Attack virus virtumonde - Page 2

Précédent
  • 1
  • 2
Réponse 21 / 40
pato83 Messages postés 23 Statut Membre
 
voila le resultat sans qu'il est redemarré:

ComboFix 08-03-10.1 - peter 2008-03-16 21:51:37.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1165 [GMT 1:00]
Endroit: G:\ComboFix.exe
Command switches used :: G:\CFScript.txt..txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp
.
/wow section - STAGE 7
/wow section non terminée

((((((((((((((((((((((((((((( Fichiers créés 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))))))))
.

2008-03-15 12:16 . 2008-03-15 12:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-15 12:10 . 2008-03-15 13:07 <REP> d-------- C:\SDFix
2008-03-10 19:00 . 2008-03-10 18:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 19:00 . 2008-03-10 19:00 2,546 --a------ C:\WINDOWS\unins000.dat
2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 14:05 . 2008-03-15 14:25 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 14:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-10 18:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-10 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 18:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 15:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-07 14:46 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-03-07 14:46 --------- d-----w C:\Program Files\BitDefender
2008-02-29 18:44 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-27 10:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-21 22:40 --------- d-----w C:\Program Files\LimeWire
2008-02-21 13:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 12:33 --------- d-----w C:\Documents and Settings\peter\Application Data\Skype
2008-02-20 18:13 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-20 17:09 --------- d-----w C:\Program Files\BitComet
2008-02-11 11:52 --------- d-----w C:\Documents and Settings\peter\Application Data\Slide
2008-02-10 21:30 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-06 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-29 10:08 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pok3d
2008-01-20 01:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
2001-12-19 10:30 174,747 --sha-w C:\WINDOWS\system32\bccdd.ini2
.

((((((((((((((((((((((((((((( snapshot@2008-03-10_16.18.30.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-15 12:05:38 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 12:05:38 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-15 11:16:25 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 11:16:25 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-16 14:12:18 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_590.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\download-boosters\tbdown.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-28 23:37:11 126136]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2007-09-23 03:03:46 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 12:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 20:14:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-16 14:15:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 21:54:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc21.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc21.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Temps d'accomplissement: 2008-03-16 21:55:48
ComboFix-quarantined-files.txt 2008-03-16 20:55:34
ComboFix2.txt 2008-03-16 12:03:59
ComboFix3.txt 2008-03-14 21:09:00
ComboFix4.txt 2008-03-12 12:12:53
ComboFix5.txt 2008-03-10 17:23:13
.
2008-03-11 20:28:09 --- E O F ---
0
Réponse 22 / 40
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

* Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Standard List of Files/Folders to Move" :

C:\WINDOWS\system32\bccdd.ini2

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

et repost egalement un nouveau hijack this

@+
0
Réponse 23 / 40
pato83 Messages postés 23 Statut Membre
 
voila le premier resultat

C:\WINDOWS\system32\bccdd.ini2 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03172008_184617

et le hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:57, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\peter\Bureau\LOGICIEL 2008\emule\eMule.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-471990195-2333845299-1059634769-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 24 / 40
g!rly Messages postés 18462 Statut Contributeur 406
 
ok pato83,

telecharge malwarebytes

-> http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/anti-malware-sujet_197382_1.htm

tu l´instales, le programme va se mettre a jour automatiquement.

une fois a jour le programme va se lancer, clcik sur l´onglet parametre, tu coche la case : Arreter internet explorer pendant la suppression.

click sur l´onglet recherche maintenant et coche la case : executer un examun complet.

puis click sur rechercher.

laisses le scanner le pc, a la fin un rapport va s´ouvrir copie et colle le ici stp

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 40
pato83 Messages postés 23 Statut Membre
 
le voici:

Malwarebytes' Anti-Malware 1.08
Version de la base de données: 471

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 170057
Temps écoulé: 41 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Ares\tcpip_patcher.sys (Adware.WhenUSave) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mljhgfe.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143457.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ddccaxy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fccbayw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqponk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayxxxv.dll (Trojan.Vundo) -> No action taken.
0
Réponse 26 / 40
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

peux tu repasser vundofix stp et poster le resultat ici stp

@+
0
Réponse 27 / 40
pato83 Messages postés 23 Statut Membre
 
apres j'ai fait suppression et voila le rapport :

Malwarebytes' Anti-Malware 1.08
Version de la base de données: 471

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 170057
Temps écoulé: 41 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Ares\tcpip_patcher.sys (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mljhgfe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143457.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddccaxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbayw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqponk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxxxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
0
Réponse 28 / 40
g!rly Messages postés 18462 Statut Contributeur 406
 
ok cool

peux tu repasser vundofix stp

@+
0
Réponse 29 / 40
pato83 Messages postés 23 Statut Membre
 
VundoFix V7.0.3

Scan started at 21:57:24 17/03/2008

Listing files found while scanning....

No infected files were found.
0
Réponse 30 / 40
g!rly Messages postés 18462 Statut Contributeur 406
 
ok

peux tu repasser combofix stp et poster le rapport stp

@+
0
Réponse 31 / 40
pato83 Messages postés 23 Statut Membre
 
voilà

ComboFix 08-03-10.1 - peter 2008-03-17 23:39:46.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.920 [GMT 1:00]
Endroit: G:\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
/wow section - STAGE 5
Accès refusé.

/wow section non terminée

((((((((((((((((((((((((((((( Fichiers créés 2008-02-17 to 2008-03-17 ))))))))))))))))))))))))))))))))))))
.

2008-03-17 21:30 . 2008-03-17 21:30 <REP> d-------- C:\VundoFix Backups
2008-03-17 20:07 . 2008-03-17 20:07 <REP> d-------- C:\Documents and Settings\peter\Application Data\Malwarebytes
2008-03-17 20:06 . 2008-03-17 20:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-17 20:06 . 2008-03-17 20:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-15 12:16 . 2008-03-15 12:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-15 12:10 . 2008-03-15 13:07 <REP> d-------- C:\SDFix
2008-03-10 19:00 . 2008-03-10 18:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 19:00 . 2008-03-10 19:00 2,546 --a------ C:\WINDOWS\unins000.dat
2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 14:05 . 2008-03-15 14:25 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 22:23 --------- d-----w C:\Program Files\VideoLAN
2008-03-17 20:18 --------- d-----w C:\Program Files\Ares
2008-03-17 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-16 14:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-10 18:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-10 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 18:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 15:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-07 14:46 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-03-07 14:46 --------- d-----w C:\Program Files\BitDefender
2008-02-29 18:44 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-27 10:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-21 22:40 --------- d-----w C:\Program Files\LimeWire
2008-02-21 13:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 12:33 --------- d-----w C:\Documents and Settings\peter\Application Data\Skype
2008-02-20 18:13 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-20 17:09 --------- d-----w C:\Program Files\BitComet
2008-02-11 11:52 --------- d-----w C:\Documents and Settings\peter\Application Data\Slide
2008-02-10 21:30 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-06 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-29 10:08 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pok3d
2008-01-20 01:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
.

((((((((((((((((((((((((((((( snapshot@2008-03-10_16.18.30.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-15 12:05:38 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 12:05:38 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-15 11:16:25 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 11:16:25 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-16 14:12:18 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_590.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\download-boosters\tbdown.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-28 23:37:11 126136]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2007-09-23 03:03:46 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 12:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-17 22:14:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-17 00:54:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 23:41:38
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Temps d'accomplissement: 2008-03-17 23:42:56
ComboFix-quarantined-files.txt 2008-03-17 22:42:45
ComboFix2.txt 2008-03-16 12:03:59
ComboFix3.txt 2008-03-14 21:09:00
ComboFix4.txt 2008-03-12 12:12:53
ComboFix5.txt 2008-03-10 17:23:13
.
2008-03-16 21:19:44 --- E O F ---
0
Réponse 32 / 40
g!rly Messages postés 18462 Statut Contributeur 406
 
ok pato83,

passe ce scan en ligne et post le resultat ici stp

Scan en ligne bitdefender :

https://www.bitdefender.com/toolbox/

Clicker sur " I agree " et suivre les indications

A faire imperativement sous internet explorer, en acceptant l´activ x

tutoriel en image en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

@+
0
Réponse 33 / 40
pato83 Messages postés 23 Statut Membre
 
BitDefender Online Scanner

Scan report generated at: Tue, Mar 18, 2008 - 19:32:43

Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

Statistics

Time

01:45:37

Files

383801

Folders

10971

Boot Sectors

4

Archives

11598

Packed Files

17007

Results

Identified Viruses

37

Infected Files

130

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

130

Engines Info

Virus Definitions

1019476

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

16

Archive plugins

41

Unpack plugins

7

E-mail plugins

6

System plugins

5

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\QooBox\Quarantine\C\VundoFix Backups\3htxv.exe.bad.vir

Infected with: Trojan.Vundo.Gen.2

C:\QooBox\Quarantine\C\VundoFix Backups\3htxv.exe.bad.vir

Disinfection failed

C:\QooBox\Quarantine\C\VundoFix Backups\3htxv.exe.bad.vir

Deleted

C:\QooBox\Quarantine\C\VundoFix Backups\54hwr.exe.bad.vir

Infected with: Trojan.Vundo.DZI

C:\QooBox\Quarantine\C\VundoFix Backups\54hwr.exe.bad.vir

Deleted

C:\QooBox\Quarantine\C\VundoFix Backups\55dg.exe.bad.vir

Infected with: Trojan.Vundo.DZA

C:\QooBox\Quarantine\C\VundoFix Backups\55dg.exe.bad.vir

Deleted

C:\QooBox\Quarantine\C\VundoFix Backups\awvvs.dll.bad.vir

Infected with: Trojan.Vundo.DZK

C:\QooBox\Quarantine\C\VundoFix Backups\awvvs.dll.bad.vir

Deleted

C:\QooBox\Quarantine\C\VundoFix Backups\sffajprm.dll.bad.vir

Infected with: Trojan.Vundo.DZV

C:\QooBox\Quarantine\C\VundoFix Backups\sffajprm.dll.bad.vir

Deleted

C:\QooBox\Quarantine\C\VundoFix Backups\vlsvqfyf.dll.bad.vir

Infected with: Trojan.Vundo.DZK

C:\QooBox\Quarantine\C\VundoFix Backups\vlsvqfyf.dll.bad.vir

Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005

Detected with: Adware.Navipromo.BYN

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005

Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)

Update failed

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009

Detected with: Adware.SpywareSecure.D

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009

Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)

Update failed

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002

Detected with: Adware.Navipromo.BYN

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002

Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)

Update failed

C:\QooBox\Quarantine\C\WINDOWS\system32\ddayx.dll.vir

Infected with: Trojan.Vundo.EDO

C:\QooBox\Quarantine\C\WINDOWS\system32\ddayx.dll.vir

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\jjycyxha.dll.vir

Infected with: Trojan.Vundo.ECX

C:\QooBox\Quarantine\C\WINDOWS\system32\jjycyxha.dll.vir

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\khffcya.dll.vir

Infected with: Trojan.Vundo.ECN

C:\QooBox\Quarantine\C\WINDOWS\system32\khffcya.dll.vir

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\nnnolkh.dll.vir

Infected with: Trojan.Vundo.ECN

C:\QooBox\Quarantine\C\WINDOWS\system32\nnnolkh.dll.vir

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\qefcrrbx.dll.vir

Infected with: Trojan.Vundo.EDE

C:\QooBox\Quarantine\C\WINDOWS\system32\qefcrrbx.dll.vir

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\rltbrixk.dll.vir

Infected with: Trojan.Vundo.EDF

C:\QooBox\Quarantine\C\WINDOWS\system32\rltbrixk.dll.vir

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\vetutsmf.dll.vir

Infected with: Trojan.Vundo.ECQ

C:\QooBox\Quarantine\C\WINDOWS\system32\vetutsmf.dll.vir

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\vrketcqm.dll.vir

Infected with: Trojan.Vundo.ECX

C:\QooBox\Quarantine\C\WINDOWS\system32\vrketcqm.dll.vir

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\vtuuvwv.dll.vir.vir

Infected with: Trojan.Vundo.ECN

C:\QooBox\Quarantine\C\WINDOWS\system32\vtuuvwv.dll.vir.vir

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\vyrpsoqd.dll.vir

Infected with: Trojan.Vundo.ECZ

C:\QooBox\Quarantine\C\WINDOWS\system32\vyrpsoqd.dll.vir

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\xbuvevot.dll.vir

Infected with: Trojan.Vundo.ECO

C:\QooBox\Quarantine\C\WINDOWS\system32\xbuvevot.dll.vir

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055428.exe

Infected with: Trojan.Hacktool.Patch.A

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055428.exe

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP546\A0081256.dll

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP546\A0081256.dll

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP546\A0081256.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083682.ini

Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083682.ini

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083682.ini

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083696.exe

Infected with: Trojan.Delf.Inject.F

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083696.exe

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083696.exe

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0084708.dll

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0084708.dll

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0084708.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0086700.dll

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0086700.dll

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0086700.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086824.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086824.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086859.dll

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086859.dll

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086859.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP552\A0086955.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP552\A0086955.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087067.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087067.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087068.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087068.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0089093.dll

Infected with: Trojan.Vundo.DZB

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0089093.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0091175.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0091175.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0092175.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0092175.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093196.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093196.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093197.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093197.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094244.dll

Infected with: Trojan.Vundo.DZA

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094244.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094250.dll

Infected with: Trojan.Vundo.DZI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094250.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094254.dll

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094254.dll

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094254.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094256.dll

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094256.dll

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094256.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094259.dll

Infected with: Trojan.Vundo.DZI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094259.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094261.dll

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094261.dll

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094261.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094262.dll

Infected with: Trojan.Vundo.DZI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094262.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094263.dll

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094263.dll

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094263.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094264.dll

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094264.dll

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094264.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094267.dll

Infected with: Trojan.Vundo.DZI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094267.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094272.dll

Infected with: Trojan.Vundo.DZI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094272.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094283.dll

Infected with: Trojan.Vundo.DZI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094283.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094285.dll

Infected with: Trojan.Vundo.DZA

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094285.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094293.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094293.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094294.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094294.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094295.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094295.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094296.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094296.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094297.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094297.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094298.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094298.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094299.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094299.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094300.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094300.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094301.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094301.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094302.dll

Infected with: Trojan.Vundo.DZC

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094302.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094303.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094303.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094304.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094304.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094305.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094305.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094312.dll

Infected with: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094312.dll

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094312.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094337.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094337.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094338.dll

Infected with: Trojan.Vundo.DZV

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094338.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094414.exe

Infected with: Trojan.Agent.AHBI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094414.exe

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094414.exe

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP561\A0095393.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP561\A0095393.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP572\A0099193.dll

Infected with: Trojan.Vundo.EBG

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP572\A0099193.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0101227.dll

Infected with: Trojan.Vundo.EBI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0101227.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104226.dll

Infected with: Trojan.Vundo.EBG

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104226.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104228.dll

Infected with: Trojan.Vundo.EBG

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104228.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104229.dll

Infected with: Trojan.Vundo.EAI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104229.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104230.dll

Infected with: Trojan.Vundo.EAI

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104230.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104325.dll

Infected with: Trojan.Vundo.EAH

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104325.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104338.dll

Infected with: Trojan.Vundo.EBG

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104338.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0105338.dll

Infected with: Trojan.Vundo.EBH

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0105338.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112464.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112464.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112465.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112465.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112466.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112466.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112467.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112467.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112468.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112468.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112469.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112469.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112470.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112470.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112471.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112471.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112472.dll

Infected with: Trojan.Vundo.DZK

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112472.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112474.dll

Infected with: Trojan.Vundo.EBH

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112474.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0121964.ini

Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0121964.ini

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0121964.ini

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0122964.ini

Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0122964.ini

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0122964.ini

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123017.dll

Infected with: Trojan.Vundo.ECN

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123017.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123018.dll

Infected with: Trojan.Vundo.ECJ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123018.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123019.dll

Infected with: Trojan.Vundo.ECR

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123019.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123090.dll

Infected with: Trojan.Vundo.ECN

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123090.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123092.dll

Infected with: Trojan.Vundo.ECJ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123092.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136083.dll

Infected with: Trojan.Vundo.ECL

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136083.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136084.dll

Infected with: Trojan.Vundo.ECM

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136084.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136086.dll

Infected with: Trojan.Vundo.ECO

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136086.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139730.dll

Infected with: Trojan.Vundo.ECM

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139730.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139774.dll

Infected with: Trojan.Vundo.ECM

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139774.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP594\A0140774.dll

Infected with: Trojan.Vundo.ECM

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP594\A0140774.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141808.dll

Infected with: Trojan.Vundo.ECZ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141808.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141824.dll

Infected with: Trojan.Vundo.ECZ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141824.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141825.dll

Infected with: Trojan.Vundo.ECQ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141825.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141852.exe

Infected with: Trojan.Peed.JAS

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141852.exe

Disinfection failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141852.exe

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141854.dll

Infected with: Trojan.Vundo.ECM

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141854.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141886.dll

Infected with: Trojan.Vundo.ECL

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141886.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141887.dll

Infected with: Trojan.Vundo.ECL

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141887.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141888.dll

Infected with: Trojan.Vundo.ECL

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141888.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141889.dll

Infected with: Trojan.Vundo.ECL

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141889.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013

Infected with: Trojan.Downloader.Small.BTF

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE

Update failed

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0142155.exe

Infected with: Trojan.Generic.89688

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0142155.exe

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP596\A0143386.dll

Infected with: Trojan.Vundo.ECS

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP596\A0143386.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143456.dll

Infected with: Trojan.Vundo.ECN

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143456.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143458.dll

Infected with: Trojan.Vundo.ECN

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143458.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143463.dll

Infected with: Trojan.Vundo.EDF

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143463.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143467.dll

Infected with: Trojan.Vundo.ECO

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143467.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143683.dll

Infected with: Trojan.Vundo.ECQ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143683.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143685.dll

Infected with: Trojan.Vundo.ECZ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143685.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143690.dll

Infected with: Trojan.Vundo.EDO

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143690.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143691.dll

Infected with: Trojan.Vundo.ECX

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143691.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143692.dll

Infected with: Trojan.Vundo.EDE

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143692.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143693.dll

Infected with: Trojan.Vundo.ECX

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143693.dll

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP600\A0143866.dll

Infected with: Trojan.Vundo.ECZ

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP600\A0143866.dll

Deleted

C:\WINDOWS\system32\exjcshyn.dll

Infected with: Trojan.Vundo.ECQ

C:\WINDOWS\system32\exjcshyn.dll

Deleted

C:\WINDOWS\system32\kohlivox.dll

Infected with: Trojan.Vundo.ECO

C:\WINDOWS\system32\kohlivox.dll

Deleted

C:\WINDOWS\system32\lknnhqlc.dll

Infected with: Trojan.Vundo.ECO

C:\WINDOWS\system32\lknnhqlc.dll

Deleted

C:\WINDOWS\system32\skewdjdc.dll

Infected with: Trojan.Vundo.ECO

C:\WINDOWS\system32\skewdjdc.dll

Deleted

C:\WINDOWS\system32\vkxvwyud.dll

Infected with: Trojan.Vundo.ECO

C:\WINDOWS\system32\vkxvwyud.dll

Deleted

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe

Detected with: Application.Aseye.PH

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe

Disinfection failed

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe

Deleted

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar

Update failed

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe

Detected with: Application.Aseye.BDE

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe

Disinfection failed

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe

Deleted

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar

Update failed

D:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055429.exe

Infected with: Trojan.Hacktool.Patch.A

D:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055429.exe

Deleted
0
Réponse 34 / 40
^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Coucou
Je prend la relève -- Girly a un soucis matériel

Fais ce qui suit
stp

· Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.(sur un des 2 liens)
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
· Clique sur Recherche et laisse le scan se terminer.
· Clique, sur Suppression pour finaliser.
· Tu peux, si tu le souhaites, te servir des Options facultatives.
· Clique sur Quitter, pour que le rapport puisse se créer.
· Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

et tu relances Bitdefender

A++

0
Réponse 35 / 40
g!rly Messages postés 18462 Statut Contributeur 406
 
MERCI MARIE♥
0
Réponse 36 / 40
pato83 Messages postés 23 Statut Membre
 
bonjour marie je te remercie de m'aider
voilà le resultat du test :

-->- Recherche:

C:\SDFIX: trouvé !
C:\Combofix: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\peter\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\peter\Bureau\LOGICIEL 2008\HJTInstall.exe: trouvé !
C:\Documents and Settings\peter\Recent\HijackThis.lnk: trouvé !
C:\Downloads\vundoFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
C:\QooBox\Quarantine\C\Vundofix backups: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\peter\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\peter\Bureau\LOGICIEL 2008\HJTInstall.exe: supprimé !
C:\Documents and Settings\peter\Recent\HijackThis.lnk: supprimé !
C:\Downloads\vundoFix.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\SDFIX: supprimé !
C:\Combofix: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 37 / 40
^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 279
 
OK

relances Bitdefender
0
Réponse 38 / 40
pato83 Messages postés 23 Statut Membre
 
voila le resultat de bitdefender:

BitDefender Online Scanner

Scan report generated at: Wed, Mar 19, 2008 - 18:33:20

Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

Statistics

Time

01:47:33

Files

387998

Folders

10942

Boot Sectors

4

Archives

11600

Packed Files

17563

Results

Identified Viruses

3

Infected Files

3

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

3

Engines Info

Virus Definitions

1021171

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

16

Archive plugins

41

Unpack plugins

7

E-mail plugins

6

System plugins

5

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013

Infected with: Trojan.Downloader.Small.BTF

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013

Deleted

C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE

Update failed

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe

Detected with: Application.Aseye.PH

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe

Disinfection failed

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe

Deleted

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar

Update failed

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe

Detected with: Application.Aseye.BDE

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe

Disinfection failed

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe

Deleted

D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar

Update failed
0
Réponse 39 / 40
g!rly Messages postés 18462 Statut Contributeur 406
 
Merci ;-)
0
^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 279
 
COucou

de rien


Pas mal de ""krak"" kan mm ;;;))

0
Réponse 40 / 40
g!rly Messages postés 18462 Statut Contributeur 406
 
Oui ce pato83,

A fait le plein de crack, j´explique pas la redescente LOL
0
Précédent
  • 1
  • 2

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
Site pour regarder animé sans virus
ShaylahScarlet -
bendrop -

1 réponse