Sujet Précédent Sujet Suivant

Problemes de spyware.aidez moi !!! merci

Zoidberg -  
ep44 Messages postés 7432 Statut Contributeur -
Bonjour à tous, voila j'ai continuellement des pages internet qui apparaissent contre ma volonté et je ne sais pas comment resoudre ce probleme.
Merci le moindre conseil sera le bienvenue.
A+

28 réponses

  • 1
  • 2
Réponse 1 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonjour

Télécharge sur le bureau

ftp://ftp.commentcamarche.com/download/HJTInstall.exe

= Double-clic dessus pour l'installer
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
0
Réponse 2 / 28
Zoidberg
 
ok
voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:28, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
D:\Bureautique\Ad aware\aawservice.exe
D:\Bureautique\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\windows\SOUNDMAN.EXE
D:\Programmes\Imprimante HP PSC1500\HP Software Update\HPWuSchd2.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
D:\Programmes\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
D:\Programmes\Imprimante HP PSC1500\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\Watch.exe
D:\Programmes\Imprimante HP PSC1500\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
H:\Bitlord\BitLord.exe
C:\windows\explorer.exe
C:\windows\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Bureautique\VLC media player\VLC\vlc.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Programmes\Reader\AcroRd32Info.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {3B0692CD-14B7-4D2C-90B5-11385C22EB04} - C:\windows\system32\pmkjh.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Bureautique\Spybot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7A5565EF-A594-46E4-AF56-FE71AEAFD7D5} - C:\windows\system32\xxyvttt.dll
O2 - BHO: {0c4f5307-522c-a96b-6974-34febcc5cba7} - {7abc5ccb-ef43-4796-b69a-c2257035f4c0} - C:\windows\system32\wpkfrxyf.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {975E73FC-CE62-4928-9DBE-C5C8080EE94F} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\windows\system32\ydumpjai.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF6D94CF-0006-40AB-B3DA-F006D09B1CE9} - (no file)
O2 - BHO: (no name) - {FFCFA460-55B0-4634-8907-4AED1593C246} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] D:\Programmes\Imprimante HP PSC1500\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] D:\Programmes\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmes\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Bureautique\AVG antispyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [PKR Pal] "H:\jeux videos\PKR Poker\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [e839571c] rundll32.exe "C:\windows\system32\mecjlltv.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA348] command /c del "C:\WINDOWS\system32\pmkjh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6113] cmd /c del "C:\WINDOWS\system32\pmkjh.dll_old"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Bureautique\daemon tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Steam] H:\jeux videos\Counter Strike condition zero\stream\Steam.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Bureautique\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB9970] command /c del "C:\WINDOWS\system32\pmkjh.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3833] cmd /c del "C:\WINDOWS\system32\pmkjh.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programmes\Imprimante HP PSC1500\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmes\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Bureautique\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\BUREAU~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Bureautique\Spybot\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Bureautique\Spybot\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: vturs - C:\windows\
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O20 - Winlogon Notify: xxyvttt - C:\windows\SYSTEM32\xxyvttt.dll
O20 - Winlogon Notify: ydumpjai - C:\windows\SYSTEM32\ydumpjai.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Bureautique\Ad aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Bureautique\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\windows\system32\windows (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 3 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
du vundo

Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4

=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt

ensuite
Télécharge VirtumundoBeGone sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> double-clic sur VirtumundoBeGone.exe
=> Suis les instructions à l'écran
=> Quand le scan est terminé, enregistre le rapport.
=> Copie/Colle le ici

ensuite Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

@+
0
Réponse 4 / 28
Zoidberg
 
voici le rapport vundofix

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 18:32:15 11/12/2007

Listing files found while scanning....

C:\windows\system32\abkjndmr.dll
C:\windows\system32\aorpuygb.dll
C:\windows\system32\aqxwptbj.dll
C:\windows\system32\bgyuproa.ini
C:\windows\system32\borypfxs.dll
C:\windows\system32\cerhoged.ini
C:\windows\system32\cffalmtn.dll
C:\windows\system32\degohrec.dll
C:\windows\system32\dvmwlofn.dll
C:\windows\system32\dvoidvpy.dll
C:\windows\system32\edfkatyw.ini
C:\windows\system32\euvlrcqq.ini
C:\windows\system32\fbvidswy.dll
C:\windows\system32\fqgfavkl.dll
C:\windows\system32\hblymviy.ini
C:\windows\system32\hrfkjyni.ini
C:\windows\system32\ilnmp.bak1
C:\windows\system32\ilnmp.bak2
C:\windows\system32\ilnmp.ini
C:\windows\system32\ilnmp.ini2
C:\windows\system32\ilnmp.tmp
C:\windows\system32\inyjkfrh.dll
C:\windows\system32\jbtpwxqa.ini
C:\windows\system32\jwwqtwcm.ini
C:\windows\system32\kenavwwv.dll
C:\windows\system32\kkvvmcmx.dll
C:\windows\system32\kmlgoioq.dll
C:\windows\system32\knwhhlho.ini
C:\windows\system32\kowbpseg.dll
C:\windows\system32\kpkeuyrp.ini
C:\windows\system32\kqodngry.dll
C:\windows\system32\krrtqjty.ini
C:\windows\system32\kukvbeul.ini
C:\windows\system32\ltnrldox.dll
C:\windows\system32\luebvkuk.dll
C:\windows\system32\lwypolrp.ini
C:\windows\system32\mcwtqwwj.dll
C:\windows\system32\myynnjqn.ini
C:\windows\system32\nfolwmvd.ini
C:\windows\system32\nfxvlsuq.dll
C:\windows\system32\nqjnnyym.dll
C:\windows\system32\ntmlaffc.ini
C:\windows\system32\ohlhhwnk.dll
C:\WINDOWS\system32\pmnli.dll
C:\windows\system32\pmpwwsos.dll
C:\windows\system32\prlopywl.dll
C:\windows\system32\pryuekpk.dll
C:\windows\system32\qnsapmjv.dll
C:\windows\system32\qoioglmk.ini
C:\windows\system32\qqcrlvue.dll
C:\windows\system32\quslvxfn.ini
C:\windows\system32\rcngfsxs.dll
C:\windows\system32\rmdnjkba.ini
C:\windows\system32\soswwpmp.ini
C:\windows\system32\sxfpyrob.ini
C:\windows\system32\sxsfgncr.ini
C:\windows\system32\ukblofkt.dll
C:\WINDOWS\system32\ukmbqcrl.dll
C:\windows\system32\vagfcvvy.ini
C:\windows\system32\vjmpasnq.ini
C:\windows\system32\vwwvanek.ini
C:\windows\system32\wchvekny.dll
C:\windows\system32\wufkjwhy.ini
C:\windows\system32\wytakfde.dll
C:\windows\system32\xmcmvvkk.ini
C:\windows\system32\xodlrntl.ini
C:\windows\system32\xxywwuu.dll
C:\windows\system32\yhwjkfuw.dll
C:\windows\system32\yivmylbh.dll
C:\windows\system32\ynkevhcw.ini
C:\windows\system32\ypvdiovd.ini
C:\windows\system32\yrgndoqk.ini
C:\windows\system32\ytjqtrrk.dll
C:\windows\system32\yvvcfgav.dll
C:\windows\system32\ywsdivbf.ini

Beginning removal...

Attempting to delete C:\windows\system32\abkjndmr.dll
C:\windows\system32\abkjndmr.dll Has been deleted!

Attempting to delete C:\windows\system32\aorpuygb.dll
C:\windows\system32\aorpuygb.dll Has been deleted!

Attempting to delete C:\windows\system32\aqxwptbj.dll
C:\windows\system32\aqxwptbj.dll Has been deleted!

Attempting to delete C:\windows\system32\bgyuproa.ini
C:\windows\system32\bgyuproa.ini Has been deleted!

Attempting to delete C:\windows\system32\borypfxs.dll
C:\windows\system32\borypfxs.dll Has been deleted!

Attempting to delete C:\windows\system32\cerhoged.ini
C:\windows\system32\cerhoged.ini Has been deleted!

Attempting to delete C:\windows\system32\cffalmtn.dll
C:\windows\system32\cffalmtn.dll Has been deleted!

Attempting to delete C:\windows\system32\degohrec.dll
C:\windows\system32\degohrec.dll Has been deleted!

Attempting to delete C:\windows\system32\dvmwlofn.dll
C:\windows\system32\dvmwlofn.dll Has been deleted!

Attempting to delete C:\windows\system32\dvoidvpy.dll
C:\windows\system32\dvoidvpy.dll Has been deleted!

Attempting to delete C:\windows\system32\edfkatyw.ini
C:\windows\system32\edfkatyw.ini Has been deleted!

Attempting to delete C:\windows\system32\euvlrcqq.ini
C:\windows\system32\euvlrcqq.ini Has been deleted!

Attempting to delete C:\windows\system32\fbvidswy.dll
C:\windows\system32\fbvidswy.dll Has been deleted!

Attempting to delete C:\windows\system32\fqgfavkl.dll
C:\windows\system32\fqgfavkl.dll Has been deleted!

Attempting to delete C:\windows\system32\hblymviy.ini
C:\windows\system32\hblymviy.ini Has been deleted!

Attempting to delete C:\windows\system32\hrfkjyni.ini
C:\windows\system32\hrfkjyni.ini Has been deleted!

Attempting to delete C:\windows\system32\ilnmp.bak1
C:\windows\system32\ilnmp.bak1 Has been deleted!

Attempting to delete C:\windows\system32\ilnmp.bak2
C:\windows\system32\ilnmp.bak2 Has been deleted!

Attempting to delete C:\windows\system32\ilnmp.ini
C:\windows\system32\ilnmp.ini Has been deleted!

Attempting to delete C:\windows\system32\ilnmp.ini2
C:\windows\system32\ilnmp.ini2 Has been deleted!

Attempting to delete C:\windows\system32\ilnmp.tmp
C:\windows\system32\ilnmp.tmp Has been deleted!

Attempting to delete C:\windows\system32\inyjkfrh.dll
C:\windows\system32\inyjkfrh.dll Has been deleted!

Attempting to delete C:\windows\system32\jbtpwxqa.ini
C:\windows\system32\jbtpwxqa.ini Has been deleted!

Attempting to delete C:\windows\system32\jwwqtwcm.ini
C:\windows\system32\jwwqtwcm.ini Has been deleted!

Attempting to delete C:\windows\system32\kenavwwv.dll
C:\windows\system32\kenavwwv.dll Has been deleted!

Attempting to delete C:\windows\system32\kkvvmcmx.dll
C:\windows\system32\kkvvmcmx.dll Has been deleted!

Attempting to delete C:\windows\system32\kmlgoioq.dll
C:\windows\system32\kmlgoioq.dll Has been deleted!

Attempting to delete C:\windows\system32\knwhhlho.ini
C:\windows\system32\knwhhlho.ini Has been deleted!

Attempting to delete C:\windows\system32\kowbpseg.dll
C:\windows\system32\kowbpseg.dll Has been deleted!

Attempting to delete C:\windows\system32\kpkeuyrp.ini
C:\windows\system32\kpkeuyrp.ini Has been deleted!

Attempting to delete C:\windows\system32\kqodngry.dll
C:\windows\system32\kqodngry.dll Has been deleted!

Attempting to delete C:\windows\system32\krrtqjty.ini
C:\windows\system32\krrtqjty.ini Has been deleted!

Attempting to delete C:\windows\system32\kukvbeul.ini
C:\windows\system32\kukvbeul.ini Has been deleted!

Attempting to delete C:\windows\system32\ltnrldox.dll
C:\windows\system32\ltnrldox.dll Has been deleted!

Attempting to delete C:\windows\system32\luebvkuk.dll
C:\windows\system32\luebvkuk.dll Has been deleted!

Attempting to delete C:\windows\system32\lwypolrp.ini
C:\windows\system32\lwypolrp.ini Has been deleted!

Attempting to delete C:\windows\system32\mcwtqwwj.dll
C:\windows\system32\mcwtqwwj.dll Has been deleted!

Attempting to delete C:\windows\system32\myynnjqn.ini
C:\windows\system32\myynnjqn.ini Has been deleted!

Attempting to delete C:\windows\system32\nfolwmvd.ini
C:\windows\system32\nfolwmvd.ini Has been deleted!

Attempting to delete C:\windows\system32\nfxvlsuq.dll
C:\windows\system32\nfxvlsuq.dll Has been deleted!

Attempting to delete C:\windows\system32\nqjnnyym.dll
C:\windows\system32\nqjnnyym.dll Has been deleted!

Attempting to delete C:\windows\system32\ntmlaffc.ini
C:\windows\system32\ntmlaffc.ini Has been deleted!

Attempting to delete C:\windows\system32\ohlhhwnk.dll
C:\windows\system32\ohlhhwnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnli.dll Has been deleted!

Attempting to delete C:\windows\system32\pmpwwsos.dll
C:\windows\system32\pmpwwsos.dll Has been deleted!

Attempting to delete C:\windows\system32\prlopywl.dll
C:\windows\system32\prlopywl.dll Has been deleted!

Attempting to delete C:\windows\system32\pryuekpk.dll
C:\windows\system32\pryuekpk.dll Has been deleted!

Attempting to delete C:\windows\system32\qnsapmjv.dll
C:\windows\system32\qnsapmjv.dll Has been deleted!

Attempting to delete C:\windows\system32\qoioglmk.ini
C:\windows\system32\qoioglmk.ini Has been deleted!

Attempting to delete C:\windows\system32\qqcrlvue.dll
C:\windows\system32\qqcrlvue.dll Has been deleted!

Attempting to delete C:\windows\system32\quslvxfn.ini
C:\windows\system32\quslvxfn.ini Has been deleted!

Attempting to delete C:\windows\system32\rcngfsxs.dll
C:\windows\system32\rcngfsxs.dll Has been deleted!

Attempting to delete C:\windows\system32\rmdnjkba.ini
C:\windows\system32\rmdnjkba.ini Has been deleted!

Attempting to delete C:\windows\system32\soswwpmp.ini
C:\windows\system32\soswwpmp.ini Has been deleted!

Attempting to delete C:\windows\system32\sxfpyrob.ini
C:\windows\system32\sxfpyrob.ini Has been deleted!

Attempting to delete C:\windows\system32\sxsfgncr.ini
C:\windows\system32\sxsfgncr.ini Has been deleted!

Attempting to delete C:\windows\system32\ukblofkt.dll
C:\windows\system32\ukblofkt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ukmbqcrl.dll
C:\WINDOWS\system32\ukmbqcrl.dll Has been deleted!

Attempting to delete C:\windows\system32\vagfcvvy.ini
C:\windows\system32\vagfcvvy.ini Has been deleted!

Attempting to delete C:\windows\system32\vjmpasnq.ini
C:\windows\system32\vjmpasnq.ini Has been deleted!

Attempting to delete C:\windows\system32\vwwvanek.ini
C:\windows\system32\vwwvanek.ini Has been deleted!

Attempting to delete C:\windows\system32\wchvekny.dll
C:\windows\system32\wchvekny.dll Has been deleted!

Attempting to delete C:\windows\system32\wufkjwhy.ini
C:\windows\system32\wufkjwhy.ini Has been deleted!

Attempting to delete C:\windows\system32\wytakfde.dll
C:\windows\system32\wytakfde.dll Has been deleted!

Attempting to delete C:\windows\system32\xmcmvvkk.ini
C:\windows\system32\xmcmvvkk.ini Has been deleted!

Attempting to delete C:\windows\system32\xodlrntl.ini
C:\windows\system32\xodlrntl.ini Has been deleted!

Attempting to delete C:\windows\system32\xxywwuu.dll
C:\windows\system32\xxywwuu.dll Could not be deleted.

Attempting to delete C:\windows\system32\yhwjkfuw.dll
C:\windows\system32\yhwjkfuw.dll Has been deleted!

Attempting to delete C:\windows\system32\yivmylbh.dll
C:\windows\system32\yivmylbh.dll Has been deleted!

Attempting to delete C:\windows\system32\ynkevhcw.ini
C:\windows\system32\ynkevhcw.ini Has been deleted!

Attempting to delete C:\windows\system32\ypvdiovd.ini
C:\windows\system32\ypvdiovd.ini Has been deleted!

Attempting to delete C:\windows\system32\yrgndoqk.ini
C:\windows\system32\yrgndoqk.ini Has been deleted!

Attempting to delete C:\windows\system32\ytjqtrrk.dll
C:\windows\system32\ytjqtrrk.dll Has been deleted!

Attempting to delete C:\windows\system32\yvvcfgav.dll
C:\windows\system32\yvvcfgav.dll Has been deleted!

Attempting to delete C:\windows\system32\ywsdivbf.ini
C:\windows\system32\ywsdivbf.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\xxywwuu.dll
C:\windows\system32\xxywwuu.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 19:16:24 11/12/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 07:02:25 13/12/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 13:35:18 19/12/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 16:04:38 30/12/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 06:16:23 07/01/2008

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 03:54:49 09/01/2008

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 19:22:39 25/01/2008

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 18:43:36 16/02/2008

Listing files found while scanning....

C:\windows\system32\aiggckaj.dll
C:\windows\system32\amdhmtaj.dll
C:\windows\system32\armwgamd.dll
C:\windows\system32\aroojhkg.dll
C:\windows\system32\axpqcshi.dll
C:\windows\system32\biekhrbw.dll
C:\windows\system32\birtfied.dll
C:\windows\system32\btloqjfn.dll
C:\windows\system32\btlycykv.dll
C:\windows\system32\bupbusar.dll
C:\windows\system32\cbmstcys.exe
C:\windows\system32\ckerpjqr.dll
C:\windows\system32\cntbwtva.dll
C:\windows\system32\coldhdva.exe
C:\windows\system32\culunpyj.exe
C:\windows\system32\cwglrcls.dll
C:\windows\system32\dcohfsse.dll
C:\windows\system32\dlhpjmyr.dll
C:\windows\system32\doijpuwa.exe
C:\windows\system32\drogrfei.exe
C:\windows\system32\drvdowr.dll
C:\windows\system32\drvfomr.dll
C:\windows\system32\drvgugr.dll
C:\windows\system32\drvmazr.dll
C:\windows\system32\dvtuamch.dll
C:\windows\system32\dwknvwhf.dll
C:\windows\system32\dwljupyj.exe
C:\windows\system32\ecuuivpr.dll
C:\windows\system32\eowjxhaw.dll
C:\windows\system32\eslioqqc.exe
C:\windows\system32\essfhocd.ini
C:\windows\system32\fibuigfi.dll
C:\windows\system32\fjvxakoc.dll
C:\windows\system32\fntncjsp.dll
C:\windows\system32\ftitmchm.exe
C:\windows\system32\funvyxep.dll
C:\windows\system32\fygxjrgv.dll
C:\windows\system32\gcpjhdjp.dll
C:\windows\system32\gkhjoora.ini
C:\windows\system32\grbxvpki.exe
C:\windows\system32\gwllprjl.dll
C:\windows\system32\gwwnwtal.dll
C:\windows\system32\hdelwuab.dll
C:\windows\system32\hhppiqej.ini
C:\windows\system32\himbnyqv.dll
C:\windows\system32\hqxjalpq.dll
C:\windows\system32\icvmdjws.dll
C:\windows\system32\ihqulmnn.dll
C:\windows\system32\ihscqpxa.ini
C:\windows\system32\ihvasesb.exe
C:\windows\system32\jatmhdma.ini
C:\windows\system32\jebrxyow.exe
C:\windows\system32\jeqipphh.dll
C:\windows\system32\jjnegcfi.dll
C:\windows\system32\jnxrpbnu.exe
C:\windows\system32\jokfuwla.dll
C:\windows\system32\jryxcfkc.dll
C:\windows\system32\jvrmysxl.dll
C:\windows\system32\kbkwlfqn.dll
C:\windows\system32\keudgogm.dll
C:\windows\system32\kgesewyn.dll
C:\windows\system32\kmjyaulp.exe
C:\windows\system32\kqavtvbn.dll
C:\windows\system32\kyijypyw.dll
C:\windows\system32\latwnwwg.ini
C:\windows\system32\lbblgpri.dll
C:\windows\system32\lecveqvk.dll
C:\windows\system32\lkabmhkq.exe
C:\windows\system32\lvikxucr.dll
C:\windows\system32\maugedmu.exe
C:\windows\system32\mcygsucs.dll
C:\windows\system32\mecjlltv.dll
C:\windows\system32\mfvycwmq.dll
C:\windows\system32\mhqvkiht.exe
C:\windows\system32\mkyuvjev.dll
C:\windows\system32\mnrrwxwv.exe
C:\windows\system32\nasqchfh.exe
C:\windows\system32\nonknfnp.dll
C:\windows\system32\nqeleacm.dll
C:\windows\system32\nsuaqvne.dll
C:\windows\system32\ojsikyct.exe
C:\windows\system32\olepcwiv.dll
C:\windows\system32\omiojyou.dll
C:\windows\system32\owrwtxxm.dll
C:\windows\system32\pfhbbkie.dll
C:\windows\system32\phhwmmqd.exe
C:\windows\system32\phtwoilv.dll
C:\windows\system32\pjorujuo.dll
C:\windows\system32\pxsetqhm.dll
C:\windows\system32\pyqeieph.dll
C:\windows\system32\qfxoytvi.exe
C:\windows\system32\qibpwkkt.exe
C:\windows\system32\qplajxqh.ini
C:\windows\system32\qvldfefd.dll
C:\windows\system32\rasubpub.ini
C:\windows\system32\rfdgtsvh.dll
C:\windows\system32\rjhehnck.dll
C:\windows\system32\rllvpjcj.dll
C:\windows\system32\rnomrgjf.dll
C:\windows\system32\rqjprekc.ini
C:\windows\system32\rymjphld.ini
C:\windows\system32\shiqxqqe.dll
C:\windows\system32\sinrrhna.exe
C:\windows\system32\slcrlgwc.ini
C:\windows\system32\slspatvk.dll
C:\windows\system32\slxrbtck.dll
C:\windows\system32\smaixeru.dll
C:\windows\system32\spceifbj.dll
C:\windows\system32\srhgpvpa.exe
C:\windows\system32\ssnevybe.dll
C:\windows\system32\tefrsnxm.dll
C:\windows\system32\tegedcqk.dll
C:\windows\system32\tengfoyx.dll
C:\windows\system32\tnikdlnv.dll
C:\windows\system32\tpaivnnr.dll
C:\windows\system32\twyocuja.dll
C:\windows\system32\txqobkrk.dll
C:\windows\system32\txypwlpq.dll
C:\windows\system32\tymjilfn.dll
C:\windows\system32\uhcmxjiv.dll
C:\windows\system32\urgducqi.dll
C:\windows\system32\uriukeff.dll
C:\windows\system32\urklgjfw.dll
C:\windows\system32\urleslwf.dll
C:\windows\system32\uwqyircv.exe
C:\windows\system32\vgrjxgyf.ini
C:\windows\system32\vlgcvluh.exe
C:\windows\system32\vlgwukkf.exe
C:\windows\system32\vpnemjuq.dll
C:\windows\system32\vvpktwyy.dll
C:\windows\system32\wahxjwoe.ini
C:\windows\system32\wbeiulsn.dll
C:\windows\system32\wbhsxosq.dll
C:\windows\system32\wbrhkeib.ini
C:\windows\system32\wnuqjded.dll
C:\windows\system32\wpkfrxyf.dll
C:\windows\system32\wpuafqkd.dll
C:\windows\system32\wqsiaicu.exe
C:\windows\system32\wunuomlu.dll
C:\windows\system32\wuwidwdg.dll
C:\windows\system32\xboaxbiq.dll
C:\windows\system32\xegmlvvj.exe
C:\windows\system32\xjyuiddk.dll
C:\windows\system32\xnkwrkvh.dll
C:\windows\system32\xnuaignm.dll
C:\windows\system32\xxyvttt.dll
C:\windows\system32\ydumpjai.dll
C:\windows\system32\ydumpjai.dllbox
C:\windows\system32\yqhavngc.dll

Beginning removal...

Attempting to delete C:\windows\system32\aiggckaj.dll
C:\windows\system32\aiggckaj.dll Has been deleted!

Attempting to delete C:\windows\system32\amdhmtaj.dll
C:\windows\system32\amdhmtaj.dll Has been deleted!

Attempting to delete C:\windows\system32\armwgamd.dll
C:\windows\system32\armwgamd.dll Has been deleted!

Attempting to delete C:\windows\system32\aroojhkg.dll
C:\windows\system32\aroojhkg.dll Has been deleted!

Attempting to delete C:\windows\system32\axpqcshi.dll
C:\windows\system32\axpqcshi.dll Has been deleted!

Attempting to delete C:\windows\system32\biekhrbw.dll
C:\windows\system32\biekhrbw.dll Has been deleted!

Attempting to delete C:\windows\system32\birtfied.dll
C:\windows\system32\birtfied.dll Has been deleted!

Attempting to delete C:\windows\system32\btloqjfn.dll
C:\windows\system32\btloqjfn.dll Has been deleted!

Attempting to delete C:\windows\system32\btlycykv.dll
C:\windows\system32\btlycykv.dll Has been deleted!

Attempting to delete C:\windows\system32\bupbusar.dll
C:\windows\system32\bupbusar.dll Has been deleted!

Attempting to delete C:\windows\system32\cbmstcys.exe
C:\windows\system32\cbmstcys.exe Has been deleted!

Attempting to delete C:\windows\system32\ckerpjqr.dll
C:\windows\system32\ckerpjqr.dll Has been deleted!

Attempting to delete C:\windows\system32\cntbwtva.dll
C:\windows\system32\cntbwtva.dll Has been deleted!

Attempting to delete C:\windows\system32\coldhdva.exe
C:\windows\system32\coldhdva.exe Has been deleted!

Attempting to delete C:\windows\system32\culunpyj.exe
C:\windows\system32\culunpyj.exe Has been deleted!

Attempting to delete C:\windows\system32\cwglrcls.dll
C:\windows\system32\cwglrcls.dll Has been deleted!

Attempting to delete C:\windows\system32\dcohfsse.dll
C:\windows\system32\dcohfsse.dll Has been deleted!

Attempting to delete C:\windows\system32\dlhpjmyr.dll
C:\windows\system32\dlhpjmyr.dll Has been deleted!

Attempting to delete C:\windows\system32\doijpuwa.exe
C:\windows\system32\doijpuwa.exe Has been deleted!

Attempting to delete C:\windows\system32\drogrfei.exe
C:\windows\system32\drogrfei.exe Has been deleted!

Attempting to delete C:\windows\system32\drvdowr.dll
C:\windows\system32\drvdowr.dll Has been deleted!

Attempting to delete C:\windows\system32\drvfomr.dll
C:\windows\system32\drvfomr.dll Has been deleted!

Attempting to delete C:\windows\system32\drvgugr.dll
C:\windows\system32\drvgugr.dll Has been deleted!

Attempting to delete C:\windows\system32\drvmazr.dll
C:\windows\system32\drvmazr.dll Has been deleted!

Attempting to delete C:\windows\system32\dvtuamch.dll
C:\windows\system32\dvtuamch.dll Has been deleted!

Attempting to delete C:\windows\system32\dwknvwhf.dll
C:\windows\system32\dwknvwhf.dll Has been deleted!

Attempting to delete C:\windows\system32\dwljupyj.exe
C:\windows\system32\dwljupyj.exe Has been deleted!

Attempting to delete C:\windows\system32\ecuuivpr.dll
C:\windows\system32\ecuuivpr.dll Has been deleted!

Attempting to delete C:\windows\system32\eowjxhaw.dll
C:\windows\system32\eowjxhaw.dll Has been deleted!

Attempting to delete C:\windows\system32\eslioqqc.exe
C:\windows\system32\eslioqqc.exe Has been deleted!

Attempting to delete C:\windows\system32\essfhocd.ini
C:\windows\system32\essfhocd.ini Has been deleted!

Attempting to delete C:\windows\system32\fibuigfi.dll
C:\windows\system32\fibuigfi.dll Has been deleted!

Attempting to delete C:\windows\system32\fjvxakoc.dll
C:\windows\system32\fjvxakoc.dll Has been deleted!

Attempting to delete C:\windows\system32\fntncjsp.dll
C:\windows\system32\fntncjsp.dll Has been deleted!

Attempting to delete C:\windows\system32\ftitmchm.exe
C:\windows\system32\ftitmchm.exe Has been deleted!

Attempting to delete C:\windows\system32\funvyxep.dll
C:\windows\system32\funvyxep.dll Has been deleted!

Attempting to delete C:\windows\system32\fygxjrgv.dll
C:\windows\system32\fygxjrgv.dll Has been deleted!

Attempting to delete C:\windows\system32\gcpjhdjp.dll
C:\windows\system32\gcpjhdjp.dll Has been deleted!

Attempting to delete C:\windows\system32\gkhjoora.ini
C:\windows\system32\gkhjoora.ini Has been deleted!

Attempting to delete C:\windows\system32\grbxvpki.exe
C:\windows\system32\grbxvpki.exe Has been deleted!

Attempting to delete C:\windows\system32\gwllprjl.dll
C:\windows\system32\gwllprjl.dll Has been deleted!

Attempting to delete C:\windows\system32\gwwnwtal.dll
C:\windows\system32\gwwnwtal.dll Has been deleted!

Attempting to delete C:\windows\system32\hdelwuab.dll
C:\windows\system32\hdelwuab.dll Has been deleted!

Attempting to delete C:\windows\system32\hhppiqej.ini
C:\windows\system32\hhppiqej.ini Has been deleted!

Attempting to delete C:\windows\system32\himbnyqv.dll
C:\windows\system32\himbnyqv.dll Has been deleted!

Attempting to delete C:\windows\system32\hqxjalpq.dll
C:\windows\system32\hqxjalpq.dll Has been deleted!

Attempting to delete C:\windows\system32\icvmdjws.dll
C:\windows\system32\icvmdjws.dll Has been deleted!

Attempting to delete C:\windows\system32\ihqulmnn.dll
C:\windows\system32\ihqulmnn.dll Has been deleted!

Attempting to delete C:\windows\system32\ihscqpxa.ini
C:\windows\system32\ihscqpxa.ini Has been deleted!

Attempting to delete C:\windows\system32\ihvasesb.exe
C:\windows\system32\ihvasesb.exe Has been deleted!

Attempting to delete C:\windows\system32\jatmhdma.ini
C:\windows\system32\jatmhdma.ini Has been deleted!

Attempting to delete C:\windows\system32\jebrxyow.exe
C:\windows\system32\jebrxyow.exe Has been deleted!

Attempting to delete C:\windows\system32\jeqipphh.dll
C:\windows\system32\jeqipphh.dll Has been deleted!

Attempting to delete C:\windows\system32\jjnegcfi.dll
C:\windows\system32\jjnegcfi.dll Has been deleted!

Attempting to delete C:\windows\system32\jnxrpbnu.exe
C:\windows\system32\jnxrpbnu.exe Has been deleted!

Attempting to delete C:\windows\system32\jokfuwla.dll
C:\windows\system32\jokfuwla.dll Has been deleted!

Attempting to delete C:\windows\system32\jryxcfkc.dll
C:\windows\system32\jryxcfkc.dll Has been deleted!

Attempting to delete C:\windows\system32\jvrmysxl.dll
C:\windows\system32\jvrmysxl.dll Has been deleted!

Attempting to delete C:\windows\system32\kbkwlfqn.dll
C:\windows\system32\kbkwlfqn.dll Has been deleted!

Attempting to delete C:\windows\system32\keudgogm.dll
C:\windows\system32\keudgogm.dll Has been deleted!

Attempting to delete C:\windows\system32\kgesewyn.dll
C:\windows\system32\kgesewyn.dll Has been deleted!

Attempting to delete C:\windows\system32\kmjyaulp.exe
C:\windows\system32\kmjyaulp.exe Has been deleted!

Attempting to delete C:\windows\system32\kqavtvbn.dll
C:\windows\system32\kqavtvbn.dll Has been deleted!

Attempting to delete C:\windows\system32\kyijypyw.dll
C:\windows\system32\kyijypyw.dll Has been deleted!

Attempting to delete C:\windows\system32\latwnwwg.ini
C:\windows\system32\latwnwwg.ini Has been deleted!

Attempting to delete C:\windows\system32\lbblgpri.dll
C:\windows\system32\lbblgpri.dll Has been deleted!

Attempting to delete C:\windows\system32\lecveqvk.dll
C:\windows\system32\lecveqvk.dll Has been deleted!

Attempting to delete C:\windows\system32\lkabmhkq.exe
C:\windows\system32\lkabmhkq.exe Has been deleted!

Attempting to delete C:\windows\system32\lvikxucr.dll
C:\windows\system32\lvikxucr.dll Has been deleted!

Attempting to delete C:\windows\system32\maugedmu.exe
C:\windows\system32\maugedmu.exe Has been deleted!

Attempting to delete C:\windows\system32\mcygsucs.dll
C:\windows\system32\mcygsucs.dll Has been deleted!

Attempting to delete C:\windows\system32\mecjlltv.dll
C:\windows\system32\mecjlltv.dll Could not be deleted.

Attempting to delete C:\windows\system32\mfvycwmq.dll
C:\windows\system32\mfvycwmq.dll Has been deleted!

Attempting to delete C:\windows\system32\mhqvkiht.exe
C:\windows\system32\mhqvkiht.exe Has been deleted!

Attempting to delete C:\windows\system32\mkyuvjev.dll
C:\windows\system32\mkyuvjev.dll Has been deleted!

Attempting to delete C:\windows\system32\mnrrwxwv.exe
C:\windows\system32\mnrrwxwv.exe Has been deleted!

Attempting to delete C:\windows\system32\nasqchfh.exe
C:\windows\system32\nasqchfh.exe Has been deleted!

Attempting to delete C:\windows\system32\nonknfnp.dll
C:\windows\system32\nonknfnp.dll Has been deleted!

Attempting to delete C:\windows\system32\nqeleacm.dll
C:\windows\system32\nqeleacm.dll Has been deleted!

Attempting to delete C:\windows\system32\nsuaqvne.dll
C:\windows\system32\nsuaqvne.dll Has been deleted!

Attempting to delete C:\windows\system32\ojsikyct.exe
C:\windows\system32\ojsikyct.exe Has been deleted!

Attempting to delete C:\windows\system32\olepcwiv.dll
C:\windows\system32\olepcwiv.dll Has been deleted!

Attempting to delete C:\windows\system32\omiojyou.dll
C:\windows\system32\omiojyou.dll Has been deleted!

Attempting to delete C:\windows\system32\owrwtxxm.dll
C:\windows\system32\owrwtxxm.dll Has been deleted!

Attempting to delete C:\windows\system32\pfhbbkie.dll
C:\windows\system32\pfhbbkie.dll Has been deleted!

Attempting to delete C:\windows\system32\phhwmmqd.exe
C:\windows\system32\phhwmmqd.exe Has been deleted!

Attempting to delete C:\windows\system32\phtwoilv.dll
C:\windows\system32\phtwoilv.dll Has been deleted!

Attempting to delete C:\windows\system32\pjorujuo.dll
C:\windows\system32\pjorujuo.dll Has been deleted!

Attempting to delete C:\windows\system32\pxsetqhm.dll
C:\windows\system32\pxsetqhm.dll Has been deleted!

Attempting to delete C:\windows\system32\pyqeieph.dll
C:\windows\system32\pyqeieph.dll Has been deleted!

Attempting to delete C:\windows\system32\qfxoytvi.exe
C:\windows\system32\qfxoytvi.exe Has been deleted!

Attempting to delete C:\windows\system32\qibpwkkt.exe
C:\windows\system32\qibpwkkt.exe Has been deleted!

Attempting to delete C:\windows\system32\qplajxqh.ini
C:\windows\system32\qplajxqh.ini Has been deleted!

Attempting to delete C:\windows\system32\qvldfefd.dll
C:\windows\system32\qvldfefd.dll Has been deleted!

Attempting to delete C:\windows\system32\rasubpub.ini
C:\windows\system32\rasubpub.ini Has been deleted!

Attempting to delete C:\windows\system32\rfdgtsvh.dll
C:\windows\system32\rfdgtsvh.dll Has been deleted!

Attempting to delete C:\windows\system32\rjhehnck.dll
C:\windows\system32\rjhehnck.dll Has been deleted!

Attempting to delete C:\windows\system32\rllvpjcj.dll
C:\windows\system32\rllvpjcj.dll Has been deleted!

Attempting to delete C:\windows\system32\rnomrgjf.dll
C:\windows\system32\rnomrgjf.dll Has been deleted!

Attempting to delete C:\windows\system32\rqjprekc.ini
C:\windows\system32\rqjprekc.ini Has been deleted!

Attempting to delete C:\windows\system32\rymjphld.ini
C:\windows\system32\rymjphld.ini Has been deleted!

Attempting to delete C:\windows\system32\shiqxqqe.dll
C:\windows\system32\shiqxqqe.dll Has been deleted!

Attempting to delete C:\windows\system32\sinrrhna.exe
C:\windows\system32\sinrrhna.exe Has been deleted!

Attempting to delete C:\windows\system32\slcrlgwc.ini
C:\windows\system32\slcrlgwc.ini Has been deleted!

Attempting to delete C:\windows\system32\slspatvk.dll
C:\windows\system32\slspatvk.dll Has been deleted!

Attempting to delete C:\windows\system32\slxrbtck.dll
C:\windows\system32\slxrbtck.dll Has been deleted!

Attempting to delete C:\windows\system32\smaixeru.dll
C:\windows\system32\smaixeru.dll Has been deleted!

Attempting to delete C:\windows\system32\spceifbj.dll
C:\windows\system32\spceifbj.dll Has been deleted!

Attempting to delete C:\windows\system32\srhgpvpa.exe
C:\windows\system32\srhgpvpa.exe Has been deleted!

Attempting to delete C:\windows\system32\ssnevybe.dll
C:\windows\system32\ssnevybe.dll Has been deleted!

Attempting to delete C:\windows\system32\tefrsnxm.dll
C:\windows\system32\tefrsnxm.dll Has been deleted!

Attempting to delete C:\windows\system32\tegedcqk.dll
C:\windows\system32\tegedcqk.dll Has been deleted!

Attempting to delete C:\windows\system32\tengfoyx.dll
C:\windows\system32\tengfoyx.dll Has been deleted!

Attempting to delete C:\windows\system32\tnikdlnv.dll
C:\windows\system32\tnikdlnv.dll Has been deleted!

Attempting to delete C:\windows\system32\tpaivnnr.dll
C:\windows\system32\tpaivnnr.dll Has been deleted!

Attempting to delete C:\windows\system32\twyocuja.dll
C:\windows\system32\twyocuja.dll Has been deleted!

Attempting to delete C:\windows\system32\txqobkrk.dll
C:\windows\system32\txqobkrk.dll Has been deleted!

Attempting to delete C:\windows\system32\txypwlpq.dll
C:\windows\system32\txypwlpq.dll Has been deleted!

Attempting to delete C:\windows\system32\tymjilfn.dll
C:\windows\system32\tymjilfn.dll Has been deleted!

Attempting to delete C:\windows\system32\uhcmxjiv.dll
C:\windows\system32\uhcmxjiv.dll Has been deleted!

Attempting to delete C:\windows\system32\urgducqi.dll
C:\windows\system32\urgducqi.dll Has been deleted!

Attempting to delete C:\windows\system32\uriukeff.dll
C:\windows\system32\uriukeff.dll Has been deleted!

Attempting to delete C:\windows\system32\urklgjfw.dll
C:\windows\system32\urklgjfw.dll Has been deleted!

Attempting to delete C:\windows\system32\urleslwf.dll
C:\windows\system32\urleslwf.dll Has been deleted!

Attempting to delete C:\windows\system32\uwqyircv.exe
C:\windows\system32\uwqyircv.exe Has been deleted!

Attempting to delete C:\windows\system32\vgrjxgyf.ini
C:\windows\system32\vgrjxgyf.ini Has been deleted!

Attempting to delete C:\windows\system32\vlgcvluh.exe
C:\windows\system32\vlgcvluh.exe Has been deleted!

Attempting to delete C:\windows\system32\vlgwukkf.exe
C:\windows\system32\vlgwukkf.exe Has been deleted!

Attempting to delete C:\windows\system32\vpnemjuq.dll
C:\windows\system32\vpnemjuq.dll Has been deleted!

Attempting to delete C:\windows\system32\vvpktwyy.dll
C:\windows\system32\vvpktwyy.dll Has been deleted!

Attempting to delete C:\windows\system32\wahxjwoe.ini
C:\windows\system32\wahxjwoe.ini Has been deleted!

Attempting to delete C:\windows\system32\wbeiulsn.dll
C:\windows\system32\wbeiulsn.dll Has been deleted!

Attempting to delete C:\windows\system32\wbhsxosq.dll
C:\windows\system32\wbhsxosq.dll Has been deleted!

Attempting to delete C:\windows\system32\wbrhkeib.ini
C:\windows\system32\wbrhkeib.ini Has been deleted!

Attempting to delete C:\windows\system32\wnuqjded.dll
C:\windows\system32\wnuqjded.dll Has been deleted!

Attempting to delete C:\windows\system32\wpkfrxyf.dll
C:\windows\system32\wpkfrxyf.dll Has been deleted!

Attempting to delete C:\windows\system32\wpuafqkd.dll
C:\windows\system32\wpuafqkd.dll Has been deleted!

Attempting to delete C:\windows\system32\wqsiaicu.exe
C:\windows\system32\wqsiaicu.exe Has been deleted!

Attempting to delete C:\windows\system32\wunuomlu.dll
C:\windows\system32\wunuomlu.dll Has been deleted!

Attempting to delete C:\windows\system32\wuwidwdg.dll
C:\windows\system32\wuwidwdg.dll Has been deleted!

Attempting to delete C:\windows\system32\xboaxbiq.dll
C:\windows\system32\xboaxbiq.dll Has been deleted!

Attempting to delete C:\windows\system32\xegmlvvj.exe
C:\windows\system32\xegmlvvj.exe Has been deleted!

Attempting to delete C:\windows\system32\xjyuiddk.dll
C:\windows\system32\xjyuiddk.dll Has been deleted!

Attempting to delete C:\windows\system32\xnkwrkvh.dll
C:\windows\system32\xnkwrkvh.dll Has been deleted!

Attempting to delete C:\windows\system32\xnuaignm.dll
C:\windows\system32\xnuaignm.dll Has been deleted!

Attempting to delete C:\windows\system32\xxyvttt.dll
C:\windows\system32\xxyvttt.dll Has been deleted!

Attempting to delete C:\windows\system32\ydumpjai.dll
C:\windows\system32\ydumpjai.dll Has been deleted!

Attempting to delete C:\windows\system32\ydumpjai.dllbox
C:\windows\system32\ydumpjai.dllbox Has been deleted!

Attempting to delete C:\windows\system32\yqhavngc.dll
C:\windows\system32\yqhavngc.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\mecjlltv.dll
C:\windows\system32\mecjlltv.dll Has been deleted!

Performing Repairs to the registry.
Done!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
Zoidberg
 
voici le rapport virtumondebegone

[02/16/2008, 19:17:10] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Maxence\Bureau\VirtumundoBeGone.exe" )
[02/16/2008, 19:17:17] - Detected System Information:
[02/16/2008, 19:17:17] - Windows Version: 5.1.2600, Service Pack 2
[02/16/2008, 19:17:17] - Current Username: Maxence (Admin)
[02/16/2008, 19:17:17] - Windows is in NORMAL mode.
[02/16/2008, 19:17:17] - Searching for Browser Helper Objects:
[02/16/2008, 19:17:17] - BHO 1: {3B0692CD-14B7-4D2C-90B5-11385C22EB04} ()
[02/16/2008, 19:17:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/16/2008, 19:17:17] - Checking for HKLM\...\Winlogon\Notify\pmkjh
[02/16/2008, 19:17:17] - Key not found: HKLM\...\Winlogon\Notify\pmkjh, continuing.
[02/16/2008, 19:17:17] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/16/2008, 19:17:17] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/16/2008, 19:17:17] - BHO 4: {76F262CF-0308-0FB4-F7A3-043266F3A47C} ()
[02/16/2008, 19:17:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/16/2008, 19:17:17] - No filename found. Continuing.
[02/16/2008, 19:17:17] - BHO 5: {7A5565EF-A594-46E4-AF56-FE71AEAFD7D5} ()
[02/16/2008, 19:17:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/16/2008, 19:17:17] - Checking for HKLM\...\Winlogon\Notify\xxyvttt
[02/16/2008, 19:17:17] - Key not found: HKLM\...\Winlogon\Notify\xxyvttt, continuing.
[02/16/2008, 19:17:17] - BHO 6: {7abc5ccb-ef43-4796-b69a-c2257035f4c0} ()
[02/16/2008, 19:17:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/16/2008, 19:17:17] - Checking for HKLM\...\Winlogon\Notify\wpkfrxyf
[02/16/2008, 19:17:17] - Key not found: HKLM\...\Winlogon\Notify\wpkfrxyf, continuing.
[02/16/2008, 19:17:17] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/16/2008, 19:17:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/16/2008, 19:17:17] - No filename found. Continuing.
[02/16/2008, 19:17:17] - BHO 8: {975E73FC-CE62-4928-9DBE-C5C8080EE94F} ()
[02/16/2008, 19:17:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/16/2008, 19:17:17] - No filename found. Continuing.
[02/16/2008, 19:17:17] - BHO 9: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[02/16/2008, 19:17:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/16/2008, 19:17:17] - No filename found. Continuing.
[02/16/2008, 19:17:17] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/16/2008, 19:17:17] - BHO 11: {AF6D94CF-0006-40AB-B3DA-F006D09B1CE9} ()
[02/16/2008, 19:17:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/16/2008, 19:17:17] - No filename found. Continuing.
[02/16/2008, 19:17:17] - BHO 12: {FFCFA460-55B0-4634-8907-4AED1593C246} ()
[02/16/2008, 19:17:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/16/2008, 19:17:17] - No filename found. Continuing.
[02/16/2008, 19:17:17] - Finished Searching Browser Helper Objects
[02/16/2008, 19:17:17] - Finishing up...
[02/16/2008, 19:17:17] - Nothing found! Exiting...
0
Réponse 6 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
très bien, une belle liste en moins ;-)

maintenant le rapport de combofix
@+
0
Réponse 7 / 28
Zoidberg
 
rapport de combofix

ComboFix 08-02-15.1 - Maxence 2008-02-16 19:20:57.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.549 [GMT 1:00]
Endroit: C:\Documents and Settings\Maxence\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\Maxence\ravmonlog
C:\Program Files\Fichiers communs\companion wizard
C:\Program Files\Fichiers communs\companion wizard\CompWiz.xml
C:\windows\cookies.ini
C:\windows\pack.epk
C:\windows\PerfInfo
C:\windows\PerfInfo\dNk0IK9xEwuc.exe
C:\windows\PerfInfo\dNk0IK9xEwud.exe
C:\windows\ppqvmpqr
C:\windows\ppqvmpqr\1.png
C:\windows\ppqvmpqr\2.png
C:\windows\ppqvmpqr\3.png
C:\windows\ppqvmpqr\4.png
C:\windows\ppqvmpqr\5.png
C:\windows\ppqvmpqr\6.png
C:\windows\ppqvmpqr\bottom-rc.gif
C:\windows\ppqvmpqr\content.png
C:\windows\ppqvmpqr\download.gif
C:\windows\ppqvmpqr\frame-bottom-left.gif
C:\windows\ppqvmpqr\frame-h1bg.gif
C:\windows\ppqvmpqr\head.png
C:\windows\ppqvmpqr\indexuc.html
C:\windows\ppqvmpqr\indexud.html
C:\windows\ppqvmpqr\main.css
C:\windows\ppqvmpqr\net.png
C:\windows\ppqvmpqr\pc-mag.gif
C:\windows\ppqvmpqr\pc.gif
C:\windows\ppqvmpqr\poloska1.png
C:\windows\ppqvmpqr\poloska2.png
C:\windows\ppqvmpqr\poloska3.png
C:\windows\ppqvmpqr\promouc1.html
C:\windows\ppqvmpqr\promouc2.html
C:\windows\ppqvmpqr\promouc3.html
C:\windows\ppqvmpqr\promouc4.html
C:\windows\ppqvmpqr\promouc5.html
C:\windows\ppqvmpqr\promoud1.html
C:\windows\ppqvmpqr\promoud2.html
C:\windows\ppqvmpqr\promoud3.html
C:\windows\ppqvmpqr\promoud4.html
C:\windows\ppqvmpqr\promoud5.html
C:\windows\ppqvmpqr\reg.png
C:\windows\ppqvmpqr\repair.png
C:\windows\ppqvmpqr\scr-1.png
C:\windows\ppqvmpqr\scr-2.png
C:\windows\ppqvmpqr\styles.css
C:\windows\ppqvmpqr\top-rc.gif
C:\windows\ppqvmpqr\vline.gif
C:\windows\system32\aegvsnkl.ini
C:\windows\system32\bdrmbfxmhc.dat
C:\windows\system32\bdrmbfxmhc_nav.dat
C:\windows\system32\bdrmbfxmhc_navps.dat
C:\windows\system32\bhsxvd.dat
C:\windows\system32\bhsxvd_nav.dat
C:\windows\system32\bhsxvd_navps.dat
C:\windows\system32\cpthdcon.dll
C:\windows\system32\ctcvgmnw.dll
C:\windows\system32\cxxwckuq.ini
C:\windows\system32\ebdgmpha.ini
C:\windows\system32\ebyvenss.ini
C:\windows\system32\efnsjjrs.ini
C:\windows\system32\eikbbhfp.ini
C:\windows\system32\envqausn.ini
C:\windows\system32\eqqxqihs.ini
C:\windows\system32\evsrfjse.ini
C:\windows\system32\fjekempy.ini
C:\windows\system32\gdwdiwuw.ini
C:\windows\system32\givsekkt.dll
C:\windows\system32\grrsqupw.dll
C:\windows\system32\hhdadilq.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.bak2
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\windows\system32\hpeieqyp.ini
C:\windows\system32\imdcpidn.ini
C:\windows\system32\jbfiecps.ini
C:\windows\system32\jllpbnfp.ini
C:\windows\system32\jrucegki.ini
C:\windows\system32\kcnhehjr.ini
C:\windows\system32\kqcdeget.ini
C:\windows\system32\krkboqxt.ini
C:\windows\system32\krquoyre.dll
C:\windows\system32\legbtcas.dll
C:\windows\system32\lgakpfvu.ini
C:\windows\system32\lslveiwi.ini
C:\windows\system32\lxjjvjxj.ini
C:\windows\system32\lxsymrvj.ini
C:\windows\system32\mcrh.tmp
C:\windows\system32\mxnsrfet.ini
C:\windows\system32\myryectm.ini
C:\windows\system32\nbvtvaqk.ini
C:\windows\system32\ndaTqsVqrX.dll
C:\windows\system32\nflijmyt.ini
C:\windows\system32\nqflwkbk.ini
C:\windows\system32\pccthnxi.ini
C:\windows\system32\pfyfjrdl.ini
C:\windows\system32\pjjrooot.dll
C:\windows\system32\pnfnknon.ini
C:\windows\system32\prdiwkon.ini
C:\windows\system32\pxmqflms.ini
C:\windows\system32\qujmenpv.ini
C:\windows\system32\qvdguefi.ini
C:\windows\system32\rxbjmfuh.dll
C:\windows\system32\scchk32.exe.bak
C:\windows\system32\swwmbyyh.ini
C:\windows\system32\ulmounuw.ini
C:\windows\system32\vejvuykm.ini
C:\windows\system32\vjpbpnao.ini
C:\windows\system32\vkjpkgan.ini
C:\windows\system32\vtlljcem.ini
C:\windows\system32\wfjglkru.ini
C:\windows\system32\wjobethm.ini
C:\windows\system32\wuftqtbr.ini
C:\windows\system32\wvfqudud.dll
C:\windows\system32\wypyjiyk.ini
C:\windows\system32\xcikgekb.ini
C:\windows\system32\xnvpdtrq.ini
C:\windows\system32\xyofgnet.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-16 to 2008-02-16 ))))))))))))))))))))))))))))))))))))
.

2008-02-14 14:57 . 2008-02-14 14:56 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-14 14:57 . 2008-02-14 14:57 3,454 --a------ C:\WINDOWS\unins000.dat
2008-02-09 12:39 . 2008-02-09 12:39 <REP> d-------- C:\Program Files\Paint.NET

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 18:29 --------- d-----w C:\Program Files\Wanadoo
2008-02-16 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 19:55 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys
2008-02-10 19:55 103,736 ----a-w C:\windows\system32\PnkBstrB.exe
2008-02-10 01:29 --------- d-----w C:\Documents and Settings\Maxence\Application Data\LimeWire
2008-01-26 19:21 66,872 ----a-w C:\windows\system32\PnkBstrA.exe
2008-01-19 18:16 --------- d-----w C:\Program Files\Java
2008-01-12 13:17 22,328 ----a-w C:\Documents and Settings\Maxence\Application Data\PnkBstrK.sys
2008-01-05 22:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 22:09 --------- d-----w C:\Program Files\Activision
2007-12-30 20:20 3,570 ----a-w C:\windows\system32\tmp.reg
2007-12-30 14:24 --------- d-----w C:\Program Files\Spyware Terminator
2007-12-30 14:24 --------- d-----w C:\Documents and Settings\Maxence\Application Data\Spyware Terminator
2007-12-30 14:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-12-30 13:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 13:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-30 13:29 135,936 ----a-w C:\windows\system32\drivers\sp_rsdrv2.sys
2007-12-30 13:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Spyware Terminator
2007-12-27 12:43 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-27 02:00 --------- d-----w C:\Documents and Settings\Maxence\Application Data\Grisoft
2007-12-27 02:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-25 02:47 --------- d-----w C:\Documents and Settings\Maxence\Application Data\Media Player Classic
2007-12-25 02:47 --------- d-----w C:\Documents and Settings\Maxence\Application Data\DivX
2007-12-20 22:11 81,920 ----a-w C:\windows\system32\IEDFix.exe
2007-12-18 09:51 179,584 ----a-w C:\windows\system32\drivers\mrxdav.sys
2007-12-16 16:20 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-12-09 12:05 2,162,688 ----a-w C:\Documents and Settings\Maxence\Application Data\sa3125_02_fus_eng.exe
2007-12-07 02:08 824,832 ----a-w C:\windows\system32\wininet.dll
2007-12-05 04:56 499,712 ----a-w C:\windows\system32\msvcp71.dll
2007-12-05 04:56 348,160 ----a-w C:\windows\system32\msvcr71.dll
2007-12-04 18:41 550,912 ------w C:\windows\system32\oleaut32.dll
2007-11-22 23:41 139,264 ----a-w C:\windows\system32\hpzjrd01.dll
2007-11-13 09:05 1,038,715 --sh--w C:\windows\system32\slahdgwr.ini2
2007-08-05 17:00 6,638 -csh--w C:\windows\system32\srutv.bak1
2007-08-06 00:19 6,877 -csh--w C:\windows\system32\srutv.bak2
2007-08-06 10:52 6,542 -csh--w C:\windows\system32\srutv.ini2
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B0692CD-14B7-4D2C-90B5-11385C22EB04}]
C:\windows\system32\pmkjh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A5565EF-A594-46E4-AF56-FE71AEAFD7D5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7abc5ccb-ef43-4796-b69a-c2257035f4c0}]
C:\windows\system32\wpkfrxyf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{975E73FC-CE62-4928-9DBE-C5C8080EE94F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF6D94CF-0006-40AB-B3DA-F006D09B1CE9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFCFA460-55B0-4634-8907-4AED1593C246}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]
"DAEMON Tools"="D:\Bureautique\daemon tools\daemon.exe" [2007-08-16 12:24 167368]
"Steam"="H:\jeux videos\Counter Strike condition zero\stream\Steam.exe" [2007-12-16 09:43 1266936]
"SpybotSD TeaTimer"="D:\Bureautique\Spybot\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 17:22 266240]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 11:06 532480]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-16 10:09 7110656]
"nwiz"="nwiz.exe" [2005-07-16 10:09 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-16 10:09 86016]
"HP Software Update"="D:\Programmes\Imprimante HP PSC1500\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"Home Theater SchSvr"="C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2004-04-22 03:23 155648]
"WINCINEMAMGR"="D:\Programmes\InterVideo\Common\Bin\WinCinemaMgr.exe" [2004-04-30 03:52 200704]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="D:\Programmes\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"!AVG Anti-Spyware"="D:\Bureautique\AVG antispyware\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-12-30 14:28 2940928]
"PKR Pal"="H:\jeux videos\PKR Poker\pkrpal.exe" [2008-02-09 23:54 2269800]
"e839571c"="C:\windows\system32\mecjlltv.dll" [ ]
"CTDrive"="C:\WINDOWS\system32\drvwop.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturs]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
winrzf32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvttt]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ydumpjai]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office Outlook 2003.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Maxence^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdrmbfxmhc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bhsxvd]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uhkxefqh.exe]

R1 fwdrv;Firewall Driver;C:\windows\system32\drivers\fwdrv.sys [2007-03-16 09:56]
R1 khips;Kerio HIPS Driver;C:\windows\system32\drivers\khips.sys [2007-03-16 09:56]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2007-12-30 14:29]
S3 MSControlService;Microsoft cache control;C:\windows\system32\windows []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 19:29:13
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Bureautique\Ad aware\aawservice.exe
D:\Bureautique\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Programmes\Imprimante HP PSC1500\Digital Imaging\bin\hpqtra08.exe
D:\Bureautique\WinZip\WZQKPICK.EXE
C:\windows\system32\wscntfy.exe
D:\Programmes\Imprimante HP PSC1500\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-16 19:31:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 18:31:38
.
2008-01-09 02:02:25 --- E O F ---
0
Réponse 8 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
J'analyse ce rapport et je te donne réponse plus tard

il y a eu du beau ménage de fait ;-)

à toute
0
Réponse 9 / 28
Zoidberg
 
ok merci encore a+
bon courage
0
Réponse 10 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
selectionne ceci

registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B0692CD-14B7-4D2C-90B5-11385C22EB04}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A5565EF-A594-46E4-AF56-FE71AEAFD7D5}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7abc5ccb-ef43-4796-b69a-c2257035f4c0}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975E73FC-CE62-4928-9DBE-C5C8080EE94F}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF6D94CF-0006-40AB-B3DA-F006D09B1CE9}]

-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCFA460-55B0-4634-8907-4AED1593C246}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDrive"=-
"e839571c"=-
"PKR Pal"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturs]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvttt]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ydumpjai]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdrmbfxmhc]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bhsxvd]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uhkxefqh.exe]



* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

pour vérif
Télécharge sur le bureau : [url=http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe]navilog.exe/url

= installe le
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1 ( = taper 1 )
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

le rapport se trouve dans c: fixnavi.txt

tu postes ce rapport.

---------------------
Télecharge http://www.malekal.com/download/clean.zip sur le bureau
Dézippe sur le bureau.
= ouvrir le dossier clean
= clique sur le symbole roue dentée avec le nom clean
= choisir l'option 1 et laisser clean travailler jusqu'à l'apparition du texte "appuyer sur une touche pour continuer"
= ensuite colle le rapport

@+
0
Réponse 11 / 28
Zoidberg
 
nouveau rapport combofix

ComboFix 08-02-15.1 - Maxence 2008-02-16 21:31:30.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.517 [GMT 1:00]
Endroit: C:\Documents and Settings\Maxence\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maxence\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-16 to 2008-02-16 ))))))))))))))))))))))))))))))))))))
.

2008-02-14 14:57 . 2008-02-14 14:56 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-14 14:57 . 2008-02-14 14:57 3,454 --a------ C:\WINDOWS\unins000.dat
2008-02-09 12:39 . 2008-02-09 12:39 <REP> d-------- C:\Program Files\Paint.NET

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 18:29 --------- d-----w C:\Program Files\Wanadoo
2008-02-16 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 19:55 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys
2008-02-10 19:55 103,736 ----a-w C:\windows\system32\PnkBstrB.exe
2008-02-10 01:29 --------- d-----w C:\Documents and Settings\Maxence\Application Data\LimeWire
2008-01-26 19:21 66,872 ----a-w C:\windows\system32\PnkBstrA.exe
2008-01-19 18:16 --------- d-----w C:\Program Files\Java
2008-01-12 13:17 22,328 ----a-w C:\Documents and Settings\Maxence\Application Data\PnkBstrK.sys
2008-01-05 22:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 22:09 --------- d-----w C:\Program Files\Activision
2007-12-30 20:20 3,570 ----a-w C:\windows\system32\tmp.reg
2007-12-30 14:24 --------- d-----w C:\Program Files\Spyware Terminator
2007-12-30 14:24 --------- d-----w C:\Documents and Settings\Maxence\Application Data\Spyware Terminator
2007-12-30 14:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-12-30 13:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 13:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-30 13:29 135,936 ----a-w C:\windows\system32\drivers\sp_rsdrv2.sys
2007-12-30 13:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Spyware Terminator
2007-12-27 12:43 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-27 02:00 --------- d-----w C:\Documents and Settings\Maxence\Application Data\Grisoft
2007-12-27 02:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-25 02:47 --------- d-----w C:\Documents and Settings\Maxence\Application Data\Media Player Classic
2007-12-25 02:47 --------- d-----w C:\Documents and Settings\Maxence\Application Data\DivX
2007-12-20 22:11 81,920 ----a-w C:\windows\system32\IEDFix.exe
2007-12-18 09:51 179,584 ----a-w C:\windows\system32\drivers\mrxdav.sys
2007-12-16 16:20 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-12-09 12:05 2,162,688 ----a-w C:\Documents and Settings\Maxence\Application Data\sa3125_02_fus_eng.exe
2007-12-07 02:08 824,832 ----a-w C:\windows\system32\wininet.dll
2007-12-05 04:56 499,712 ----a-w C:\windows\system32\msvcp71.dll
2007-12-05 04:56 348,160 ----a-w C:\windows\system32\msvcr71.dll
2007-12-04 18:41 550,912 ------w C:\windows\system32\oleaut32.dll
2007-11-22 23:41 139,264 ----a-w C:\windows\system32\hpzjrd01.dll
2007-11-13 09:05 1,038,715 --sh--w C:\windows\system32\slahdgwr.ini2
2007-08-05 17:00 6,638 -csh--w C:\windows\system32\srutv.bak1
2007-08-06 00:19 6,877 -csh--w C:\windows\system32\srutv.bak2
2007-08-06 10:52 6,542 -csh--w C:\windows\system32\srutv.ini2
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]
"DAEMON Tools"="D:\Bureautique\daemon tools\daemon.exe" [2007-08-16 12:24 167368]
"Steam"="H:\jeux videos\Counter Strike condition zero\stream\Steam.exe" [2007-12-16 09:43 1266936]
"SpybotSD TeaTimer"="D:\Bureautique\Spybot\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 17:22 266240]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 11:06 532480]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-16 10:09 7110656]
"nwiz"="nwiz.exe" [2005-07-16 10:09 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-16 10:09 86016]
"HP Software Update"="D:\Programmes\Imprimante HP PSC1500\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"Home Theater SchSvr"="C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2004-04-22 03:23 155648]
"WINCINEMAMGR"="D:\Programmes\InterVideo\Common\Bin\WinCinemaMgr.exe" [2004-04-30 03:52 200704]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="D:\Programmes\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"!AVG Anti-Spyware"="D:\Bureautique\AVG antispyware\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-12-30 14:28 2940928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - D:\Programmes\Imprimante HP PSC1500\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]
InterVideo WinCinema Manager.lnk - D:\Programmes\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-04-19 14:28:17 200704]
WinZip Quick Pick.lnk - D:\Bureautique\WinZip\WZQKPICK.EXE [2007-04-23 15:50:59 122880]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office Outlook 2003.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Maxence^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]

R1 fwdrv;Firewall Driver;C:\windows\system32\drivers\fwdrv.sys [2007-03-16 09:56]
R1 khips;Kerio HIPS Driver;C:\windows\system32\drivers\khips.sys [2007-03-16 09:56]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2007-12-30 14:29]
S3 MSControlService;Microsoft cache control;C:\windows\system32\windows []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 21:35:26
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-16 21:37:07
ComboFix-quarantined-files.txt 2008-02-16 20:37:00
ComboFix2.txt 2008-02-16 18:31:48
.
2008-01-09 02:02:25 --- E O F ---
0
Réponse 12 / 28
Zoidberg
 
voici fixnavi

Search Navipromo version 3.4.5 commencé le 16/02/2008 à 21:40:39,59

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.02.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\windows ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\Maxence\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Maxence\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Maxence\MENUDM~1\PROGRA~1" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\windows\system32 *

* Recherche dans "C:\Documents and Settings\Maxence\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\windows\system32 :

asevaypy.exe trouvé !
bmqgkwtq.exe trouvé !
btvhkkay.exe trouvé !
ceqxbrmm.exe trouvé !
cqxxeshj.exe trouvé !
edsuvthh.exe trouvé !
ewnbjwog.exe trouvé !
fhvgfplh.exe trouvé !
jogclsmm.exe trouvé !
pknskoku.exe trouvé !
sjmsyamn.exe trouvé !
vukrfyqc.exe trouvé !
xuqillrp.exe trouvé !

* Dans "C:\Documents and Settings\Maxence\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :

C:\windows\system32\slahdgwr.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\windows\system32\srutv.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\windows\system32\srutv.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\windows\system32\srutv.bak2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 16/02/2008 à 21:44:50,87 ***
0
Réponse 13 / 28
Zoidberg
 
voila le dernier malekal

16/02/2008 a 21:48:10,34

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\windows\

*** Recherche des fichiers dans C:\windows\system32
C:\windows\system32\grwinsthlp.exe FOUND

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
0
Réponse 14 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
pour navilog tu le relance et tu choisit l'option 2
et poste le rapport

ensuite on refais la manip avec combofix

selectionne ceci

File::

C:\windows\system32\slahdgwr.ini2
C:\windows\system32\srutv.bak1
C:\windows\system32\srutv.bak2
C:\windows\system32\srutv.ini2


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

pour clean tu le trouveras dans c:

@+
0
Réponse 15 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
désolé je n'avais pas vu clean

tu redémarre en mode sans échec et tu le relance et tu choisis l'option 2
et poste le rapport
@+
0
Réponse 16 / 28
Zoidberg
 
voila navilog option 2

Clean Navipromo version 3.4.5 commencé le 16/02/2008 à 22:03:59,25

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.02.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\windows\System32 *

* Suppression dans "C:\Documents and Settings\Maxence\locals~1\applic~1" *

*** Suppression dossiers dans C:\windows ***

*** Suppression dossiers dans C:\Program Files ***

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Suppression dossiers dans "C:\Documents and Settings\Maxence\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Maxence\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Maxence\MENUDM~1\PROGRA~1" ***

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\windows\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Maxence\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans C:\windows\system32 *

asevaypy.exe trouvé !
Copie asevaypy.exe réalisée avec succès !
asevaypy.exe supprimé !

bmqgkwtq.exe trouvé !
Copie bmqgkwtq.exe réalisée avec succès !
bmqgkwtq.exe supprimé !

btvhkkay.exe trouvé !
Copie btvhkkay.exe réalisée avec succès !
btvhkkay.exe supprimé !

ceqxbrmm.exe trouvé !
Copie ceqxbrmm.exe réalisée avec succès !
ceqxbrmm.exe supprimé !

cqxxeshj.exe trouvé !
Copie cqxxeshj.exe réalisée avec succès !
cqxxeshj.exe supprimé !

edsuvthh.exe trouvé !
Copie edsuvthh.exe réalisée avec succès !
edsuvthh.exe supprimé !

ewnbjwog.exe trouvé !
Copie ewnbjwog.exe réalisée avec succès !
ewnbjwog.exe supprimé !

fhvgfplh.exe trouvé !
Copie fhvgfplh.exe réalisée avec succès !
fhvgfplh.exe supprimé !

jogclsmm.exe trouvé !
Copie jogclsmm.exe réalisée avec succès !
jogclsmm.exe supprimé !

pknskoku.exe trouvé !
Copie pknskoku.exe réalisée avec succès !
pknskoku.exe supprimé !

sjmsyamn.exe trouvé !
Copie sjmsyamn.exe réalisée avec succès !
sjmsyamn.exe supprimé !

vukrfyqc.exe trouvé !
Copie vukrfyqc.exe réalisée avec succès !
vukrfyqc.exe supprimé !

xuqillrp.exe trouvé !
Copie xuqillrp.exe réalisée avec succès !
xuqillrp.exe supprimé !

* Dans "C:\Documents and Settings\Maxence\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup absent !

*** Nettoyage terminé le 16/02/2008 à 22:06:55,28 ***
0
Réponse 17 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
parfai maintenant il faut clean et combo
;-)
0
Réponse 18 / 28
Zoidberg
 
Nouveau combofix

ComboFix 08-02-15.1 - Maxence 2008-02-16 22:40:09.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.558 [GMT 1:00]
Endroit: C:\Documents and Settings\Maxence\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maxence\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE
C:\windows\system32\slahdgwr.ini2
C:\windows\system32\srutv.bak1
C:\windows\system32\srutv.bak2
C:\windows\system32\srutv.ini2
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\system32\slahdgwr.ini2
C:\windows\system32\srutv.bak1
C:\windows\system32\srutv.bak2
C:\windows\system32\srutv.ini2

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-16 to 2008-02-16 ))))))))))))))))))))))))))))))))))))
.

2008-02-16 21:49 . 2008-02-16 21:49 <REP> d-------- C:\upload_moi_PC-MAXENCE
2008-02-16 21:48 . 2008-02-16 21:48 29,090,333 --a------ C:\upload_moi_PC-MAXENCE.tar.gz
2008-02-14 14:57 . 2008-02-14 14:56 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-14 14:57 . 2008-02-14 14:57 3,454 --a------ C:\WINDOWS\unins000.dat
2008-02-09 12:39 . 2008-02-09 12:39 <REP> d-------- C:\Program Files\Paint.NET

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 21:37 --------- d-----w C:\Program Files\Wanadoo
2008-02-16 21:06 --------- d-----w C:\Program Files\Navilog1
2008-02-16 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 19:55 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys
2008-02-10 19:55 103,736 ----a-w C:\windows\system32\PnkBstrB.exe
2008-02-10 01:29 --------- d-----w C:\Documents and Settings\Maxence\Application Data\LimeWire
2008-01-26 19:21 66,872 ----a-w C:\windows\system32\PnkBstrA.exe
2008-01-19 18:16 --------- d-----w C:\Program Files\Java
2008-01-12 13:17 22,328 ----a-w C:\Documents and Settings\Maxence\Application Data\PnkBstrK.sys
2008-01-05 22:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 22:09 --------- d-----w C:\Program Files\Activision
2007-12-30 20:20 3,570 ----a-w C:\windows\system32\tmp.reg
2007-12-30 14:24 --------- d-----w C:\Program Files\Spyware Terminator
2007-12-30 14:24 --------- d-----w C:\Documents and Settings\Maxence\Application Data\Spyware Terminator
2007-12-30 14:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-12-30 13:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 13:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-30 13:29 135,936 ----a-w C:\windows\system32\drivers\sp_rsdrv2.sys
2007-12-30 13:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Spyware Terminator
2007-12-27 12:43 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-27 02:00 --------- d-----w C:\Documents and Settings\Maxence\Application Data\Grisoft
2007-12-27 02:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-25 02:47 --------- d-----w C:\Documents and Settings\Maxence\Application Data\Media Player Classic
2007-12-25 02:47 --------- d-----w C:\Documents and Settings\Maxence\Application Data\DivX
2007-12-20 22:11 81,920 ----a-w C:\windows\system32\IEDFix.exe
2007-12-18 09:51 179,584 ----a-w C:\windows\system32\drivers\mrxdav.sys
2007-12-16 16:20 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-12-09 12:05 2,162,688 ----a-w C:\Documents and Settings\Maxence\Application Data\sa3125_02_fus_eng.exe
2007-12-07 02:08 824,832 ----a-w C:\windows\system32\wininet.dll
2007-12-05 04:56 499,712 ----a-w C:\windows\system32\msvcp71.dll
2007-12-05 04:56 348,160 ----a-w C:\windows\system32\msvcr71.dll
2007-12-04 18:41 550,912 ------w C:\windows\system32\oleaut32.dll
2007-11-22 23:41 139,264 ----a-w C:\windows\system32\hpzjrd01.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFCFA460-55B0-4634-8907-4AED1593C246}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]
"DAEMON Tools"="D:\Bureautique\daemon tools\daemon.exe" [2007-08-16 12:24 167368]
"Steam"="H:\jeux videos\Counter Strike condition zero\stream\Steam.exe" [2007-12-16 09:43 1266936]
"SpybotSD TeaTimer"="D:\Bureautique\Spybot\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 17:22 266240]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 11:06 532480]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-16 10:09 7110656]
"nwiz"="nwiz.exe" [2005-07-16 10:09 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-16 10:09 86016]
"HP Software Update"="D:\Programmes\Imprimante HP PSC1500\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"Home Theater SchSvr"="C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2004-04-22 03:23 155648]
"WINCINEMAMGR"="D:\Programmes\InterVideo\Common\Bin\WinCinemaMgr.exe" [2004-04-30 03:52 200704]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="D:\Programmes\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"!AVG Anti-Spyware"="D:\Bureautique\AVG antispyware\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-12-30 14:28 2940928]
"PKR Pal"="H:\jeux videos\PKR Poker\pkrpal.exe" [2008-02-09 23:54 2269800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - D:\Programmes\Imprimante HP PSC1500\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]
InterVideo WinCinema Manager.lnk - D:\Programmes\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-04-19 14:28:17 200704]
WinZip Quick Pick.lnk - D:\Bureautique\WinZip\WZQKPICK.EXE [2007-04-23 15:50:59 122880]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office Outlook 2003.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Maxence^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]

R1 fwdrv;Firewall Driver;C:\windows\system32\drivers\fwdrv.sys [2007-03-16 09:56]
R1 khips;Kerio HIPS Driver;C:\windows\system32\drivers\khips.sys [2007-03-16 09:56]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2007-12-30 14:29]
S3 MSControlService;Microsoft cache control;C:\windows\system32\windows []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 22:43:54
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-16 22:45:25
ComboFix-quarantined-files.txt 2008-02-16 21:45:19
ComboFix2.txt 2008-02-16 20:37:09
ComboFix3.txt 2008-02-16 18:31:48
.
2008-01-09 02:02:25 --- E O F ---
0
Réponse 19 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
maintenant clean
@+
0
Réponse 20 / 28
Zoidberg
 
enfin clean ;)

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 16/02/2008 a 23:05:18,59

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\windows\

*** Suppression des fichiers dans C:\windows\system32

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
0