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP126\A0010404.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e45.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010408.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e46.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010409.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e47.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010410.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a478a0.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010411.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e49.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010412.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a478a2.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010413.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e48.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010414.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a478a1.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010415.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e4a.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010416.dll
[DETECTION] Is the Trojan horse TR/Dldr.Small.hva
[INFO] The file was moved to '46a478a3.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010417.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e4b.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010418.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a478a4.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010419.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e4d.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010420.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[INFO] The file was moved to '46a478a6.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010421.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e4c.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010422.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478a5.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010423.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e4e.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010424.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e4f.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010425.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478b8.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP129\A0010488.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e50.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP129\A0010532.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e51.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
End of the scan: vendredi 25 janvier 2008 23:19
Used time: 1:33:28 min
The scan has been done completely.
5310 Scanning directories
314788 Files were scanned
98 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
98 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
314690 Files not concerned
1903 Archives were scanned
3 Warnings
0 Notes
AntiVir PersonalEdition Classic
Report file date: vendredi 25 janvier 2008 21:45
Scanning for 1067417 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: WESH-39DA78910D
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 21:19:56
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:19:57
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 21:19:57
ANTIVIR3.VDF : 7.0.2.43 376832 Bytes 24/01/2008 21:15:13
AVEWIN32.DLL : 7.6.0.53 3211776 Bytes 24/01/2008 21:15:13
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 21/01/2008 21:19:57
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: vendredi 25 janvier 2008 21:45
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '17' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\QuickTime\qttask.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '480e59d5.qua'!
C:\QooBox\Quarantine\catchme2008-01-25_210323.31.zip
[0] Archive type: ZIP
--> xxywtur.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '480e5dff.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '48005e18.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mllji.VIR.vir
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '48065e13.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX25.tmp.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[INFO] The file was moved to '47f25dec.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqpp.VIR.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '480b5e1e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xxywtur.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '48135e26.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP115\A0009646.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e0d.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP117\A0009692.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e0f.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP122\A0009927.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e16.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010031.dll
[DETECTION] Is the Trojan horse TR/Vundo.DNL
[INFO] The file was moved to '47ca5e1b.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010032.dll
[DETECTION] Is the Trojan horse TR/Vundo.DNL
[INFO] The file was moved to '46a4092c.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010033.exe
[DETECTION] Is the Trojan horse TR/Drop.Age.1499136
[INFO] The file was moved to '47ca5e1d.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010034.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.22
[INFO] The file was moved to '47ca5e1c.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010035.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWL.1
[INFO] The file was moved to '46a4092d.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010036.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWL.1
[INFO] The file was moved to '47ca5e1e.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010037.dll
[DETECTION] Is the Trojan horse TR/Vundo.DNL
[INFO] The file was moved to '46a4092e.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010038.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWL.1
[INFO] The file was moved to '47ca5e1f.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010039.dll
[DETECTION] Is the Trojan horse TR/Vundo.DNL
[INFO] The file was moved to '46a40910.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010040.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.22
[INFO] The file was moved to '47ca5e21.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010041.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.22
[INFO] The file was moved to '46a4092f.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010042.dll
[DETECTION] Is the Trojan horse TR/Vundo.DNL
[INFO] The file was moved to '47ca5e00.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010043.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWL.1
[INFO] The file was moved to '46a40931.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010044.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[INFO] The file was moved to '47ca5e02.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010045.dll
[DETECTION] Is the Trojan horse TR/Vundo.DNL
[INFO] The file was moved to '46a40912.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010046.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.22
[INFO] The file was moved to '47ca5e23.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010047.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.22
[INFO] The file was moved to '46a40914.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010048.dll
[DETECTION] Is the Trojan horse TR/Vundo.DNL
[INFO] The file was moved to '47ca5e25.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010049.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.22
[INFO] The file was moved to '47ca5e20.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010050.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.22
[INFO] The file was moved to '46a40911.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010061.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a40916.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010063.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e27.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010064.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a40918.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010065.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e22.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010066.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a40913.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010067.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e29.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010068.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a4091a.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010069.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e2b.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP123\A0010075.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e24.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010094.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e26.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010095.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478cf.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010096.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478c0.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010097.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478c2.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010098.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478c4.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010099.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e28.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010101.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478c1.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010102.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e2a.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010103.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e2d.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010115.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e2c.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010123.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[INFO] The file was moved to '46a478c6.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010181.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e2f.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010182.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478d8.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010183.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e30.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010184.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478d9.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010185.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e32.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010186.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e31.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010187.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478da.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010188.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e33.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010189.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478db.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010192.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.8
[INFO] The file was moved to '47ca5e34.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP124\A0010202.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478dc.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010222.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e36.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010224.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478df.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010225.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e08.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010226.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e37.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010227.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478d0.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010228.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e39.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010229.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e38.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010230.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478d1.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010231.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478d2.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010232.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[INFO] The file was moved to '47ca5e3b.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010243.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e3a.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010299.dll
[DETECTION] Is the Trojan horse TR/Dldr.Small.hva
[INFO] The file was moved to '46a478d4.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010304.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e3c.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010305.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478d5.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP125\A0010340.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e3d.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP126\A0010374.dll
[DETECTION] Is the Trojan horse TR/Dldr.Small.hva
[INFO] The file was moved to '47ca5e3f.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP126\A0010404.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e45.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010408.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e46.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010409.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e47.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010410.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a478a0.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010411.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e49.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010412.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a478a2.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010413.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e48.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010414.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a478a1.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010415.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e4a.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010416.dll
[DETECTION] Is the Trojan horse TR/Dldr.Small.hva
[INFO] The file was moved to '46a478a3.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010417.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e4b.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010418.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a478a4.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010419.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e4d.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010420.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[INFO] The file was moved to '46a478a6.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010421.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e4c.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010422.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478a5.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010423.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e4e.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010424.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e4f.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP127\A0010425.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '46a478b8.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP129\A0010488.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ca5e50.qua'!
C:\System Volume Information\_restore{1BEF003A-BF60-47E7-92D0-BF33FF0069CA}\RP129\A0010532.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[INFO] The file was moved to '47ca5e51.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
End of the scan: vendredi 25 janvier 2008 23:19
Used time: 1:33:28 min
The scan has been done completely.
5310 Scanning directories
314788 Files were scanned
98 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
98 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
314690 Files not concerned
1903 Archives were scanned
3 Warnings
0 Notes
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
26 janv. 2008 à 07:51
26 janv. 2008 à 07:51
salut v1n3ss0,
fais ceci :
A.V.G :
-> Télécharger AVG Anti-Spyware (ewido)
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
-> L´installer.
-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...
p.s : si les mises a jours ne se font pas, elles sont telechargable ici :
http://downloads.ewido.net/avgas-signatures-full-current.exe
-> Sur la page "analyse":
choisir d´abord l'onglet "paramètres".
sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».
-> Lancer le scan, (c´est long...).
-> A la fin du scan copier Et coller le rapport ici.
-> Une aide en image au cas ou :
Tutoriel d´installation et de parametrages :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
note ; a la fin du scan tu supprime bien tous ce qu´il a trouvé.
@+
fais ceci :
A.V.G :
-> Télécharger AVG Anti-Spyware (ewido)
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
-> L´installer.
-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...
p.s : si les mises a jours ne se font pas, elles sont telechargable ici :
http://downloads.ewido.net/avgas-signatures-full-current.exe
-> Sur la page "analyse":
choisir d´abord l'onglet "paramètres".
sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».
-> Lancer le scan, (c´est long...).
-> A la fin du scan copier Et coller le rapport ici.
-> Une aide en image au cas ou :
Tutoriel d´installation et de parametrages :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
note ; a la fin du scan tu supprime bien tous ce qu´il a trouvé.
@+