Attack virus virtumonde

Fermé
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009 - 12 mars 2008 à 15:45
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 23 mars 2008 à 16:04
Bonjour,
je n'arrive pas a enlever ce virus WIN32:delf-hox [trj] et est ce que je suis obliger de remettre mon pc a 0 par ce que j'ai du mal a le mettre ,donc j'ai fait quand meme un test hijackthis et un autre avec virtumondobegone ca serai gentil de m'aider par ce que je n'en peu plus merci beaucoup.
les voici:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:47, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Eurobarre\eb.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [c0f8cc65] rundll32.exe "C:\WINDOWS\system32\fctcycuj.dll",b
O4 - HKLM\..\Run: [BMc3cbfff9] Rundll32.exe "C:\WINDOWS\system32\msatnsgp.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [prov] prov.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-471990195-2333845299-1059634769-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

40 réponses

pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
18 mars 2008 à 22:23
voila le resultat sans qu'il est redemarré:




ComboFix 08-03-10.1 - peter 2008-03-16 21:51:37.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1165 [GMT 1:00]
Endroit: G:\ComboFix.exe
Command switches used :: G:\CFScript.txt..txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp
.
/wow section - STAGE 7
/wow section non terminée

((((((((((((((((((((((((((((( Fichiers créés 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))))))))
.

2008-03-15 12:16 . 2008-03-15 12:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-15 12:10 . 2008-03-15 13:07 <REP> d-------- C:\SDFix
2008-03-10 19:00 . 2008-03-10 18:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 19:00 . 2008-03-10 19:00 2,546 --a------ C:\WINDOWS\unins000.dat
2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 14:05 . 2008-03-15 14:25 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 14:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-10 18:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-10 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 18:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 15:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-07 14:46 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-03-07 14:46 --------- d-----w C:\Program Files\BitDefender
2008-02-29 18:44 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-27 10:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-21 22:40 --------- d-----w C:\Program Files\LimeWire
2008-02-21 13:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 12:33 --------- d-----w C:\Documents and Settings\peter\Application Data\Skype
2008-02-20 18:13 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-20 17:09 --------- d-----w C:\Program Files\BitComet
2008-02-11 11:52 --------- d-----w C:\Documents and Settings\peter\Application Data\Slide
2008-02-10 21:30 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-06 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-29 10:08 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pok3d
2008-01-20 01:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
2001-12-19 10:30 174,747 --sha-w C:\WINDOWS\system32\bccdd.ini2
.

((((((((((((((((((((((((((((( snapshot@2008-03-10_16.18.30.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-15 12:05:38 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 12:05:38 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-15 11:16:25 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 11:16:25 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-16 14:12:18 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_590.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\download-boosters\tbdown.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-28 23:37:11 126136]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2007-09-23 03:03:46 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 12:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 20:14:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-16 14:15:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 21:54:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc21.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc21.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Temps d'accomplissement: 2008-03-16 21:55:48
ComboFix-quarantined-files.txt 2008-03-16 20:55:34
ComboFix2.txt 2008-03-16 12:03:59
ComboFix3.txt 2008-03-14 21:09:00
ComboFix4.txt 2008-03-12 12:12:53
ComboFix5.txt 2008-03-10 17:23:13
.
2008-03-11 20:28:09 --- E O F ---
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
18 mars 2008 à 22:43
re,

* Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Standard List of Files/Folders to Move" :

C:\WINDOWS\system32\bccdd.ini2

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

et repost egalement un nouveau hijack this

@+
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
19 mars 2008 à 19:11
voila le premier resultat




C:\WINDOWS\system32\bccdd.ini2 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03172008_184617







et le hijackthis:





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:57, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\peter\Bureau\LOGICIEL 2008\emule\eMule.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-471990195-2333845299-1059634769-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
19 mars 2008 à 19:48
ok pato83,

telecharge malwarebytes

-> http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/anti-malware-sujet_197382_1.htm

tu l´instales, le programme va se mettre a jour automatiquement.

une fois a jour le programme va se lancer, clcik sur l´onglet parametre, tu coche la case : Arreter internet explorer pendant la suppression.

click sur l´onglet recherche maintenant et coche la case : executer un examun complet.

puis click sur rechercher.

laisses le scanner le pc, a la fin un rapport va s´ouvrir copie et colle le ici stp

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
19 mars 2008 à 21:02
le voici:




Malwarebytes' Anti-Malware 1.08
Version de la base de données: 471

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 170057
Temps écoulé: 41 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Ares\tcpip_patcher.sys (Adware.WhenUSave) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mljhgfe.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143457.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ddccaxy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fccbayw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqponk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayxxxv.dll (Trojan.Vundo) -> No action taken.
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
19 mars 2008 à 21:21
re,

peux tu repasser vundofix stp et poster le resultat ici stp

@+
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
19 mars 2008 à 21:22
apres j'ai fait suppression et voila le rapport :




Malwarebytes' Anti-Malware 1.08
Version de la base de données: 471

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 170057
Temps écoulé: 41 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Ares\tcpip_patcher.sys (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mljhgfe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143457.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddccaxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbayw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqponk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxxxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
19 mars 2008 à 21:23
ok cool

peux tu repasser vundofix stp

@+
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
19 mars 2008 à 22:16
VundoFix V7.0.3

Scan started at 21:57:24 17/03/2008

Listing files found while scanning....

No infected files were found.
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
19 mars 2008 à 22:24
ok

peux tu repasser combofix stp et poster le rapport stp

@+
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
19 mars 2008 à 23:47
voilà




ComboFix 08-03-10.1 - peter 2008-03-17 23:39:46.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.920 [GMT 1:00]
Endroit: G:\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
/wow section - STAGE 5
Accès refusé.

/wow section non terminée

((((((((((((((((((((((((((((( Fichiers créés 2008-02-17 to 2008-03-17 ))))))))))))))))))))))))))))))))))))
.

2008-03-17 21:30 . 2008-03-17 21:30 <REP> d-------- C:\VundoFix Backups
2008-03-17 20:07 . 2008-03-17 20:07 <REP> d-------- C:\Documents and Settings\peter\Application Data\Malwarebytes
2008-03-17 20:06 . 2008-03-17 20:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-17 20:06 . 2008-03-17 20:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-15 12:16 . 2008-03-15 12:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-15 12:10 . 2008-03-15 13:07 <REP> d-------- C:\SDFix
2008-03-10 19:00 . 2008-03-10 18:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 19:00 . 2008-03-10 19:00 2,546 --a------ C:\WINDOWS\unins000.dat
2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 14:05 . 2008-03-15 14:25 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 22:23 --------- d-----w C:\Program Files\VideoLAN
2008-03-17 20:18 --------- d-----w C:\Program Files\Ares
2008-03-17 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-16 14:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-10 18:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-10 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 18:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 15:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-07 14:46 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-03-07 14:46 --------- d-----w C:\Program Files\BitDefender
2008-02-29 18:44 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-27 10:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-21 22:40 --------- d-----w C:\Program Files\LimeWire
2008-02-21 13:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 12:33 --------- d-----w C:\Documents and Settings\peter\Application Data\Skype
2008-02-20 18:13 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-20 17:09 --------- d-----w C:\Program Files\BitComet
2008-02-11 11:52 --------- d-----w C:\Documents and Settings\peter\Application Data\Slide
2008-02-10 21:30 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-06 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-29 10:08 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pok3d
2008-01-20 01:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
.

((((((((((((((((((((((((((((( snapshot@2008-03-10_16.18.30.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-15 12:05:38 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 12:05:38 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-15 11:16:25 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 11:16:25 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-16 14:12:18 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_590.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\download-boosters\tbdown.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-28 23:37:11 126136]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2007-09-23 03:03:46 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 12:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-17 22:14:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-17 00:54:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 23:41:38
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Temps d'accomplissement: 2008-03-17 23:42:56
ComboFix-quarantined-files.txt 2008-03-17 22:42:45
ComboFix2.txt 2008-03-16 12:03:59
ComboFix3.txt 2008-03-14 21:09:00
ComboFix4.txt 2008-03-12 12:12:53
ComboFix5.txt 2008-03-10 17:23:13
.
2008-03-16 21:19:44 --- E O F ---
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
20 mars 2008 à 14:09
ok pato83,

passe ce scan en ligne et post le resultat ici stp

Scan en ligne bitdefender :

https://www.bitdefender.com/toolbox/

Clicker sur " I agree " et suivre les indications

A faire imperativement sous internet explorer, en acceptant l´activ x

tutoriel en image en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

@+
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
21 mars 2008 à 00:35
BitDefender Online Scanner







Scan report generated at: Tue, Mar 18, 2008 - 19:32:43









Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;















Statistics

Time


01:45:37

Files


383801

Folders


10971

Boot Sectors


4

Archives


11598

Packed Files


17007







Results

Identified Viruses


37

Infected Files


130

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


130







Engines Info

Virus Definitions


1019476

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


41

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\QooBox\Quarantine\C\VundoFix Backups\3htxv.exe.bad.vir


Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\VundoFix Backups\3htxv.exe.bad.vir


Disinfection failed

C:\QooBox\Quarantine\C\VundoFix Backups\3htxv.exe.bad.vir


Deleted

C:\QooBox\Quarantine\C\VundoFix Backups\54hwr.exe.bad.vir


Infected with: Trojan.Vundo.DZI

C:\QooBox\Quarantine\C\VundoFix Backups\54hwr.exe.bad.vir


Deleted

C:\QooBox\Quarantine\C\VundoFix Backups\55dg.exe.bad.vir


Infected with: Trojan.Vundo.DZA

C:\QooBox\Quarantine\C\VundoFix Backups\55dg.exe.bad.vir


Deleted

C:\QooBox\Quarantine\C\VundoFix Backups\awvvs.dll.bad.vir


Infected with: Trojan.Vundo.DZK

C:\QooBox\Quarantine\C\VundoFix Backups\awvvs.dll.bad.vir


Deleted

C:\QooBox\Quarantine\C\VundoFix Backups\sffajprm.dll.bad.vir


Infected with: Trojan.Vundo.DZV

C:\QooBox\Quarantine\C\VundoFix Backups\sffajprm.dll.bad.vir


Deleted

C:\QooBox\Quarantine\C\VundoFix Backups\vlsvqfyf.dll.bad.vir


Infected with: Trojan.Vundo.DZK

C:\QooBox\Quarantine\C\VundoFix Backups\vlsvqfyf.dll.bad.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005


Detected with: Adware.Navipromo.BYN

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005


Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)


Update failed

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009


Detected with: Adware.SpywareSecure.D

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009


Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)


Update failed

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002


Detected with: Adware.Navipromo.BYN

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002


Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)


Update failed

C:\QooBox\Quarantine\C\WINDOWS\system32\ddayx.dll.vir


Infected with: Trojan.Vundo.EDO

C:\QooBox\Quarantine\C\WINDOWS\system32\ddayx.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\jjycyxha.dll.vir


Infected with: Trojan.Vundo.ECX

C:\QooBox\Quarantine\C\WINDOWS\system32\jjycyxha.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\khffcya.dll.vir


Infected with: Trojan.Vundo.ECN

C:\QooBox\Quarantine\C\WINDOWS\system32\khffcya.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\nnnolkh.dll.vir


Infected with: Trojan.Vundo.ECN

C:\QooBox\Quarantine\C\WINDOWS\system32\nnnolkh.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\qefcrrbx.dll.vir


Infected with: Trojan.Vundo.EDE

C:\QooBox\Quarantine\C\WINDOWS\system32\qefcrrbx.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\rltbrixk.dll.vir


Infected with: Trojan.Vundo.EDF

C:\QooBox\Quarantine\C\WINDOWS\system32\rltbrixk.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\vetutsmf.dll.vir


Infected with: Trojan.Vundo.ECQ

C:\QooBox\Quarantine\C\WINDOWS\system32\vetutsmf.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\vrketcqm.dll.vir


Infected with: Trojan.Vundo.ECX

C:\QooBox\Quarantine\C\WINDOWS\system32\vrketcqm.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\vtuuvwv.dll.vir.vir


Infected with: Trojan.Vundo.ECN

C:\QooBox\Quarantine\C\WINDOWS\system32\vtuuvwv.dll.vir.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\vyrpsoqd.dll.vir


Infected with: Trojan.Vundo.ECZ

C:\QooBox\Quarantine\C\WINDOWS\system32\vyrpsoqd.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\xbuvevot.dll.vir


Infected with: Trojan.Vundo.ECO

C:\QooBox\Quarantine\C\WINDOWS\system32\xbuvevot.dll.vir


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055428.exe


Infected with: Trojan.Hacktool.Patch.A

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055428.exe


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP546\A0081256.dll


Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP546\A0081256.dll


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP546\A0081256.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083682.ini


Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083682.ini


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083682.ini


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083696.exe


Infected with: Trojan.Delf.Inject.F

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083696.exe


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083696.exe


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0084708.dll


Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0084708.dll


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0084708.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0086700.dll


Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0086700.dll


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0086700.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086824.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086824.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086859.dll


Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086859.dll


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086859.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP552\A0086955.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP552\A0086955.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087067.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087067.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087068.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087068.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0089093.dll


Infected with: Trojan.Vundo.DZB

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0089093.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0091175.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0091175.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0092175.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0092175.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093196.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093196.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093197.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093197.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094244.dll


Infected with: Trojan.Vundo.DZA

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094244.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094250.dll


Infected with: Trojan.Vundo.DZI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094250.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094254.dll


Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094254.dll


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094254.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094256.dll


Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094256.dll


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094256.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094259.dll


Infected with: Trojan.Vundo.DZI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094259.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094261.dll


Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094261.dll


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094261.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094262.dll


Infected with: Trojan.Vundo.DZI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094262.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094263.dll


Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094263.dll


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094263.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094264.dll


Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094264.dll


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094264.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094267.dll


Infected with: Trojan.Vundo.DZI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094267.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094272.dll


Infected with: Trojan.Vundo.DZI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094272.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094283.dll


Infected with: Trojan.Vundo.DZI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094283.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094285.dll


Infected with: Trojan.Vundo.DZA

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094285.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094293.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094293.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094294.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094294.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094295.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094295.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094296.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094296.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094297.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094297.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094298.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094298.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094299.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094299.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094300.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094300.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094301.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094301.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094302.dll


Infected with: Trojan.Vundo.DZC

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094302.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094303.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094303.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094304.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094304.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094305.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094305.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094312.dll


Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094312.dll


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094312.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094337.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094337.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094338.dll


Infected with: Trojan.Vundo.DZV

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094338.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094414.exe


Infected with: Trojan.Agent.AHBI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094414.exe


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094414.exe


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP561\A0095393.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP561\A0095393.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP572\A0099193.dll


Infected with: Trojan.Vundo.EBG

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP572\A0099193.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0101227.dll


Infected with: Trojan.Vundo.EBI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0101227.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104226.dll


Infected with: Trojan.Vundo.EBG

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104226.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104228.dll


Infected with: Trojan.Vundo.EBG

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104228.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104229.dll


Infected with: Trojan.Vundo.EAI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104229.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104230.dll


Infected with: Trojan.Vundo.EAI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104230.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104325.dll


Infected with: Trojan.Vundo.EAH

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104325.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104338.dll


Infected with: Trojan.Vundo.EBG

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104338.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0105338.dll


Infected with: Trojan.Vundo.EBH

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0105338.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112464.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112464.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112465.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112465.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112466.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112466.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112467.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112467.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112468.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112468.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112469.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112469.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112470.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112470.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112471.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112471.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112472.dll


Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112472.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112474.dll


Infected with: Trojan.Vundo.EBH

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112474.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0121964.ini


Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0121964.ini


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0121964.ini


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0122964.ini


Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0122964.ini


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0122964.ini


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123017.dll


Infected with: Trojan.Vundo.ECN

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123017.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123018.dll


Infected with: Trojan.Vundo.ECJ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123018.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123019.dll


Infected with: Trojan.Vundo.ECR

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123019.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123090.dll


Infected with: Trojan.Vundo.ECN

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123090.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123092.dll


Infected with: Trojan.Vundo.ECJ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123092.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136083.dll


Infected with: Trojan.Vundo.ECL

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136083.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136084.dll


Infected with: Trojan.Vundo.ECM

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136084.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136086.dll


Infected with: Trojan.Vundo.ECO

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136086.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139730.dll


Infected with: Trojan.Vundo.ECM

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139730.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139774.dll


Infected with: Trojan.Vundo.ECM

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139774.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP594\A0140774.dll


Infected with: Trojan.Vundo.ECM

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP594\A0140774.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141808.dll


Infected with: Trojan.Vundo.ECZ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141808.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141824.dll


Infected with: Trojan.Vundo.ECZ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141824.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141825.dll


Infected with: Trojan.Vundo.ECQ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141825.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141852.exe


Infected with: Trojan.Peed.JAS

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141852.exe


Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141852.exe


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141854.dll


Infected with: Trojan.Vundo.ECM

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141854.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141886.dll


Infected with: Trojan.Vundo.ECL

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141886.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141887.dll


Infected with: Trojan.Vundo.ECL

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141887.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141888.dll


Infected with: Trojan.Vundo.ECL

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141888.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141889.dll


Infected with: Trojan.Vundo.ECL

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141889.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013


Infected with: Trojan.Downloader.Small.BTF

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE


Update failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0142155.exe


Infected with: Trojan.Generic.89688

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0142155.exe


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP596\A0143386.dll


Infected with: Trojan.Vundo.ECS

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP596\A0143386.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143456.dll


Infected with: Trojan.Vundo.ECN

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143456.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143458.dll


Infected with: Trojan.Vundo.ECN

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143458.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143463.dll


Infected with: Trojan.Vundo.EDF

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143463.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143467.dll


Infected with: Trojan.Vundo.ECO

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143467.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143683.dll


Infected with: Trojan.Vundo.ECQ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143683.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143685.dll


Infected with: Trojan.Vundo.ECZ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143685.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143690.dll


Infected with: Trojan.Vundo.EDO

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143690.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143691.dll


Infected with: Trojan.Vundo.ECX

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143691.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143692.dll


Infected with: Trojan.Vundo.EDE

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143692.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143693.dll


Infected with: Trojan.Vundo.ECX

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143693.dll


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP600\A0143866.dll


Infected with: Trojan.Vundo.ECZ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP600\A0143866.dll


Deleted

C:\WINDOWS\system32\exjcshyn.dll


Infected with: Trojan.Vundo.ECQ

C:\WINDOWS\system32\exjcshyn.dll


Deleted

C:\WINDOWS\system32\kohlivox.dll


Infected with: Trojan.Vundo.ECO

C:\WINDOWS\system32\kohlivox.dll


Deleted

C:\WINDOWS\system32\lknnhqlc.dll


Infected with: Trojan.Vundo.ECO

C:\WINDOWS\system32\lknnhqlc.dll


Deleted

C:\WINDOWS\system32\skewdjdc.dll


Infected with: Trojan.Vundo.ECO

C:\WINDOWS\system32\skewdjdc.dll


Deleted

C:\WINDOWS\system32\vkxvwyud.dll


Infected with: Trojan.Vundo.ECO

C:\WINDOWS\system32\vkxvwyud.dll


Deleted

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe


Detected with: Application.Aseye.PH

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe


Disinfection failed

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe


Deleted

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar


Update failed

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe


Detected with: Application.Aseye.BDE

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe


Disinfection failed

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe


Deleted

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar


Update failed

D:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055429.exe


Infected with: Trojan.Hacktool.Patch.A

D:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055429.exe


Deleted
0
^^Marie^^ Messages postés 113926 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 276
21 mars 2008 à 11:36
Coucou
Je prend la relève -- Girly a un soucis matériel

Fais ce qui suit
stp

· Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.(sur un des 2 liens)
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
· Clique sur Recherche et laisse le scan se terminer.
· Clique, sur Suppression pour finaliser.
· Tu peux, si tu le souhaites, te servir des Options facultatives.
· Clique sur Quitter, pour que le rapport puisse se créer.
· Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).


et tu relances Bitdefender

A++

0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
21 mars 2008 à 11:39
MERCI MARIE♥
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
21 mars 2008 à 13:33
bonjour marie je te remercie de m'aider
voilà le resultat du test :




-->- Recherche:

C:\SDFIX: trouvé !
C:\Combofix: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\peter\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\peter\Bureau\LOGICIEL 2008\HJTInstall.exe: trouvé !
C:\Documents and Settings\peter\Recent\HijackThis.lnk: trouvé !
C:\Downloads\vundoFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
C:\QooBox\Quarantine\C\Vundofix backups: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\peter\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\peter\Bureau\LOGICIEL 2008\HJTInstall.exe: supprimé !
C:\Documents and Settings\peter\Recent\HijackThis.lnk: supprimé !
C:\Downloads\vundoFix.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\SDFIX: supprimé !
C:\Combofix: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
^^Marie^^ Messages postés 113926 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 276
21 mars 2008 à 13:52
OK

relances Bitdefender
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
22 mars 2008 à 15:11
voila le resultat de bitdefender:





BitDefender Online Scanner







Scan report generated at: Wed, Mar 19, 2008 - 18:33:20









Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;















Statistics

Time


01:47:33

Files


387998

Folders


10942

Boot Sectors


4

Archives


11600

Packed Files


17563







Results

Identified Viruses


3

Infected Files


3

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


3







Engines Info

Virus Definitions


1021171

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


41

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013


Infected with: Trojan.Downloader.Small.BTF

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013


Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE


Update failed

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe


Detected with: Application.Aseye.PH

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe


Disinfection failed

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe


Deleted

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar


Update failed

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe


Detected with: Application.Aseye.BDE

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe


Disinfection failed

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe


Deleted

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar


Update failed
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
23 mars 2008 à 16:00
Merci ;-)
0
^^Marie^^ Messages postés 113926 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 276
23 mars 2008 à 16:01
COucou

de rien


Pas mal de ""krak"" kan mm ;;;))

0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
23 mars 2008 à 16:04
Oui ce pato83,

A fait le plein de crack, j´explique pas la redescente LOL
0