Sujet Précédent Sujet Suivant

TROJAN VUNDOO MALWARE INFECTE!!HELP ME

Fermé
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 - 9 mars 2008 à 00:47
 Utilisateur anonyme - 15 mars 2008 à 20:20
Bonjour,je sui infecté par un trojan nomméé vundoo ainsi que par malware car j'ai avast en version pro , je vous poste mon rapport de prevxs csi , en vous remerciant d'avance!
A voir également:

52 réponses

Réponse 1 / 52
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 61
9 mars 2008 à 01:00
qql qu'un pour m'aider svp!!!


Prevx CSI Log - Version v1.6.104.128

Some non-malicious files are not included in this log.
C:\WINDOWS\System32\smss.exe InMem: 1 Det [G] MD5: B4C08D31E8C2EA9D76F892052A6FCAEB PX5: EAEF384300B86E2BC60900AD18ED0300A724F492
C:\WINDOWS\system32\ntdll.dll InMem: 1 Det [G] MD5: 1C53D12F23CCFB2924DBC890A1573872 PX5: 98EF83350066C70130B20B444BEBEA0060C0C133
C:\WINDOWS\system32\csrss.exe InMem: 1 Det [G] MD5: 78C1F1278CF2C9B476504C572CB98E5E PX5: 8825E4BB003E58EC18B200665DD0AE001981B6B0
C:\WINDOWS\system32\CSRSRV.dll InMem: 1 Det [G] MD5: 03572DF95AC442708A297DD7E5CDE291 PX5: 11A99F05003AA34D8069002798FE1300C04FDDC9
C:\WINDOWS\system32\basesrv.dll InMem: 1 Det [G] MD5: 403A8FE211BDCA64D3B4D82280E32E90 PX5: 9B749DED0097D155CE6D007C0DFCD2006BC3E46B
C:\WINDOWS\system32\winsrv.dll InMem: 1 Det [G] MD5: 14D7EDE54FAD3D6F62A259716D14CA11 PX5: 58FC4F8F00FF13C87AA504364EB05E0050B00C62
C:\WINDOWS\system32\GDI32.dll InMem: 1 Det [G] MD5: 84A3DF3E0104FD3826984E35A5F9D544 PX5: C2D8475B007449DC4EC6046B6B6BA900962F456E
C:\WINDOWS\system32\KERNEL32.dll InMem: 1 Det [G] MD5: 6F1FE2AE7B22EB9CED1BFF533C9455EA PX5: 0AD652AA00FC1D0C0493105593CD84009312E4D5
C:\WINDOWS\system32\USER32.dll InMem: 1 Det [G] MD5: 753354F594809A9B96F73999B435A533 PX5: D423C40D007DC87CD48F089CF302B8002A851A2B
C:\WINDOWS\system32\sxs.dll InMem: 1 Det [G] MD5: B9D2D8D985A5E6953BA882044DBE427B PX5: 982A959400E83365F0D10A170A238E00D06EFE1F
C:\WINDOWS\system32\ADVAPI32.dll InMem: 1 Det [G] MD5: A6AC39B6E3FD390E6B128EDF4DEA53B6 PX5: 92B7F38700BB58A974CD0A00ECE7FD00CC4139C0
C:\WINDOWS\system32\RPCRT4.dll InMem: 1 Det [G] MD5: 3FA7D3E09E2AF3436CB0F4DFB4FEEA86 PX5: 51EB941D00186C7CE42008EFDF2CE000908BDB0D
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_np [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_ip_tcp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncadg_ip_udp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_http [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_spx [rpcrt4.dll]
C:\WINDOWS\system32\Apphelp.dll InMem: 1 Det [G] MD5: 3263B153391A76126B62E585DE1F68B6 PX5: 2EEB1EEE0097E5E8F02301B9AF906D004978C398
C:\WINDOWS\system32\VERSION.dll InMem: 1 Det [G] MD5: 8B142E6DAC3BD370637E8AF6E87C2321 PX5: 17E09890009DDCC84AAD00E153CBBA001ACEF73E
C:\WINDOWS\system32\winlogon.exe InMem: 1 Det [G] MD5: D2DE785AEAB0BB8CA4C14A8A199DBE4E PX5: D840331100E89575BACC07CFE43BE400A19C6C89
C:\WINDOWS\system32\AUTHZ.dll InMem: 1 Det [G] MD5: 43F9772D2239A4E9B862D975EDF099A4 PX5: 01C9665700B17620DEE60070609C5500BAFBCDE9
C:\WINDOWS\system32\msvcrt.dll InMem: 1 Det [G] MD5: 351B1AD22FD0EC70D889766E0B4F72ED PX5: EAD3CF360087D2AD3C120509FE506F00051FAD01
C:\WINDOWS\system32\CRYPT32.dll InMem: 1 Det [G] MD5: FD8631128E14583F135EB4B3F37EF626 PX5: 2EF23AC10075181C3A1F09B41CEF040084716BA9
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain - DllName [crypt32.dll]
C:\WINDOWS\system32\MSASN1.dll InMem: 1 Det [G] MD5: C053362D6EC0DE409882F38F7909074A PX5: 6BF1FB2B004AB5C9E09E004AC66CE80063D9E25B
C:\WINDOWS\system32\NDdeApi.dll InMem: 1 Det [G] MD5: 9BA4904F9044E8B9B134A02D9887280E PX5: 9BC2445000866FE84830000A144DE1001666E124
C:\WINDOWS\system32\PROFMAP.dll InMem: 1 Det [G] MD5: 84D362D959119B94EE5EF30E07792A2F PX5: 644E4F65006FF34D6C8300CC0CDD0800A72EED25
C:\WINDOWS\system32\NETAPI32.dll InMem: 1 Det [G] MD5: 39C6C4E5F06AB63399613FA0D368D5EF PX5: 0919F943001E8983126505DFE88C1F008A305777
C:\WINDOWS\system32\USERENV.dll InMem: 1 Det [G] MD5: 5AB234E2990FFA953F549AAD397255EF PX5: 5F5A4AC70082A56E283B0BACDA1B3B00EBB91B4A
C:\WINDOWS\system32\PSAPI.DLL InMem: 1 Det [G] MD5: 1F2B0D8D55227D9FFAA258095E452536 PX5: 8B04E87500CF53245A640096C8348300D21BF5AE
C:\WINDOWS\system32\REGAPI.dll InMem: 1 Det [G] MD5: 642E9FB5BFB9495C7B95C249AEAF67A6 PX5: 6279AD6A00FB23DDC2D3007ACE5D3200CB248344
C:\WINDOWS\system32\Secur32.dll InMem: 1 Det [G] MD5: 0AABD5D97ED1853869B6D1CA08A0638D PX5: D47AEB0E00BFF984DA8900537F517700DF131CD4
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 9 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 10 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 16 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 18 [secur32.dll]
C:\WINDOWS\system32\SETUPAPI.dll InMem: 1 Det [G] MD5: E20D5FBE1CF6DF06BD4E46176A7DEBEA PX5: 4812EB90008CCF6050400F165E3AEF00FC15A47C
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee} - StubPath [%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection Q]
C:\WINDOWS\system32\WINSTA.dll InMem: 1 Det [G] MD5: 0FA150CC34F00787E388E40E1A5B2866 PX5: C96442520050336DD2EE00A481B98E008FF2E736
C:\WINDOWS\system32\WINTRUST.dll InMem: 1 Det [G] MD5: 1F291F06DFDED78661D4508886824B91 PX5: AE875C790058C3ADB2F40253D90A6700B757348B
C:\WINDOWS\system32\IMAGEHLP.dll InMem: 1 Det [G] MD5: 158C18B3719A6CFFF06E5B0DB8F8AEC3 PX5: F6E4C09D003FB2D434EB021C11FD42006B96EA27
C:\WINDOWS\system32\WS2_32.dll InMem: 1 Det [G] MD5: BC41F51A39D3B255805FDB759B7814AE PX5: DA0B0D1F0032D74A44E80144E1B2960023E80FCB
C:\WINDOWS\system32\WS2HELP.dll InMem: 1 Det [G] MD5: CB99D66483437E06286D4401A151D4E4 PX5: 069791F000FEF2B84EC100578D5C0B00979505AA
C:\WINDOWS\system32\IMM32.DLL InMem: 1 Det [G] MD5: 39EE5FAF56260EBB8D77A08F525EBBB4 PX5: 0F59DDC3009057C9AEA501954DD19100C98EE318
C:\WINDOWS\system32\MSGINA.dll InMem: 1 Det [G] MD5: 752A4BF6A18B6A6E5CF21DB3EFAA4427 PX5: 6C9C24DB001768665CFA0F8D97297800D43F4EE0
C:\WINDOWS\system32\COMCTL32.dll InMem: 1 Det [G] MD5: 5BBCD65CFD7610F36BCA96B72BBAED4B PX5: 58711F2E0069835E6CE109A3C33D7C00D449BB7C
C:\WINDOWS\system32\ODBC32.dll InMem: 1 Det [G] MD5: ECC5A7EBEE4D2738A0064F9C2B7A1BAD PX5: EE1C007E001816FBD03503141531D0006256CCA0
C:\WINDOWS\system32\SHELL32.dll InMem: 1 Det [G] PX5: C74DB9F400A749A9F4D181C3816D1800C189ABFF
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - VmApplet [rundll32 shell32,Control_RunDLL "sysdm.cpl"]
REGSHLEXHOOK - \REGISTRY\Machine\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 - {AEB6717E-7E19-11d0-97EE-00C04FD91972} [shell32.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 - PostBootReminder [%SystemRoot%\system32\SHELL32.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 - CDBurn [%SystemRoot%\system32\SHELL32.dll]
REGTOOLBAR - \REGISTRY\Machine\Software\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\InprocServer32 - {0E5CBF21-D15F-11D0-8301-00AA005B4383} [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{24F14F01-7B1C-11d1-838f-0000F80461CF}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{24F14F02-7B1C-11d1-838f-0000F80461CF}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{A470F8CF-A1E8-4f65-8335-227475AA5C46}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InprocServer32 - [shell32.dll]
C:\WINDOWS\system32\SHLWAPI.dll InMem: 1 Det [GP] MD5: 2CD71FB2AC1E658758B9098F38CD6399 PX5: BFA5F16300FAFE313EA407689A472C005C486521
C:\WINDOWS\system32\comdlg32.dll InMem: 1 Det [G] MD5: 86A0D6CFFE3E789B98DC53075740175A PX5: 97CDF6EE00A466D14A4C04524432900097EBC48F
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll InMem: 1 Det [G] MD5: 47ABF878B9AEC81B23BA5F89DE597B3A PX5: 1E4F26FF00C0DC17163B105C770B840003FA50AB
C:\WINDOWS\system32\odbcint.dll InMem: 1 Det [G] MD5: 08AD9282A3D29B2B91B9D02F553A5387 PX5: 1CA0D73400A804C080B201FD569E1E0058E88EBE
C:\WINDOWS\system32\SHSVCS.dll InMem: 1 Det [G] MD5: D7DFBD1EFA149EC158363B974DAE0C6B PX5: ABF9CE95003663E1100802F437A7F900B2779509
C:\WINDOWS\system32\sfc.dll InMem: 1 Det [G] MD5: 94559DE281DADCB58E6A3919C7EAC0B4 PX5: 71CFE5C500BDCD3B14DD002B882F7D00B682F7D4
C:\WINDOWS\system32\sfc_os.dll InMem: 1 Det [G] MD5: E31229BFDF8882741376FE38CABE7405 PX5: A4EC9745003F6D322C270270194B94009BBCCF61
C:\WINDOWS\system32\ole32.dll InMem: 1 Det [G] MD5: 1C43C758C54C768250107F4C5D7CA054 PX5: 69DD2A690029AFBD9A6F130EFC8D44006C38CB25
C:\WINDOWS\system32\msctfime.ime InMem: 1 Det [G] MD5: 05198A1533B13583EB0255B79B1C4CDF PX5: 412FD0A40080BC10B49402002025D70015AB9688
C:\WINDOWS\system32\WINSCARD.DLL InMem: 1 Det [G] MD5: B9619E7BDFC37B11F2550B68B7D9B6A5 PX5: 9FFEB59C0073BA0E880F016BB08D05002FB552CB
C:\WINDOWS\system32\WTSAPI32.dll InMem: 1 Det [G] MD5: 6DC1C7E5A9BBE1DC2A4867B4531E0081 PX5: 48FCC46200FA9B8548AE00D4BA4CAA002355CDE4
C:\WINDOWS\system32\WINMM.dll InMem: 1 Det [G] MD5: 18496CD0ED5E9C5AD91E4C20838C6CBA PX5: 0468DD7F004B8F4EC2BC0254681B3E005D4D0B6B
C:\WINDOWS\system32\uxtheme.dll InMem: 1 Det [G] MD5: EB7BBEAA877179F0B3E98A818C5C6DE6 PX5: FACA0E4F002BE5A85A2B0392BFA5B200F292459B
C:\WINDOWS\system32\Ati2evxx.dll InMem: 1 Det [G] MD5: 98D1420DF23A0ADBDE3AA52683876D31 PX5: F1BCC16F00FDF922E0D301234C444600ADAF5348
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent - DLLName [Ati2evxx.dll]
C:\WINDOWS\system32\OLEAUT32.dll InMem: 1 Det [G] MD5: 41C2314626E8F57793E4FC968AF868DB PX5: 51A2C58C00CB9FC6684B086B25549100ECA0118F
C:\WINDOWS\system32\rsaenh.dll InMem: 1 Det [G] MD5: 26ACBD865F8CFF730F1791C4D0854352 PX5: 19B797A900BB112F5426027FDD39EC001D5760F1
C:\WINDOWS\system32\cscdll.dll InMem: 1 Det [G] MD5: FBC2CD20B107B6525DFEE9F6E41DCC8B PX5: B15AFB08002DD31292E001D7BD123C00AC64C0A3
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll - DLLName [cscdll.dll]
C:\WINDOWS\system32\WlNotify.dll InMem: 1 Det [G] MD5: 8201BB13554A855CABD88BBF14B2166B PX5: 8DE992E50052042070FB012611BFF200851B96F3
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp - DLLName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn - DLLName [WlNotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon - DLLName [wlnotify.dll]
C:\WINDOWS\system32\WINSPOOL.DRV InMem: 1 Det [G] MD5: 50A03AF114D7DD2ECB9F6B0EC496D2F8 PX5: A665A106004B68B13E4F02C9AADC3A002094FBC8
C:\WINDOWS\system32\MPR.dll InMem: 1 Det [G] MD5: D893CE05FB33BED8DB76C74E56B7429D PX5: C230EE63000C7A0DEA110007664BEB00CE500A3B
C:\WINDOWS\system32\WgaLogon.dll InMem: 1 Det [G] MD5: 36C8352203898ECA8D59FAF14412A628 PX5: 89BDBABD808784849D2F0353EC0346002952711E
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon - DllName [WgaLogon.dll]
C:\WINDOWS\system32\NTMARTA.DLL InMem: 1 Det [G] MD5: 1AE173BA65483021FA753D47FA26A22B PX5: D07981D9004C97E4D4F3013411873900FCBA62C0
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider - ProviderPath [%SystemRoot%\system32\ntmarta.dll]
C:\WINDOWS\system32\WLDAP32.dll InMem: 1 Det [G] MD5: AD0B32E9DAA06BB07455D81C30187E9A PX5: 0E8C5ECE00B6B84FA2110223B29CBF008BD68E22
C:\WINDOWS\system32\SAMLIB.dll InMem: 1 Det [G] MD5: 9A41A0450A29C02884E3685E63856828 PX5: BD33A092008131C4FABE007AC3B7FF0079F14C99
C:\WINDOWS\system32\CLBCATQ.DLL InMem: 1 Det [G] MD5: 5FD55989B37C42AEC77EB7C8D3F6D9DD PX5: D2C36A3000C8D9279CBF075CE09B1C00C1F21F68
C:\WINDOWS\system32\COMRes.dll InMem: 1 Det [G] MD5: 19428638D8F4440F67519BD03A623BBB PX5: CC1A4F5A008C9800009A0D7CE8FD7800C981109B
C:\WINDOWS\system32\msv1_0.dll InMem: 1 Det [G] MD5: 8EB7867CEB8710EBCFCEDB427D411003 PX5: C04CE46100F27A20FA0D01B81C65BB008B2F3331
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Authentication Packages [msv1_0]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\iphlpapi.dll InMem: 1 Det [G] MD5: 57C4B15B51FFFB3BE758000063B3F3FB PX5: 352A2D92003D702B76C401809C694B0052E43AAD
C:\WINDOWS\system32\cscui.dll InMem: 1 Det [G] MD5: C32B3E7E7E20FADCA461BDBA096E5066 PX5: 6FB49A990050F48728E605D3AA82080029DD1CA3
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} - DllName [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InprocServer32 - {750fdf0e-2a26-11d1-a3ea-080036587f03} [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{10CFC467-4392-11d2-8DB4-00C04FA31A66}\InprocServer32 - {10CFC467-4392-11d2-8DB4-00C04FA31A66} [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}\InprocServer32 - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} [%SystemRoot%\System32\cscui.dll]
C:\WINDOWS\system32\ssqqoll.dll InMem: 1 Det [B] MD5: 7246DAFE856F7CB3060D6800FB77ED4B PX5: B11F1BC300F37BE8922A005A9F2AEE001E9A3D2D Malware Group: BHO.DFY
REGSHLEXHOOK - \REGISTRY\Machine\Software\Classes\CLSID\{D85530E8-D39D-49D0-9F36-300D594556D2}\InprocServer32 - {D85530E8-D39D-49D0-9F36-300D594556D2} [C:\WINDOWS\system32\ssqqoll.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqqoll - DllName [ssqqoll.dll]
C:\WINDOWS\system32\urlmon.dll InMem: 1 Det [G] MD5: ABF87EDB5B641CA54F6CB98162A440D2 PX5: 4B135F06004397F7B22711E067068F0086B87C3E
C:\WINDOWS\system32\iertutil.dll InMem: 1 Det [G] MD5: 8D444399859747CB54DC831C5DB82A15 PX5: 753D5B9A00904F421670042BE5B6F10006CECAC5
C:\WINDOWS\system32\WININET.dll InMem: 1 Det [G] MD5: 4FC90BECE54FAC81B0090B94E27BFB6B PX5: D74D4F9200A4F3A296E90C432D3CBE0042C20A70
C:\WINDOWS\system32\Normaliz.dll InMem: 1 Det [G] MD5: 10753A3ADC3E39A3B10CC3F08E98E6B4 PX5: E3FC1A7000BA1C775C420052AC60C600F74EBAFC
C:\WINDOWS\system32\xpsp2res.dll InMem: 1 Det [G] MD5: C7B016E62FD073AA4C7C188E59070124 PX5: 0EDDF24500B75AA9928D2D611871040035A391A8
C:\WINDOWS\system32\wdmaud.drv InMem: 1 Det [G] MD5: 0EAFF73F4053432D79507CF97FBA9EA0 PX5: EE39EDDD009C0CD15C4C006E1D14F50094B0BD53
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave3 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer3 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave4 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer4 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave5 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi3 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer5 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux3 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave6 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi4 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer6 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux4 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave3 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave4 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave5 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave6 [wdmaud.drv]
C:\WINDOWS\system32\msacm32.drv InMem: 1 Det [G] MD5: 675C6CF2EBA4EB1C9ED86DBB73383C10 PX5: 5F15240F00A67735521000B3A695C100C0EEBDC9
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - wavemapper [msacm32.drv]
C:\WINDOWS\system32\MSACM32.dll InMem: 1 Det [G] MD5: 3F45AFABFA6DCCFAB93C7D6E937BE3CD PX5: 128030AA00D4DB3A1A3401A597817D0058EFF42F
C:\WINDOWS\system32\midimap.dll InMem: 1 Det [G] MD5: 5A9D6D36574FD4BBA06973B772DD7C7D PX5: 595565F8002D88084A0000F598A5100016408133
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - midimapper [midimap.dll]
C:\WINDOWS\system32\wbem\wbemcomn.dll InMem: 1 Det [G] MD5: 371DC68D91FCF8673C315AF15941D9B7 PX5: BFCB67950031C9DF464103314787120047EA58BC
C:\WINDOWS\system32\wbem\wbemsvc.dll InMem: 1 Det [G] MD5: 682142B5F0E59E46F18888870E77F72E PX5: 2B413F550098A86DAABF007A127B43006B7BD6A9
C:\WINDOWS\system32\wbem\fastprox.dll InMem: 1 Det [G] MD5: DCD7A7873CD8BDBB3DAB7B581BC9B605 PX5: 7EC9DA0800DD57C934E907E866742C000A7CA0D1
C:\WINDOWS\system32\MSVCP60.dll InMem: 1 Det [G] MD5: 41E2AB0519A87D373401E97051AE5177 PX5: E17AB7C300FBEE8B50D8066ABE390600D4B369D1
C:\WINDOWS\system32\NTDSAPI.dll InMem: 1 Det [G] MD5: 4DA6784B77601130DFFD408E8BB8256A PX5: 4A14226C007AF8DC061E01E4E30B8D0049B954E6
C:\WINDOWS\system32\DNSAPI.dll InMem: 1 Det [G] MD5: 96056CBA450DDCD49B7BA16927098812 PX5: 74EB5FA400FF7CA3449802554645AF00DA9A6FF0
C:\WINDOWS\system32\services.exe InMem: 1 Det [G] MD5: 732E0B1ABAACE15D80EC19056B0A2AF9 PX5: 8D31E9D20083E585A8B8011373392400B8A6FCBB
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Eventlog - ImagePath [C:\WINDOWS\system32\services.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PlugPlay - ImagePath [C:\WINDOWS\system32\services.exe]
C:\WINDOWS\system32\SCESRV.dll InMem: 1 Det [G] MD5: 39EF341AED4D40EFDA746DFC1F58C210 PX5: 72B3AB7900872E3A04F505C5B122CF00725DDB1F
C:\WINDOWS\system32\umpnpmgr.dll InMem: 1 Det [G] MD5: 2AD610AD31F421CDB6B3569775F70518 PX5: E17E7171004EB062E8920135B4ACE600006ECF5E
C:\WINDOWS\system32\NCObjAPI.DLL InMem: 1 Det [G] MD5: 9A7FCB7F0396FF0FD1F36ED354B55843 PX5: D45D8F1A005370698EC40076F1182300EF968395
C:\WINDOWS\system32\ShimEng.dll InMem: 1 Det [G] MD5: CB3905A3AF7360AF33A262EFBC708B9D PX5: 279F162200D1B52A008F010925672A00777AED3F
C:\WINDOWS\AppPatch\AcAdProc.dll InMem: 1 Det [G] MD5: 744EA281298317E91C3BEA70BF3843D4 PX5: 4481FDAC006BDDB69ABC00D7D79D140035AF8893
C:\WINDOWS\system32\eventlog.dll InMem: 1 Det [G] MD5: 21E83876A6287F15538EF187D286FE11 PX5: 3B9A3168000F9241DA51009E25CDA300D483AACD
C:\WINDOWS\system32\lsass.exe InMem: 1 Det [G] MD5: 9F3744A5C6F49291A7A685040A013399 PX5: 2802951000AF6D2D3445003B3C2E070012FA4941
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netlogon - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtLmSsp - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PolicyAgent - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ProtectedStorage - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SamSs - ImagePath [C:\WINDOWS\system32\lsass.exe]
C:\WINDOWS\system32\LSASRV.dll InMem: 1 Det [G] MD5: F047F97DEDF617393FF74DD7F963176A PX5: 5BF85CE700C063A11EFA0B0393BA2B00F9882714
C:\WINDOWS\system32\SAMSRV.dll InMem: 1 Det [G] MD5: EA7F5C31BBF29A2E818F5740DA15F5F7 PX5: F721E42D009249DD948406ED4DA09000698C84E1
C:\WINDOWS\system32\cryptdll.dll InMem: 1 Det [G] MD5: 57446327790DB6E2195B8DC0D185D0AF PX5: 0CB641000025EEFB82D6003F65688E0063E0CCE0
C:\WINDOWS\AppPatch\AcGenral.DLL InMem: 1 Det [G] MD5: 8492D2EA1913DB3FFFD81EF119114E16 PX5: B56636FB00FEF05644E41C8275CD8100E022668F
C:\WINDOWS\system32\msprivs.dll InMem: 1 Det [G] MD5: 0ED65643C2A88937E2DBD8620FBDE68C PX5: 1F59B8A000D092F5BCAA0065E2B278006F8E089A
C:\WINDOWS\system32\kerberos.dll InMem: 1 Det [G] MD5: A985B11790111383D15C818E1958E513 PX5: 86AF559D00FEE0A98447042C4AEE3500B9A53659
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\netlogon.dll InMem: 1 Det [G] MD5: FAF07FDCDE76000621A28D19F8E2E8EB PX5: 046502A200999EBC362B0653EF389B00EC58F70A
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 68 [netlogon.dll]
C:\WINDOWS\system32\w32time.dll InMem: 1 Det [G] MD5: FB89C8B1D6A3C260A39669320C5D5827 PX5: B371450B0098CFF3B65E02DD2FE53E006ACADCF8
C:\WINDOWS\system32\schannel.dll InMem: 1 Det [G] MD5: B0C2E9D9FC7B57AFD56FF471DA6D1312 PX5: B1324D7A0021FC1336F902C67B6D260095A1128E
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 14 [schannel.dll]
C:\WINDOWS\system32\wdigest.dll InMem: 1 Det [G] MD5: 2FEEBB2265C593F00F61CE03F61CA864 PX5: 5CD15C40002AA93DC0BD00AA78089C0074FD9245
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\jkkji.dll InMem: 1 Det [B] MD5: 011052BDF2502E2D0AAFED70F41D2D21 PX5: C0DE04F3003CDF6AE8BF04DB4E9DDF007D9F2E91 Malware Group: Trojan.Vundo - Lop
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Authentication Packages [msv1_0]
C:\WINDOWS\system32\SHFOLDER.dll InMem: 1 Det [G] MD5: 4D4BDC0D6535245C535C05149FE42C5F PX5: 51F36BEE00C3DEBE629100C7225E12008038A62D
C:\WINDOWS\system32\scecli.dll InMem: 1 Det [G] MD5: DEC0397F35D027874804EC72979D03CC PX5: E8BBE43B004ABA2FD8FD026ED6BFBE00C95315DD
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Notification Packages [scecli]
C:\WINDOWS\system32\ipsecsvc.dll InMem: 1 Det [G] MD5: 6AEA1A7F3ACF58584D67EDE0643233CD PX5: 1CEB82540078160CD052026E47341B007D0C4260
C:\WINDOWS\system32\oakley.DLL InMem: 1 Det [G] MD5: 4DECA01CECA6CDE5B0A5F04AC58582CF PX5: DD1A9798008F267A166F04354D81CE00973975B7
C:\WINDOWS\system32\WINIPSEC.DLL InMem: 1 Det [G] MD5: F74BDE088A38C562E92B0BDBC9464B4E PX5: DEAF4DE80080FA1C80950095AFD11C00B22B9280
C:\WINDOWS\system32\pstorsvc.dll InMem: 1 Det [G] MD5: E8D3866D637DD6B1A846CE19F0FAB1C0 PX5: DC4F2F0500A0A54D866A00CF55F9A10047CA674F
C:\WINDOWS\system32\mswsock.dll InMem: 1 Det [G] MD5: CCDD3433F3C3BD0D8502B38FD155B2F0 PX5: EFF858EA001D836BC8B40397D44DB70045CCA860
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000029 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000030 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000031 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000032 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000033 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000034 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000035 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000036 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000037 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000038 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000039 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000040 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000041 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000042 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000043 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
C:\WINDOWS\system32\hnetcfg.dll InMem: 1 Det [G] MD5: 9D39911675347318C17C68B2EA30CF2F PX5: E9BDBE6300E9674F4EAD0528C59C0900BBCD6B93
C:\WINDOWS\System32\wshtcpip.dll InMem: 1 Det [G] MD5: BFBE4AF0836AAEF0C182273735160989 PX5: 5A3F648600F532D54E6400E6707A27008127F653
C:\WINDOWS\system32\psbase.dll InMem: 1 Det [G] MD5: AC97110DAFF22D4083E68547752D23B4 PX5: BE66C28B00BC1A4E822C0169EFC29100978F96ED
C:\WINDOWS\system32\dssenh.dll InMem: 1 Det [G] MD5: CACD2C63A79268D131EA37E85524CC44 PX5: 31E843BE00E2A81C18FA0265E10B6500232880A4
C:\WINDOWS\System32\wship6.dll InMem: 1 Det [G] MD5: FE1B81E8F186D8B79F1377D696C808DA PX5: 14824FAE000054E938C60051FB264300F5CC2F44
C:\WINDOWS\system32\Ati2evxx.exe InMem: 1 Det [G] MD5: 870D480C911A7EE9A98B3CB190D95D22 PX5: CAFC4A8300F2FAA6D03407F095A68000C8FD8895
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ati HotKey Poller - ImagePath [C:\WINDOWS\system32\Ati2evxx.exe]
C:\WINDOWS\system32\powrprof.dll InMem: 1 Det [G] MD5: B02E4DDBE0E98F42F3B61292DDB3A104 PX5: 97968A2D0069C349447300384AF4970020B258B4
C:\WINDOWS\system32\cfgMgr32.dll InMem: 1 Det [G] MD5: EA84C4867DA9F9C5377436D459259AF4 PX5: EBEDC9120002D036421D003C4DC9A100A950F9FC
C:\WINDOWS\system32\Ati2edxx.dll InMem: 1 Det [G] MD5: 36765A744E6A515F709FEC514725643B PX5: 74BC6AA7004D14E8AA2B0023B7821300FE814150
C:\WINDOWS\system32\atipdlxx.dll InMem: 1 Det [G] MD5: 55492F99E43B11EAF8B297494A5C420E PX5: 2A19380700302DDD40BD0242D2F617003CCE1DFC
C:\WINDOWS\system32\svchost.exe InMem: 1 Det [G] MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA PX5: F40E2DC500616549387D0095555BE30052AE71AD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\6to4 - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Alerter - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AppMgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AudioSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BITS - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Browser - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CryptSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DcomLaunch - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dhcp - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmserver - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dnscache - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ERSvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\EventSystem - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\helpsvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HidServ - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTPFilter - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanserver - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanworkstation - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LmHosts - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Messenger - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MHN - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netman - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Nla - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtmsSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAuto - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasMan - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteAccess - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteRegistry - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcSs - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Schedule - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\seclogon - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SENS - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SharedAccess - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ShellHWDetection - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\srservice - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SSDPSRV - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\stisvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TapiSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermService - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Themes - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TrkWks - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\upnphost - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\W32Time - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WebClient - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\winmgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmdmPmSN - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Wmi - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wscsvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wuauserv - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WudfSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WZCSVC - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\xmlprov - ImagePath [C:\WINDOWS\System32\svchost.exe]
c:\windows\system32\rpcss.dll InMem: 1 Det [G] MD5: CB7D37602638369A516757E994CBB31D PX5: D871C10B00EAA5E3126A06933C746200665F77B0
C:\WINDOWS\system32\msi.dll InMem: 1 Det [G] MD5: 09E3EFF0339637C0AA1657B1A38362AF PX5: 3259DB6300E6C7718E822B2266AE2400790D9142
c:\windows\system32\termsrv.dll InMem: 1 Det [G] MD5: 70921DE4C83652DC301A05F0CC46C985 PX5: DFF9989900B8D4B88CDF0430F59FF100D86462B7
c:\windows\system32\ICAAPI.dll InMem: 1 Det [G] MD5: 4B88B1599804DEF38CA199F441F10B9A PX5: 9A0CE61F00D382612C920044E2AB0700873BF792
c:\windows\system32\mstlsapi.dll InMem: 1 Det [G] MD5: 94CAEB6FD0FD518CDC9007839B4CC86A PX5: EDCDF380001295B5C42B01A9DDFA4A0035AC9F98
c:\windows\system32\ACTIVEDS.dll InMem: 1 Det [G] MD5: 002918E2E96E6A360B2A9219F89F7124 PX5: BBB8F4B0002647C8F6250205FD961200E156A88F
c:\windows\system32\adsldpc.dll InMem: 1 Det [G] MD5: 3E7E66E33F519A532355A5E98D7AE713 PX5: BD9B9C480029F65530DD02725A006600A1AD4B81
c:\windows\system32\ATL.DLL InMem: 1 Det [G] MD5: EB6C4A6871F8A58D036B9EC4457083E7 PX5: 7B62579E002E6C3EE6E000BF48CB9A0076B673B0
C:\WINDOWS\System32\wshisn.dll InMem: 1 Det [G] MD5: 416F800C146FA798AB05CEAE9C90A405 PX5: B481EE54006093D42E63005B77A90C00E561DB40
C:\WINDOWS\system32\WSOCK32.dll InMem: 1 Det [G] MD5: 6199509CF2813B01BE6A25CA6669CCC9 PX5: 3B6A55C0007169C962BA0016E7C89B007392F5D5
C:\WINDOWS\System32\winrnr.dll InMem: 1 Det [G] MD5: 04E770B68D5FB8767E94F7EDDDC02E96 PX5: 6527FC730063EA7842CB007E553066000903CCBF
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 - LibraryPath [%SystemRoot%\System32\winrnr.dll]
C:\WINDOWS\system32\rasadhlp.dll InMem: 1 Det [G] MD5: 8371B4298101DA53BBE7AA3759299F49 PX5: 57464EA500BD805F2027003B3C2E0700E87E3F12
c:\windows\system32\dhcpcsvc.dll InMem: 1 Det [G] MD5: 06D73FCCEC17F51572400A933FD283F4 PX5: 2A8B6A8C00A73A52B6B70148C2883E00FE64D6A8
c:\windows\system32\wzcsvc.dll InMem: 1 Det [G] MD5: 8E72C5DC5BCCE92DE976F4E1BC224FF2 PX5: 77424EEF00D9452A3E2E07AA32776600CE7088C3
c:\windows\system32\rtutils.dll InMem: 1 Det [G] MD5: 4EB5BD40EFB5D9FD3DE2AE8F3E129227 PX5: BD3199F900ED4B60AC0500E6313D640054752DA1
c:\windows\system32\WMI.dll InMem: 1 Det [G] MD5: 1B808DA51599601B220A884E7B94EC2C PX5: 3713293500ADB92A16F0006A26ACBD0009A02966
c:\windows\system32\ESENT.dll InMem: 1 Det [G] MD5: E9F13445B4E5721353CDF019AD3492BA PX5: AAFE6E7800365389C0B3106E9B15A80031A8649C
C:\WINDOWS\System32\rastls.dll InMem: 1 Det [G] MD5: 6D12B8AF4707759B034E77C69AE0355D PX5: C43258EC00D403D9BA8C010C32391300507BC8C6
C:\WINDOWS\system32\CRYPTUI.dll InMem: 1 Det [G] MD5: 5C4AF53946808CABA0966F51D195A463 PX5: 2815737400AE4A3D184A08D11C3A2000DD5B27AA
C:\WINDOWS\System32\MPRAPI.dll InMem: 1 Det [G] MD5: 06DD77A9887C4A2A58CAF5A1714CC242 PX5: 784C08ED00C8D1AD542501D1AF74380090D76FC5
C:\WINDOWS\System32\RASAPI32.dll InMem: 1 Det [G] MD5: 8B6FBBE7594298F2C95835DCC2A8BE49 PX5: 182D9892000556B09E4F03BB98EAFC000BD1A1B3
C:\WINDOWS\System32\rasman.dll InMem: 1 Det [G] MD5: 1EDB560789A42B12C7A8684F92BC4B36 PX5: 9B79EF9B00BF4728F020008BC3858D00D914C147
C:\WINDOWS\System32\TAPI32.dll InMem: 1 Det [G] MD5: C358EC0D5B54B69B10D500F1FD6F3A37 PX5: 17536ADF00CF9005C68102ED9115D700F4C52784
C:\WINDOWS\System32\raschap.dll InMem: 1 Det [G] MD5: 0FB487738BBF73F8BD426DE1A87F9165 PX5: 2DBEB4990036DB5110AD0101366D2200076C88E4
c:\windows\system32\schedsvc.dll InMem: 1 Det [G] MD5: 4612EC6DAF695B87A2529FCBB95B75DE PX5: 2E00EC0700DD8AFBF2520231E32CC200A2B0BCBE
C:\WINDOWS\System32\MSIDLE.DLL InMem: 1 Det [G] MD5: 7AD27F3A996F8E8B24C6CE717AA6D9D3 PX5: F37031A100AC40621AA700A1A1AB360092D69C21
c:\windows\system32\audiosrv.dll InMem: 1 Det [G] MD5: 32957B7B46CBE2066C47FEBC7E56050E PX5: BF4F15DD00BE12ACA6F7002C95BB7D00A63578DA
c:\windows\system32\wkssvc.dll InMem: 1 Det [G] MD5: 2616EC8860C34901F70DC9262C46F876 PX5: 177F22300046F11A043302A7E36C6A007EC917EC
c:\windows\system32\qmgr.dll InMem: 1 Det [G] MD5: 87424817F82CF6A7F55DAC01A20111A3 PX5: 903F5DE800B0AB39D6E105CB97200B005ABD3F8B
c:\windows\system32\WINHTTP.dll InMem: 1 Det [G] MD5: 42B787EEDB02E8E962757D8DBD711D7D PX5: CD3CC2110020E7505C5E0541AC098F0020B93F9D
c:\windows\system32\cryptsvc.dll InMem: 1 Det [G] MD5: BDDF3723D95DC28D78B1E93119E0E6AB PX5: 0F6C7D1100D3B6C2EC3A0054BD920A004658D25C
c:\windows\system32\certcli.dll InMem: 1 Det [G] MD5: B71340505843F27EB49128483315C73F PX5: 4B6879A10093DDFE0EB503D241D22A00011BA967
c:\windows\system32\dmserver.dll InMem: 1 Det [G] MD5: 316C1BAB74CA10613AB2DA46A2EF3E47 PX5: 2FE35203005DF86160D100169935A800336F94B1
c:\windows\system32\ersvc.dll InMem: 1 Det [G] MD5: BE3CE05230890E1BAF8F0DD09D7A00FE PX5: EE932D8F004E94EF5AF1004F7A941E0027A15BB1
c:\windows\system32\es.dll InMem: 1 Det [G] MD5: D9CDB9380E0EFC9E97CC589B5F484B94 PX5: 145179BB005365DFB69A038CB5F30F003250662A
c:\windows\pchealth\helpctr\binaries\pchsvc.dll InMem: 1 Det [G] MD5: F8881957E5FD648F35998F518AF0B0AF PX5: 0980322500AE62C298D30091BAF1FF00C0CAC844
c:\windows\system32\hidserv.dll InMem: 1 Det [G] MD5: 007B1DA566D0AE7B8169FDE4DC618B70 PX5: EC0D9F4E0062C14C548000A454262C0051E8E666
c:\windows\system32\HID.DLL InMem: 1 Det [G] MD5: B91D96589B6B5F3E20A6175D0F948309 PX5: 1D6BAA4F004F12875256008FA9589E00FFB7946E
c:\windows\system32\srvsvc.dll InMem: 1 Det [G] MD5: AA3959A0E05E7390BFA2FD5BF0E0D2FD PX5: D56A49480006049C7A0401CCDC9ED40059842649
C:\WINDOWS\system32\comsvcs.dll InMem: 1 Det [G] MD5: 364A924611410ECDE8D3181171F978F6 PX5: 6AAF8E5A0014C6E4564113F649CD620004CEC644
C:\WINDOWS\system32\colbact.DLL InMem: 1 Det [G] MD5: 5850F5F59275C26F8D13479F26CF669B PX5: 8C9B4BA0001327DFEC290017888860002F915174
C:\WINDOWS\system32\MTXCLU.DLL InMem: 1 Det [G] MD5: 6D6DCBBB0D0DF2746BF562FAA91E11DC PX5: 309CC65E0002B67104C6013AAAD8C500D9A81996
C:\WINDOWS\System32\CLUSAPI.DLL InMem: 1 Det [G] MD5: 91E9D08BBDCEEF729B654D81398FF392 PX5: CCE8F13200227478E29F0094B2ED5200FE41CCAD
C:\WINDOWS\System32\RESUTILS.DLL InMem: 1 Det [G] MD5: 727E95FE973B875F66E493E224800981 PX5: 4322C377003461ABE67C0041ABC6A3000B572825
c:\windows\system32\netman.dll InMem: 1 Det [G] MD5: 0D55724D88488BBFC53BC2EA219240F3 PX5: 65612A5600E1886F042503516394BA008F33C035
c:\windows\system32\netshell.dll InMem: 1 Det [G] MD5: D2BB8BD33EC3D0A040D9C88C5475BE9B PX5: 619B823A00CEC2F644E11AB3A08E1B00C0C639A3
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\InprocServer32 - {7007ACC7-3202-11D1-AAD2-00805FC1270E} [C:\WINDOWS\system32\NETSHELL.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{992CFFA0-F557-101A-88EC-00DD010CCC48}\InprocServer32 - {992CFFA0-F557-101A-88EC-00DD010CCC48} [C:\WINDOWS\system32\NETSHELL.dll]
c:\windows\system32\credui.dll InMem: 1 Det [G] MD5: 6114AF0BA253E155A1404C8C4582F16F PX5: C4D76D63003D3A0B882302AD57C49400D347C957
c:\windows\system32\WZCSAPI.DLL InMem: 1 Det [G] MD5: 73FBD4245713C4E9984692A4A208A975 PX5: 407B652E00C34A0FCE650097CA44B5003AADB23D
c:\windows\system32\seclogon.dll InMem: 1 Det [G] MD5: 775A33A1DF28B4A98EEEE5DA2CDB12D9 PX5: DD337BC4000655CF4AC00095E088660006448C66
c:\windows\system32\sens.dll InMem: 1 Det [G] MD5: 50F6F8E01AD2AF261AF86A3077B6FB6C PX5: 3E1917E600F70CEF98C700E804E22800288CF677
c:\windows\system32\srsvc.dll InMem: 1 Det [G] MD5: 6469C53F4D16FA6055CCA265BC03DB66 PX5: A32C6531003A0D949C21026453D85E00EE4D7ADB
C:\WINDOWS\system32\upnp.dll InMem: 1 Det [G] MD5: EDDB6936597C493C6F0853BE32D9CDDB PX5: BAF08146008F09AB062A02A5AD4327005D82D8A5
C:\WINDOWS\system32\SSDPAPI.dll InMem: 1 Det [G] MD5: B3E9FDD620B82B554FB71BEBFF64F0A8 PX5: 273FD9B800009883884C001796C232000620D03E
c:\windows\system32\tapisrv.dll InMem: 1 Det [G] MD5: 720DA0C9DB8996AD9B7F5164B2242DAA PX5: A89BE4F3004B369ECE8A037A5B82F800DA5C09A5
c:\windows\system32\trkwks.dll InMem: 1 Det [G] MD5: AD69CBD0BE5073F52E92737579B79A67 PX5: 209712CF002D1BB4627C01E05E7F6900CA14F0A8
c:\windows\system32\wbem\wmisvc.dll InMem: 1 Det [G] MD5: 06156F20B90C6866D724D9EE6792044D PX5: 8F1598160022B10938A0024B1D52BF00029B0F16
C:\WINDOWS\system32\VSSAPI.DLL InMem: 1 Det [G] MD5: A5174DA1F24CB90B1F39A29F2222D66C PX5: 96C70570005C9AFF922B0614A4965300681212FE
c:\windows\system32\wuauserv.dll InMem: 1 Det [G] MD5: 57FE69B6648E73559552779820FA0827 PX5: 24FDCE1B00695A911ADC00068A66AC00BF883BB1
C:\WINDOWS\system32\wuaueng.dll InMem: 1 Det [G] MD5: 3EEC20E41F5F331B94002970CEAEC92F PX5: 26C07DF358FF2BE623151A8BD3FD64005FC70733
C:\WINDOWS\System32\Cabinet.dll InMem: 1 Det [G] MD5: ED80D1F10A582E38FE6CC8EEBEA38C86 PX5: A124A77E0063AC54EA3900FB614F460093212A12
C:\WINDOWS\System32\mspatcha.dll InMem: 1 Det [G] MD5: F9B4D720E6ED550923D940BF6FAC9DEA PX5: F4E4CDB100BC3E3776C500C6E3160600151B18E8
c:\windows\system32\browser.dll InMem: 1 Det [G] MD5: CE9DC7CC6D75515EE62CA341473EC5F3 PX5: BD36676B00388A072E1B014E59026900F3A95058
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} - [Browser Customizations]
c:\windows\system32\ipnathlp.dll InMem: 1 Det [G] MD5: 24A66112B3428C237B23EFE70D2CF54D PX5: B0D93CC5003DA95E142205C6A5B0EA001F3C166F
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\AUTODHCP - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\DNSPROXY - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\FTP - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\H323 - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\IPNAT - DllName [ipnathlp.dll]
c:\windows\system32\wscsvc.dll InMem: 1 Det [G] MD5: F4827282722D8EDBE542E2A1CE1678EE PX5: B3ABA0C400D7157D3E74014F780C130071309CC1
c:\windows\system32\6to4svc.dll InMem: 1 Det [G] MD5: CE24896911C4CBECE83B3FE403AEDBE8 PX5: 24C0F0FD005C4613884C01B3B87006004A88C9F0
C:\WINDOWS\System32\Wbem\wbemcore.dll InMem: 1 Det [G] MD5: 5AE16C292B3AB95E8C4A247152BB66D4 PX5: 04182E6900B6E6FE1A7208BB5C5BBB00F8BE4242
C:\WINDOWS\System32\Wbem\esscli.dll InMem: 1 Det [G] MD5: B35908BE7B63CFB907270F04CB051852 PX5: CEC33FA1009C0B2FC86903619F45EE00C83647B1
C:\WINDOWS\system32\wbem\wmiutils.dll InMem: 1 Det [G] MD5: 2754EF1A095CD2F738902C2B18DB74F5 PX5: F3064E020059F91D840401173C8A0200D2D96DD6
C:\WINDOWS\system32\wbem\repdrvfs.dll InMem: 1 Det [G] MD5: 6B5541ED13D60097AE581DD5725DF17B PX5: 158EE4C000CC1B48B489027C6774AC00B759C453
C:\WINDOWS\system32\wbem\wmiprvsd.dll InMem: 1 Det [G] MD5: D85C674375E5FA2CF87B44BB4EE80C38 PX5: 3D1CC7030063CA75AC4306BE6A9276004BBD29C8
C:\WINDOWS\system32\wbem\wbemess.dll InMem: 1 Det [G] MD5: 6419F9F45E7FFE0D4571EC588ACB7A4F PX5: F3E6A3E400CCC6EB2E5C047266EB8F002E547FD7
C:\WINDOWS\system32\msxml3.dll InMem: 1 Det [G] MD5: 45F6405C1C94C6CC57DB4BB68C49A79F PX5: 5C15904A003766BDDCAF1097FC8015005F4D14CE
C:\WINDOWS\system32\wbem\ncprov.dll InMem: 1 Det [G] MD5: 52A4A534DB25F18E6308BC629FF83209 PX5: AF1EE54000C7488BB80700329BDAD700434C107F
C:\WINDOWS\system32\netcfgx.dll InMem: 1 Det [G] MD5: 9F4778214FAE6A22CF38CD89683BED26 PX5: 1860ABA9006614E4ACF20983D0160A0075CF1A43
C:\WINDOWS\System32\rasmans.dll InMem: 1 Det [G] MD5: 1C22FCFF92DCDAA0E186AC159BB66720 PX5: 6AC5343500B63A4FC49802B36302950017ED0971
C:\WINDOWS\System32\rastapi.dll InMem: 1 Det [G] MD5: 5A017FD25B90C9A26AE7395CEB19FF97 PX5: 0020436F0070D10EE69000CD687DD9009F59AC43
C:\WINDOWS\System32\unimdm.tsp InMem: 1 Det [G] MD5: DB227250DF8E630B87E9D6B0D1CB7C1F PX5: 1DE9628000065E2B2C8E03E476327F00418CC93C
C:\WINDOWS\System32\uniplat.dll InMem: 1 Det [G] MD5: 028CBF931B3038E14BBE83569F93A1BF PX5: 5942125800CB6391368C00FC8F08220068264DA5
C:\WINDOWS\System32\unimdmat.dll InMem: 1 Det [G] MD5: C2B66EB6D443C75A9F3678BAEA07D9F0 PX5: C1DB2F4500797F2234F1014F37FD96002FB73F14
C:\WINDOWS\system32\modemui.dll InMem: 1 Det [G] MD5: 328CE0A4C863BAA2FC521F4F1C130BBD PX5: 3D6E7D8D007BC010625A0206BCFF4200D95047F6
C:\WINDOWS\System32\kmddsp.tsp InMem: 1 Det [G] MD5: 09A2CED0FD97F6E448DEFA101D4EEB51 PX5: 5F2B8014004399D482D000302580DE00D83185D7
C:\WINDOWS\System32\ndptsp.tsp InMem: 1 Det [G] MD5: 6DCABD4A447BA7DCC05CAA3EB9240072 PX5: A641251E00A69BA8E00D006452546A000F52AE97
C:\WINDOWS\System32\ipconf.tsp InMem: 1 Det [G] MD5: 49E09F80D5C3B617759DA19DF7E05FBB PX5: 1E42C30C007114304462003503137600A7253B2D
C:\WINDOWS\System32\h323.tsp InMem: 1 Det [G] MD5: 3AA0014FBF0703E08AD5C2CB3EC4DD5C PX5: AB6A8C1300321DA712AE0472C6A9AB0034012393
C:\WINDOWS\System32\hidphone.tsp InMem: 1 Det [G] MD5: C1ED94FD2DBC15AC38687E167C799E28 PX5: E81862EF006F43C276370029475D7A0054947785
C:\WINDOWS\System32\rasppp.dll InMem: 1 Det [G] MD5: 94A22566E3B749755C5C096A260AB1C7 PX5: 4E2767C400D2DD76266D03639E9D2B00ABEA7790
C:\WINDOWS\System32\ntlsapi.dll InMem: 1 Det [G] MD5: 91C384C678048AB8CF1B9F8B69026F73 PX5: 8D3A8A14006C52E520B8003B3C2E0700CDD544BE
C:\WINDOWS\System32\ipxwan.dll InMem: 1 Det [G] MD5: A53E960E0E4DBC1F97567769BEEB89C7 PX5: 7945FADD00747F0852C900768CDB5B003B613838
C:\WINDOWS\System32\adptif.dll InMem: 1 Det [G] MD5: 61F8EAE589C1BD2C80190F751D78E483 PX5: ACCF228500FD10E6661C009BF8D50B0043C50822
C:\WINDOWS\System32\RASDLG.dll InMem: 1 Det [G] MD5: 5495784F4CA2A583B415508A9A521F3C PX5: 060F13C6004DBB2C742E0A1E73531B0069D08AE8
C:\WINDOWS\system32\advpack.dll InMem: 1 Det [G] MD5: 1FBD198D87FF352A6072970C65C5512F PX5: D123898C00090E59E8F80149F870D8002FD5EDE3
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\KB910393 - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDB]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmt]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.i]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.]
C:\WINDOWS\System32\NETRAP.dll InMem: 1 Det [G] MD5: 1E15540F7A2E0D1CFA361312D363D16F PX5: 1710934000931208302A0038A8AAAE005D558E34
c:\windows\system32\wudfsvc.dll InMem: 1 Det [G] MD5: 05231C04253C5BC30B26CBAAE680ED89 PX5: 4F5BFC0200221476DA8A0019D0184C00F499481E
c:\windows\system32\WUDFPlatform.dll InMem: 1 Det [G] MD5: 5CAF91E865FE0C85048A233E594544D2 PX5: 5C735F2900597AFA86ED021F9440FD00675FCD07
c:\windows\system32\dnsrslvr.dll InMem: 1 Det [G] MD5: 8D4D8D797CDE07A7EC53C8992BF3E95F PX5: 9DDE926C00E03AFDB2BF00F17284B300085BA23E
c:\windows\system32\lmhsvc.dll InMem: 1 Det [G] MD5: FE6C55D366D48F04DF9318605D6ED5A7 PX5: E3F52F6500CE6C74361800C0FD277E00F48E7FF0
c:\windows\system32\webclnt.dll InMem: 1 Det [G] MD5: F0D5D252E806AD366BFBDEC81324E8F7 PX5: 979EC6FF00CF02480A2201325A4A3B00A8233532
c:\windows\system32\regsvc.dll InMem: 1 Det [G] MD5: 345D02087F5696749C6120359B1E2988 PX5: 78F250650060145DEAA100718A63A80086B8673A
c:\windows\system32\upnphost.dll InMem: 1 Det [G] MD5: 96B3C690ED82E36E04C130F916E3AE91 PX5: 1085B9960092D48CD434029E660ABA008AF7C8AE
C:\WINDOWS\system32\httpapi.dll InMem: 1 Det [G] MD5: 57A4EDB1A8CECABA4AFE134524F788A4 PX5: B345A916001CDBB96005001D382A2F00308247CB
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe InMem: 1 Det [G] MD5: 591E7CDF35DE74D55CD462A13FBADE5E PX5: 8AD958EB785ADD3943F400FB02206800298E955A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aswUpdSv - ImagePath [C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe]
C:\Program Files\Alwil Software\Avast4\aswCmnS.dll InMem: 1 Det [G] MD5: D9ED0B587AF1AE64D87AB5BF174DEB81 PX5: F90218080001EE9BD08F02D0823059002727BE9C
C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll InMem: 1 Det [G] MD5: 1A50225EA9577508BC789A12AADACB89 PX5: AE6487BD0028C29D102201E6D351CA0021216890
C:\WINDOWS\system32\MSVCP71.dll InMem: 1 Det [G] MD5: 561FA2ABB31DFA8FAB762145F81667C2 PX5: F133D4F000B92F08A0E107FD67B66E0015498C05
C:\WINDOWS\system32\MSVCR71.dll InMem: 1 Det [G] MD5: 86F1895AE8C5E8B17D99ECE768A70732 PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7
C:\Program Files\Alwil Software\Avast4\aswCmnB.dll InMem: 1 Det [G] MD5: F047A09D95FC42547CBBDFF23FF1D526 PX5: B7A8C421009ACBE80039028E4CB1B200D219C597
C:\Program Files\Alwil Software\Avast4\ashServ.exe InMem: 1 Det [G] MD5: DBBB6E20EC8C38902C4935B249AEBE2A PX5: A27380CF78912FEB25F102DF2AF60C00B17DFE91
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\avast! Antivirus - ImagePath [C:\Program Files\Alwil Software\Avast4\ashServ.exe]
C:\Program Files\Alwil Software\Avast4\aswAux.dll InMem: 1 Det [G] MD5: 840CC7844ABA98D3D0CF266FA64AAE99 PX5: 686F0808003E43CC10180A167C18F5008A092111
C:\Program Files\Alwil Software\Avast4\aswEngin.dll InMem: 1 Det [G] MD5: F70AF2858628562D72E16AFF9E307684 PX5: A8C365A500F638FC60F512412D469000B28EAA12
C:\Program Files\Alwil Software\Avast4\aswScan.dll InMem: 1 Det [G] MD5: E2A28739A2D3B35CA623E8F2214844FE PX5: 1B501FD7005ACFBF40A1017AB860050036CD2389
C:\Program Files\Alwil Software\Avast4\ashBase.dll InMem: 1 Det [G] MD5: 8D33EFA05506AE18F52D258C02CEDA66 PX5: 60368A01001B913B60C303E48CC7F5001281502D
C:\Program Files\Alwil Software\Avast4\ashTask.dll InMem: 1 Det [G] MD5: B96EBF36421374240BDBC0C06C71C6D9 PX5: FD50F68700A903FDB0FF0101CBDE8F008D056B7E
C:\Program Files\Alwil Software\Avast4\aswInteg.dll InMem: 1 Det [G] MD5: FC39131ADBB918668FCF6A93402B2980 PX5: 9BF5020500297F4C58E000440B621E007BBBEB36
C:\Program Files\Alwil Software\Avast4\aswIdle.dll InMem: 1 Det [G] MD5: 99CA6EFA8AB9E0F3D9927558C8BBC88A PX5: C178E3E7007088E0122A00761D831A00EDAFDE1B
C:\Program Files\Alwil Software\Avast4\Aavm4h.dll InMem: 1 Det [G] MD5: 4C6DD72422422849E50160D9D9347EB9 PX5: 22E57E76009822FB40AB032FA5E04000E29CDC7E
C:\WINDOWS\system32\dbghelp.dll InMem: 1 Det [G] MD5: 87B15790B5B6C5877909BE43A501E486 PX5: 135DAE64001EB9D6C4D309C862841400BFE2B428
C:\Program Files\Alwil Software\Avast4\French\Base.dll InMem: 1 Det [G] MD5: 0FA611C1A3E5B026409A01F8E64545DC PX5: A084E90E00C2538380CA0169FDFDD7000CD7C1AC
C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL InMem: 1 Det [G] MD5: A07CCC76AE1D3C6B9ED3D409C0536CF9 PX5: BED43CC2000DBDF528AD013620FE49004D1D27B9
C:\Program Files\Alwil Software\Avast4\AhResMai.dll InMem: 1 Det [G] MD5: 5BF1DE3A25B0C0E3C5773D7C2A88963E PX5: EA12E570009EFD7C8C0100FABBF9D2006383931A
C:\Program Files\Alwil Software\Avast4\ahResMes.dll InMem: 1 Det [G] MD5: 43FBA519704AA992874D4F8CB6F8ED8D PX5: 368BEE15005180E1807900BCFA862500126D1CCB
C:\Program Files\Alwil Software\Avast4\AhResNS.dll InMem: 1 Det [G] MD5: CB9572FF2951DC9FFF94606D0BBFFCBD PX5: 10AA42BB0051A2FF7C2100181FCC0400B3B8DDA9
C:\Program Files\Alwil Software\Avast4\AhResOut.dll InMem: 1 Det [G] MD5: 132A4F3B54ECB85933FDFAEB9C69E7CE PX5: B151518B001811F974F100BF7CACC100D34691E1
C:\Program Files\Alwil Software\Avast4\ahResP2P.dll InMem: 1 Det [G] MD5: 5AD07CF94490BAF4B8BD661D4D0E7BA0 PX5: A82A2C3A00DBD609808D009F41F91800FA08E38A
C:\Program Files\Alwil Software\Avast4\AhResStd.dll InMem: 1 Det [G] MD5: 11EE65D559B42B5A296685AA885FD934 PX5: 92FFB32E003E13F2A8270005B9EB3800961B43EE
C:\Program Files\Alwil Software\Avast4\AhResWS.dll InMem: 1 Det [G] MD5: EFA495AA40BB66C4B37C472DFBC9E68F PX5: AB08B440004B4F0FD061002DDDE82A00C6EC59F0
C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll InMem: 1 Det [G] MD5: 99B482577133F625027A4130B15F12CD PX5: 2A6E6F5700E14735904D03785E2A7C006E00EDC0
C:\WINDOWS\system32\perfos.dll InMem: 1 Det [G] MD5: 9619B5D1C9A8BD4E94D544AEA564F03F PX5: DAB242EF00187F96688C00E365D44E002255B4A9
C:\WINDOWS\Explorer.EXE InMem: 1 Det [G] MD5: D0288319660EDCFED07C7E74C4EA38A5 PX5: 5F224AD100F73BC6D4BA0FDC56B8E4005F26894E
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - Shell [Explorer.exe]
C:\WINDOWS\system32\BROWSEUI.dll InMem: 1 Det [G] MD5: D08E13172DD5D80E780C326EAED05DCA PX5: 819BF3ED005178C89EE90F9646A2670016FD1ED4
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837}\InprocServer32 - {5E6AB780-7743-11CF-A12B-00AA004AE837} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{22BF0C20-6DA7-11D0-B373-00A0C9034938}\InprocServer32 - {22BF0C20-6DA7-11D0-B373-00A0C9034938} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\
0
Réponse 2 / 52
twister2 Messages postés 218 Date d'inscription vendredi 22 février 2008 Statut Membre Dernière intervention 13 octobre 2017 43
9 mars 2008 à 05:21
salu ludo2433


TÉLÉCHARGEZ : vundofix

http://www.clubic.com/telecharger-fiche25107-vundofix.html

Double-cliquez VundoFix.exe afin de le lancer.
Cochez Run VundoFix as a task.
Un message vous avertira que l'outil va se fermer et s'ouvrir à nouveau : cliquez Ok
Cliquez sur le bouton Scan for Vundo.
Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
Une invite vous demandera si vous voulez supprimer les fichiers, cliquez YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Vous allez avoir une invite qui annoce que votre PC va s'éteindre ("shutdown") ; cliquez OK
Démarrez votre PC à nouveau.

Il est possible que votre fond d'écran "disparaisse"
@+twister2
0
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 61
9 mars 2008 à 14:27
c dingue , j'ai installé vundofix et il me dit qu'il ne trouve rien, alors qu'avec prevvx csi il me donne le rapport ci dessus et les infection trojan vundo, a toi merci de ton aide
0
Réponse 3 / 52
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 61
11 mars 2008 à 18:59
re qqlqu'un pour nous aider moi et mon pote qui sommes infester par je ne sais quels virus!!!!!!


merci beaucoups
0
Réponse 4 / 52
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 61
11 mars 2008 à 19:22
nous avons l'impression que toutes voir quasi toutes les cles registres on disparu??????
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 52
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 61
11 mars 2008 à 19:24
tiens guigui

Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
("Download Latest Version", sur la droite).
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut
0
Réponse 6 / 52
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 61
11 mars 2008 à 19:27
Télécharge ComboFix (créé par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Démarre en mode sans echec


# Double clique combofix.exe.
# Tape sur la touche Y (Yes) pour démarrer le scan.
# Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt'+String.fromCharCode(60)+'b'+String.fromCharCode(62)+'4970'+String.fromCharCode(60)+'/b'+String.fromCharCode(62)+' message(s) posté(s) depuis le '+String.fromCharCode(60)+'b'+String.fromCharCode(62)+'samedi 24 mars 2007'+String.fromCharCode(60)+'/b'+String.fromCharCode(62)+'
0
Réponse 7 / 52
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 61
11 mars 2008 à 19:45
...
0
Réponse 8 / 52
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 61
11 mars 2008 à 19:52
telecharge aussi
AVG Antivirus Gratuit v.7.5 Free edition

ensuite desinstalle avast completement , redemarre et installe avg
0
Réponse 9 / 52
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 61
11 mars 2008 à 20:53
...
0
Réponse 10 / 52
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 61
12 mars 2008 à 18:18
re bonjour ,personne pour nous aidés...!!!!!!!
0
Réponse 11 / 52
Utilisateur anonyme
12 mars 2008 à 18:32
Salut ...

Télécharge VundoFix ici -> http://www.atribune.org/ccount/click.php?id=4

lance Vundofix.exe
Coche la case Run VundoFix as a task,
Un pop-up va s'ouvrir , repond ok
Il va se refermer et réouvrir au bout d'une 1 minute environ.
Quand il est réouvert, clique sur Scan for Vundo
Quand le scan est terminé, clique sur Remove Vundo
Réponds Yes à la demande de suppression des fichiers.
Il te sera demandé de redémarrer ton ordinateur, accepte bien sûr.
Colle le rapport situé dans "c:\vundofix.txt" dans ta réponse

**********************************************************

Télécharge VirtumondoBegone :

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Redémarre en MSE et lance le,
Et poste moi le rapport.


N'interprete pas seul les rapports stp , postent-les moi même si tu penses savoir ce qu'il en est.
+++
0
Réponse 12 / 52
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 61
12 mars 2008 à 18:41
salut cyril moi je suis un ami a la personne qui est infecté, qui devrait etre la d'ici 30mn, une fois dessus il te postera les rapports demander.


merci popur l'aide que tu lui apportera.a toute
0
Utilisateur anonyme
12 mars 2008 à 18:42
Ok pas de soucis

++
0
Réponse 13 / 52
guiguicharagiste24
12 mars 2008 à 19:27
me voila, voici le probleme, l'anglais et l'informatique, deux langue que je ne gere pas trop!
merci encore....



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:19, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\NettoyeurDePC\stm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MalwareAlarm\pv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: HPF0A5DD HP0019BBF0A5DD
O2 - BHO: (no name) - {027C7642-8667-4BB3-8896-EC3A5D07DC7D} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {829e8cd4-c636-ceba-7a04-eb3e8b06cf78} - {87fc60b8-e3be-40a7-abec-636c4dc8e928} - C:\WINDOWS\system32\tnekekgo.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll (file missing)
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - C:\WINDOWS\system32\ssqqoll.dll (file missing)
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [bm(1)] "C:\Program Files\Fichiers communs\VirusEffaceur\bm.exe" dm=http://viruseffaceur.com ad=http://viruseffaceur.com sd=http://gregistre.viruseffaceur.com
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\NettoyeurDePC\stm.exe" dm=http://nettoyeurdepc.com ad=http://nettoyeurdepc.com sd=http://paylogs.nettoyeurdepc.com
O4 - HKLM\..\Run: [98892c0b] rundll32.exe "C:\WINDOWS\system32\tuhcwrqm.dll",b
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [BM9bba1f97] Rundll32.exe "C:\WINDOWS\system32\hjkywcyh.dll",s
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://charack24.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: ssqqoll - ssqqoll.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 14 / 52
Utilisateur anonyme
12 mars 2008 à 19:32
Je n'ai pas demandé de rapport Hijackthis , fait ceci

++
0
Réponse 15 / 52
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 61
12 mars 2008 à 19:48
ok , je tien a te prevenir que mon pote a xp media center, sinon le temps de scan est long avec vundofix?

ps il a des jeux et des applications qui ne marche pas ou a moitié, je pense que c du a des cles de registre qui on disparu.
du fait peut etre de regcleaner!

a toi
0
Utilisateur anonyme
12 mars 2008 à 19:49 
je tien a te prevenir que mon pote a xp media center
Et alors ?

Bof sa peut encore aller.
De toute facon on est obligé de faire Vundofix + Virtumondobegone

+++
0
Réponse 16 / 52
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 61
12 mars 2008 à 20:03
salut mon ami me dit qu'il a 2 fichier .dl de marquer et cochez dans une fenetre dans vundofix et que l'on ne peut rien faire d'autres , j'ai verifier en webca est c vrai , donc je lui ai dit de relancer le scan,

a toi
0
Réponse 17 / 52
Utilisateur anonyme
12 mars 2008 à 20:04
Je VEUX les rapports.

++
0
Réponse 18 / 52
guiguicharagiste24
12 mars 2008 à 20:11
VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 14:20:32 09/03/2008

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 15:21:19 09/03/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 12:02:05 10/03/2008

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.3

Scan started at 19:41:27 12/03/2008

Listing files found while scanning....

C:\WINDOWS\system32\ssqqoll.dll
C:\WINDOWS\system32\yelveuwn.dll

VundoFix V7.0.3

Scan started at 19:59:31 12/03/2008

Listing files found while scanning....

C:\WINDOWS\system32\ssqqoll.dll
C:\WINDOWS\system32\yelveuwn.dll
0
Réponse 19 / 52
ludo2433 Messages postés 331 Date d'inscription mercredi 25 avril 2007 Statut Membre Dernière intervention 6 mai 2018 61
12 mars 2008 à 20:12
tu nous explique ????merki
0
guiguicharagiste24
12 mars 2008 à 20:38
[03/12/2008, 20:24:15] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\GUILLAUME\Bureau\VirtumundoBeGone.exe" )
[03/12/2008, 20:24:59] - Detected System Information:
[03/12/2008, 20:24:59] - Windows Version: 5.1.2600, Service Pack 2
[03/12/2008, 20:24:59] - Current Username: GUILLAUME (Admin)
[03/12/2008, 20:24:59] - Windows is in SAFE mode with Networking.
[03/12/2008, 20:24:59] - Searching for Browser Helper Objects:
[03/12/2008, 20:24:59] - BHO 1: {027C7642-8667-4BB3-8896-EC3A5D07DC7D} ()
[03/12/2008, 20:25:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/12/2008, 20:25:00] - Checking for HKLM\...\Winlogon\Notify\jkkji
[03/12/2008, 20:25:00] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[03/12/2008, 20:25:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/12/2008, 20:25:00] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/12/2008, 20:25:00] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/12/2008, 20:25:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/12/2008, 20:25:00] - No filename found. Continuing.
[03/12/2008, 20:25:00] - BHO 5: {87fc60b8-e3be-40a7-abec-636c4dc8e928} ()
[03/12/2008, 20:25:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/12/2008, 20:25:00] - Checking for HKLM\...\Winlogon\Notify\tnekekgo
[03/12/2008, 20:25:00] - Key not found: HKLM\...\Winlogon\Notify\tnekekgo, continuing.
[03/12/2008, 20:25:00] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[03/12/2008, 20:25:00] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/12/2008, 20:25:00] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/12/2008, 20:25:00] - BHO 9: {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} (UrlHelper Class)
[03/12/2008, 20:25:00] - BHO 10: {D85530E8-D39D-49D0-9F36-300D594556D2} ()
[03/12/2008, 20:25:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/12/2008, 20:25:00] - Checking for HKLM\...\Winlogon\Notify\ssqqoll
[03/12/2008, 20:25:00] - Found: HKLM\...\Winlogon\Notify\ssqqoll - This is probably Virtumundo.
[03/12/2008, 20:25:00] - Assigning {D85530E8-D39D-49D0-9F36-300D594556D2} MSEvents Object
[03/12/2008, 20:25:00] - BHO list has been changed! Starting over...
[03/12/2008, 20:25:00] - BHO 1: {027C7642-8667-4BB3-8896-EC3A5D07DC7D} ()
[03/12/2008, 20:25:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/12/2008, 20:25:00] - Checking for HKLM\...\Winlogon\Notify\jkkji
[03/12/2008, 20:25:00] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[03/12/2008, 20:25:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/12/2008, 20:25:00] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/12/2008, 20:25:00] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/12/2008, 20:25:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/12/2008, 20:25:00] - No filename found. Continuing.
[03/12/2008, 20:25:00] - BHO 5: {87fc60b8-e3be-40a7-abec-636c4dc8e928} ()
[03/12/2008, 20:25:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/12/2008, 20:25:00] - Checking for HKLM\...\Winlogon\Notify\tnekekgo
[03/12/2008, 20:25:00] - Key not found: HKLM\...\Winlogon\Notify\tnekekgo, continuing.
[03/12/2008, 20:25:00] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[03/12/2008, 20:25:00] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/12/2008, 20:25:00] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/12/2008, 20:25:00] - BHO 9: {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} (UrlHelper Class)
[03/12/2008, 20:25:00] - BHO 10: {D85530E8-D39D-49D0-9F36-300D594556D2} (MSEvents Object)
[03/12/2008, 20:25:00] - ALERT: Found MSEvents Object!
[03/12/2008, 20:25:00] - Finished Searching Browser Helper Objects
[03/12/2008, 20:25:00] - *** Detected MSEvents Object
[03/12/2008, 20:25:00] - Trying to remove MSEvents Object...
[03/12/2008, 20:25:01] - Terminating Process: IEXPLORE.EXE
[03/12/2008, 20:25:01] - Terminating Process: RUNDLL32.EXE
[03/12/2008, 20:25:01] - Disabling Automatic Shell Restart
[03/12/2008, 20:25:01] - Terminating Process: EXPLORER.EXE
[03/12/2008, 20:25:02] - Suspending the NT Session Manager System Service
[03/12/2008, 20:25:02] - Terminating Windows NT Logon/Logoff Manager
[03/12/2008, 20:25:02] - Re-enabling Automatic Shell Restart
[03/12/2008, 20:25:02] - File to disable: C:\WINDOWS\system32\ssqqoll.dll
[03/12/2008, 20:25:02] - Removing HKLM\...\Browser Helper Objects\{D85530E8-D39D-49D0-9F36-300D594556D2}
[03/12/2008, 20:25:02] - Removing HKCR\CLSID\{D85530E8-D39D-49D0-9F36-300D594556D2}
[03/12/2008, 20:25:02] - Adding Kill Bit for ActiveX for GUID: {D85530E8-D39D-49D0-9F36-300D594556D2}
[03/12/2008, 20:25:02] - Deleting ATLEvents/MSEvents Registry entries
[03/12/2008, 20:25:02] - Removing HKLM\...\Winlogon\Notify\ssqqoll
[03/12/2008, 20:25:02] - Searching for Browser Helper Objects:
[03/12/2008, 20:25:02] - BHO 1: {027C7642-8667-4BB3-8896-EC3A5D07DC7D} ()
[03/12/2008, 20:25:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/12/2008, 20:25:02] - Checking for HKLM\...\Winlogon\Notify\jkkji
[03/12/2008, 20:25:02] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[03/12/2008, 20:25:02] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/12/2008, 20:25:02] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/12/2008, 20:25:02] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/12/2008, 20:25:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/12/2008, 20:25:02] - No filename found. Continuing.
[03/12/2008, 20:25:02] - BHO 5: {87fc60b8-e3be-40a7-abec-636c4dc8e928} ()
[03/12/2008, 20:25:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/12/2008, 20:25:02] - Checking for HKLM\...\Winlogon\Notify\tnekekgo
[03/12/2008, 20:25:02] - Key not found: HKLM\...\Winlogon\Notify\tnekekgo, continuing.
[03/12/2008, 20:25:02] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[03/12/2008, 20:25:02] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/12/2008, 20:25:02] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/12/2008, 20:25:02] - BHO 9: {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} (UrlHelper Class)
[03/12/2008, 20:25:02] - Finished Searching Browser Helper Objects
[03/12/2008, 20:25:02] - Finishing up...
[03/12/2008, 20:25:02] - A restart is needed.
[03/12/2008, 20:26:11] - Attempting to Restart via STOP error (Blue Screen!)
0
guig's24 Messages postés 12 Date d'inscription mardi 11 mars 2008 Statut Membre Dernière intervention 11 janvier 2009 > guiguicharagiste24
12 mars 2008 à 20:47
compte activé, changement de psedo
0
Réponse 20 / 52
Utilisateur anonyme
12 mars 2008 à 20:16
Rapport non complet , CTRL+A pour tout selectionner CRTL+C pour copier , CTRL+V pour le coller dans le forum.

+++
0

Discussions similaires

Comment supprimer tor.jack sur Android
sabinelouisonbruno -
akaloupile -

4 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses