Attack virus virtumonde
Fermé
pato83
Messages postés
23
Date d'inscription
lundi 10 mars 2008
Statut
Membre
Dernière intervention
12 novembre 2009
-
12 mars 2008 à 15:45
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 23 mars 2008 à 16:04
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 23 mars 2008 à 16:04
A voir également:
- Attack virus virtumonde
- Tinyurl virus - Forum Virus / Sécurité
- Svchost.exe virus - Guide
- Tlauncher virus ✓ - Forum Jeux vidéo
- Softonic virus - Forum Virus / Sécurité
- 6 proccesus svchost.exe Virus? ✓ - Forum Virus / Sécurité
40 réponses
pato83
Messages postés
23
Date d'inscription
lundi 10 mars 2008
Statut
Membre
Dernière intervention
12 novembre 2009
18 mars 2008 à 22:23
18 mars 2008 à 22:23
voila le resultat sans qu'il est redemarré:
ComboFix 08-03-10.1 - peter 2008-03-16 21:51:37.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1165 [GMT 1:00]
Endroit: G:\ComboFix.exe
Command switches used :: G:\CFScript.txt..txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp
.
/wow section - STAGE 7
/wow section non terminée
((((((((((((((((((((((((((((( Fichiers créés 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))))))))
.
2008-03-15 12:16 . 2008-03-15 12:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-15 12:10 . 2008-03-15 13:07 <REP> d-------- C:\SDFix
2008-03-10 19:00 . 2008-03-10 18:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 19:00 . 2008-03-10 19:00 2,546 --a------ C:\WINDOWS\unins000.dat
2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 14:05 . 2008-03-15 14:25 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 14:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-10 18:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-10 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 18:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 15:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-07 14:46 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-03-07 14:46 --------- d-----w C:\Program Files\BitDefender
2008-02-29 18:44 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-27 10:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-21 22:40 --------- d-----w C:\Program Files\LimeWire
2008-02-21 13:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 12:33 --------- d-----w C:\Documents and Settings\peter\Application Data\Skype
2008-02-20 18:13 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-20 17:09 --------- d-----w C:\Program Files\BitComet
2008-02-11 11:52 --------- d-----w C:\Documents and Settings\peter\Application Data\Slide
2008-02-10 21:30 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-06 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-29 10:08 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pok3d
2008-01-20 01:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
2001-12-19 10:30 174,747 --sha-w C:\WINDOWS\system32\bccdd.ini2
.
((((((((((((((((((((((((((((( snapshot@2008-03-10_16.18.30.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-15 12:05:38 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 12:05:38 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-15 11:16:25 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 11:16:25 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-16 14:12:18 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_590.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\download-boosters\tbdown.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]
[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]
[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-28 23:37:11 126136]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2007-09-23 03:03:46 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 12:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 20:14:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-16 14:15:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 21:54:19
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Temps d'accomplissement: 2008-03-16 21:55:48
ComboFix-quarantined-files.txt 2008-03-16 20:55:34
ComboFix2.txt 2008-03-16 12:03:59
ComboFix3.txt 2008-03-14 21:09:00
ComboFix4.txt 2008-03-12 12:12:53
ComboFix5.txt 2008-03-10 17:23:13
.
2008-03-11 20:28:09 --- E O F ---
ComboFix 08-03-10.1 - peter 2008-03-16 21:51:37.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1165 [GMT 1:00]
Endroit: G:\ComboFix.exe
Command switches used :: G:\CFScript.txt..txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp
.
/wow section - STAGE 7
/wow section non terminée
((((((((((((((((((((((((((((( Fichiers créés 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))))))))
.
2008-03-15 12:16 . 2008-03-15 12:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-15 12:10 . 2008-03-15 13:07 <REP> d-------- C:\SDFix
2008-03-10 19:00 . 2008-03-10 18:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 19:00 . 2008-03-10 19:00 2,546 --a------ C:\WINDOWS\unins000.dat
2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 14:05 . 2008-03-15 14:25 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 14:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-10 18:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-10 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 18:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 15:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-07 14:46 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-03-07 14:46 --------- d-----w C:\Program Files\BitDefender
2008-02-29 18:44 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-27 10:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-21 22:40 --------- d-----w C:\Program Files\LimeWire
2008-02-21 13:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 12:33 --------- d-----w C:\Documents and Settings\peter\Application Data\Skype
2008-02-20 18:13 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-20 17:09 --------- d-----w C:\Program Files\BitComet
2008-02-11 11:52 --------- d-----w C:\Documents and Settings\peter\Application Data\Slide
2008-02-10 21:30 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-06 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-29 10:08 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pok3d
2008-01-20 01:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
2001-12-19 10:30 174,747 --sha-w C:\WINDOWS\system32\bccdd.ini2
.
((((((((((((((((((((((((((((( snapshot@2008-03-10_16.18.30.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-15 12:05:38 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 12:05:38 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-15 11:16:25 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 11:16:25 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-16 14:12:18 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_590.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\download-boosters\tbdown.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]
[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]
[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-28 23:37:11 126136]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2007-09-23 03:03:46 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 12:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 20:14:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-16 14:15:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 21:54:19
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Temps d'accomplissement: 2008-03-16 21:55:48
ComboFix-quarantined-files.txt 2008-03-16 20:55:34
ComboFix2.txt 2008-03-16 12:03:59
ComboFix3.txt 2008-03-14 21:09:00
ComboFix4.txt 2008-03-12 12:12:53
ComboFix5.txt 2008-03-10 17:23:13
.
2008-03-11 20:28:09 --- E O F ---
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
18 mars 2008 à 22:43
18 mars 2008 à 22:43
re,
* Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Standard List of Files/Folders to Move" :
C:\WINDOWS\system32\bccdd.ini2
* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.
et repost egalement un nouveau hijack this
@+
* Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Standard List of Files/Folders to Move" :
C:\WINDOWS\system32\bccdd.ini2
* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.
et repost egalement un nouveau hijack this
@+
pato83
Messages postés
23
Date d'inscription
lundi 10 mars 2008
Statut
Membre
Dernière intervention
12 novembre 2009
19 mars 2008 à 19:11
19 mars 2008 à 19:11
voila le premier resultat
C:\WINDOWS\system32\bccdd.ini2 moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03172008_184617
et le hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:57, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\peter\Bureau\LOGICIEL 2008\emule\eMule.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-471990195-2333845299-1059634769-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\bccdd.ini2 moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03172008_184617
et le hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:57, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\peter\Bureau\LOGICIEL 2008\emule\eMule.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-471990195-2333845299-1059634769-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
19 mars 2008 à 19:48
19 mars 2008 à 19:48
ok pato83,
telecharge malwarebytes
-> http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/anti-malware-sujet_197382_1.htm
tu l´instales, le programme va se mettre a jour automatiquement.
une fois a jour le programme va se lancer, clcik sur l´onglet parametre, tu coche la case : Arreter internet explorer pendant la suppression.
click sur l´onglet recherche maintenant et coche la case : executer un examun complet.
puis click sur rechercher.
laisses le scanner le pc, a la fin un rapport va s´ouvrir copie et colle le ici stp
@+
telecharge malwarebytes
-> http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/anti-malware-sujet_197382_1.htm
tu l´instales, le programme va se mettre a jour automatiquement.
une fois a jour le programme va se lancer, clcik sur l´onglet parametre, tu coche la case : Arreter internet explorer pendant la suppression.
click sur l´onglet recherche maintenant et coche la case : executer un examun complet.
puis click sur rechercher.
laisses le scanner le pc, a la fin un rapport va s´ouvrir copie et colle le ici stp
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
pato83
Messages postés
23
Date d'inscription
lundi 10 mars 2008
Statut
Membre
Dernière intervention
12 novembre 2009
19 mars 2008 à 21:02
19 mars 2008 à 21:02
le voici:
Malwarebytes' Anti-Malware 1.08
Version de la base de données: 471
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 170057
Temps écoulé: 41 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Program Files\Ares\tcpip_patcher.sys (Adware.WhenUSave) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mljhgfe.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143457.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ddccaxy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fccbayw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqponk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayxxxv.dll (Trojan.Vundo) -> No action taken.
Malwarebytes' Anti-Malware 1.08
Version de la base de données: 471
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 170057
Temps écoulé: 41 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Program Files\Ares\tcpip_patcher.sys (Adware.WhenUSave) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mljhgfe.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143457.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ddccaxy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fccbayw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqponk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayxxxv.dll (Trojan.Vundo) -> No action taken.
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
19 mars 2008 à 21:21
19 mars 2008 à 21:21
re,
peux tu repasser vundofix stp et poster le resultat ici stp
@+
peux tu repasser vundofix stp et poster le resultat ici stp
@+
pato83
Messages postés
23
Date d'inscription
lundi 10 mars 2008
Statut
Membre
Dernière intervention
12 novembre 2009
19 mars 2008 à 21:22
19 mars 2008 à 21:22
apres j'ai fait suppression et voila le rapport :
Malwarebytes' Anti-Malware 1.08
Version de la base de données: 471
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 170057
Temps écoulé: 41 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Program Files\Ares\tcpip_patcher.sys (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mljhgfe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143457.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddccaxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbayw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqponk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxxxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.08
Version de la base de données: 471
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 170057
Temps écoulé: 41 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Program Files\Ares\tcpip_patcher.sys (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mljhgfe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143457.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddccaxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbayw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqponk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxxxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
19 mars 2008 à 21:23
19 mars 2008 à 21:23
ok cool
peux tu repasser vundofix stp
@+
peux tu repasser vundofix stp
@+
pato83
Messages postés
23
Date d'inscription
lundi 10 mars 2008
Statut
Membre
Dernière intervention
12 novembre 2009
19 mars 2008 à 22:16
19 mars 2008 à 22:16
VundoFix V7.0.3
Scan started at 21:57:24 17/03/2008
Listing files found while scanning....
No infected files were found.
Scan started at 21:57:24 17/03/2008
Listing files found while scanning....
No infected files were found.
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
19 mars 2008 à 22:24
19 mars 2008 à 22:24
ok
peux tu repasser combofix stp et poster le rapport stp
@+
peux tu repasser combofix stp et poster le rapport stp
@+
pato83
Messages postés
23
Date d'inscription
lundi 10 mars 2008
Statut
Membre
Dernière intervention
12 novembre 2009
19 mars 2008 à 23:47
19 mars 2008 à 23:47
voilà
ComboFix 08-03-10.1 - peter 2008-03-17 23:39:46.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.920 [GMT 1:00]
Endroit: G:\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
/wow section - STAGE 5
Accès refusé.
/wow section non terminée
((((((((((((((((((((((((((((( Fichiers créés 2008-02-17 to 2008-03-17 ))))))))))))))))))))))))))))))))))))
.
2008-03-17 21:30 . 2008-03-17 21:30 <REP> d-------- C:\VundoFix Backups
2008-03-17 20:07 . 2008-03-17 20:07 <REP> d-------- C:\Documents and Settings\peter\Application Data\Malwarebytes
2008-03-17 20:06 . 2008-03-17 20:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-17 20:06 . 2008-03-17 20:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-15 12:16 . 2008-03-15 12:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-15 12:10 . 2008-03-15 13:07 <REP> d-------- C:\SDFix
2008-03-10 19:00 . 2008-03-10 18:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 19:00 . 2008-03-10 19:00 2,546 --a------ C:\WINDOWS\unins000.dat
2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 14:05 . 2008-03-15 14:25 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 22:23 --------- d-----w C:\Program Files\VideoLAN
2008-03-17 20:18 --------- d-----w C:\Program Files\Ares
2008-03-17 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-16 14:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-10 18:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-10 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 18:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 15:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-07 14:46 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-03-07 14:46 --------- d-----w C:\Program Files\BitDefender
2008-02-29 18:44 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-27 10:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-21 22:40 --------- d-----w C:\Program Files\LimeWire
2008-02-21 13:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 12:33 --------- d-----w C:\Documents and Settings\peter\Application Data\Skype
2008-02-20 18:13 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-20 17:09 --------- d-----w C:\Program Files\BitComet
2008-02-11 11:52 --------- d-----w C:\Documents and Settings\peter\Application Data\Slide
2008-02-10 21:30 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-06 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-29 10:08 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pok3d
2008-01-20 01:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
.
((((((((((((((((((((((((((((( snapshot@2008-03-10_16.18.30.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-15 12:05:38 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 12:05:38 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-15 11:16:25 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 11:16:25 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-16 14:12:18 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_590.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\download-boosters\tbdown.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]
[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]
[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-28 23:37:11 126136]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2007-09-23 03:03:46 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 12:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-17 22:14:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-17 00:54:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 23:41:38
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Temps d'accomplissement: 2008-03-17 23:42:56
ComboFix-quarantined-files.txt 2008-03-17 22:42:45
ComboFix2.txt 2008-03-16 12:03:59
ComboFix3.txt 2008-03-14 21:09:00
ComboFix4.txt 2008-03-12 12:12:53
ComboFix5.txt 2008-03-10 17:23:13
.
2008-03-16 21:19:44 --- E O F ---
ComboFix 08-03-10.1 - peter 2008-03-17 23:39:46.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.920 [GMT 1:00]
Endroit: G:\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
/wow section - STAGE 5
Accès refusé.
/wow section non terminée
((((((((((((((((((((((((((((( Fichiers créés 2008-02-17 to 2008-03-17 ))))))))))))))))))))))))))))))))))))
.
2008-03-17 21:30 . 2008-03-17 21:30 <REP> d-------- C:\VundoFix Backups
2008-03-17 20:07 . 2008-03-17 20:07 <REP> d-------- C:\Documents and Settings\peter\Application Data\Malwarebytes
2008-03-17 20:06 . 2008-03-17 20:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-17 20:06 . 2008-03-17 20:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-15 12:16 . 2008-03-15 12:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-15 12:10 . 2008-03-15 13:07 <REP> d-------- C:\SDFix
2008-03-10 19:00 . 2008-03-10 18:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 19:00 . 2008-03-10 19:00 2,546 --a------ C:\WINDOWS\unins000.dat
2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 14:05 . 2008-03-15 14:25 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 22:23 --------- d-----w C:\Program Files\VideoLAN
2008-03-17 20:18 --------- d-----w C:\Program Files\Ares
2008-03-17 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-16 14:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-10 18:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-10 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 18:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 15:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-07 14:46 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-03-07 14:46 --------- d-----w C:\Program Files\BitDefender
2008-02-29 18:44 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-27 10:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-21 22:40 --------- d-----w C:\Program Files\LimeWire
2008-02-21 13:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 12:33 --------- d-----w C:\Documents and Settings\peter\Application Data\Skype
2008-02-20 18:13 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-20 17:09 --------- d-----w C:\Program Files\BitComet
2008-02-11 11:52 --------- d-----w C:\Documents and Settings\peter\Application Data\Slide
2008-02-10 21:30 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-06 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-29 10:08 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pok3d
2008-01-20 01:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
.
((((((((((((((((((((((((((((( snapshot@2008-03-10_16.18.30.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-15 12:05:38 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 12:05:38 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-15 11:16:25 13,430,784 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-03-15 11:16:25 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-16 14:12:18 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_590.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\download-boosters\tbdown.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]
[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]
[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-28 23:37:11 126136]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2007-09-23 03:03:46 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 12:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-17 22:14:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-17 00:54:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 23:41:38
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Temps d'accomplissement: 2008-03-17 23:42:56
ComboFix-quarantined-files.txt 2008-03-17 22:42:45
ComboFix2.txt 2008-03-16 12:03:59
ComboFix3.txt 2008-03-14 21:09:00
ComboFix4.txt 2008-03-12 12:12:53
ComboFix5.txt 2008-03-10 17:23:13
.
2008-03-16 21:19:44 --- E O F ---
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
20 mars 2008 à 14:09
20 mars 2008 à 14:09
ok pato83,
passe ce scan en ligne et post le resultat ici stp
Scan en ligne bitdefender :
https://www.bitdefender.com/toolbox/
Clicker sur " I agree " et suivre les indications
A faire imperativement sous internet explorer, en acceptant l´activ x
tutoriel en image en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
@+
passe ce scan en ligne et post le resultat ici stp
Scan en ligne bitdefender :
https://www.bitdefender.com/toolbox/
Clicker sur " I agree " et suivre les indications
A faire imperativement sous internet explorer, en acceptant l´activ x
tutoriel en image en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
@+
pato83
Messages postés
23
Date d'inscription
lundi 10 mars 2008
Statut
Membre
Dernière intervention
12 novembre 2009
21 mars 2008 à 00:35
21 mars 2008 à 00:35
BitDefender Online Scanner
Scan report generated at: Tue, Mar 18, 2008 - 19:32:43
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
Statistics
Time
01:45:37
Files
383801
Folders
10971
Boot Sectors
4
Archives
11598
Packed Files
17007
Results
Identified Viruses
37
Infected Files
130
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
130
Engines Info
Virus Definitions
1019476
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\QooBox\Quarantine\C\VundoFix Backups\3htxv.exe.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\QooBox\Quarantine\C\VundoFix Backups\3htxv.exe.bad.vir
Disinfection failed
C:\QooBox\Quarantine\C\VundoFix Backups\3htxv.exe.bad.vir
Deleted
C:\QooBox\Quarantine\C\VundoFix Backups\54hwr.exe.bad.vir
Infected with: Trojan.Vundo.DZI
C:\QooBox\Quarantine\C\VundoFix Backups\54hwr.exe.bad.vir
Deleted
C:\QooBox\Quarantine\C\VundoFix Backups\55dg.exe.bad.vir
Infected with: Trojan.Vundo.DZA
C:\QooBox\Quarantine\C\VundoFix Backups\55dg.exe.bad.vir
Deleted
C:\QooBox\Quarantine\C\VundoFix Backups\awvvs.dll.bad.vir
Infected with: Trojan.Vundo.DZK
C:\QooBox\Quarantine\C\VundoFix Backups\awvvs.dll.bad.vir
Deleted
C:\QooBox\Quarantine\C\VundoFix Backups\sffajprm.dll.bad.vir
Infected with: Trojan.Vundo.DZV
C:\QooBox\Quarantine\C\VundoFix Backups\sffajprm.dll.bad.vir
Deleted
C:\QooBox\Quarantine\C\VundoFix Backups\vlsvqfyf.dll.bad.vir
Infected with: Trojan.Vundo.DZK
C:\QooBox\Quarantine\C\VundoFix Backups\vlsvqfyf.dll.bad.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005
Detected with: Adware.Navipromo.BYN
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005
Deleted
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
Update failed
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009
Detected with: Adware.SpywareSecure.D
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009
Deleted
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
Update failed
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002
Detected with: Adware.Navipromo.BYN
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002
Deleted
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)
Update failed
C:\QooBox\Quarantine\C\WINDOWS\system32\ddayx.dll.vir
Infected with: Trojan.Vundo.EDO
C:\QooBox\Quarantine\C\WINDOWS\system32\ddayx.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\jjycyxha.dll.vir
Infected with: Trojan.Vundo.ECX
C:\QooBox\Quarantine\C\WINDOWS\system32\jjycyxha.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\khffcya.dll.vir
Infected with: Trojan.Vundo.ECN
C:\QooBox\Quarantine\C\WINDOWS\system32\khffcya.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnolkh.dll.vir
Infected with: Trojan.Vundo.ECN
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnolkh.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\qefcrrbx.dll.vir
Infected with: Trojan.Vundo.EDE
C:\QooBox\Quarantine\C\WINDOWS\system32\qefcrrbx.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\rltbrixk.dll.vir
Infected with: Trojan.Vundo.EDF
C:\QooBox\Quarantine\C\WINDOWS\system32\rltbrixk.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\vetutsmf.dll.vir
Infected with: Trojan.Vundo.ECQ
C:\QooBox\Quarantine\C\WINDOWS\system32\vetutsmf.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\vrketcqm.dll.vir
Infected with: Trojan.Vundo.ECX
C:\QooBox\Quarantine\C\WINDOWS\system32\vrketcqm.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuuvwv.dll.vir.vir
Infected with: Trojan.Vundo.ECN
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuuvwv.dll.vir.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\vyrpsoqd.dll.vir
Infected with: Trojan.Vundo.ECZ
C:\QooBox\Quarantine\C\WINDOWS\system32\vyrpsoqd.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\xbuvevot.dll.vir
Infected with: Trojan.Vundo.ECO
C:\QooBox\Quarantine\C\WINDOWS\system32\xbuvevot.dll.vir
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055428.exe
Infected with: Trojan.Hacktool.Patch.A
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055428.exe
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP546\A0081256.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP546\A0081256.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP546\A0081256.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083682.ini
Infected with: Trojan.Vundo.DVS
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083682.ini
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083682.ini
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083696.exe
Infected with: Trojan.Delf.Inject.F
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083696.exe
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083696.exe
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0084708.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0084708.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0084708.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0086700.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0086700.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0086700.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086824.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086824.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086859.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086859.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086859.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP552\A0086955.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP552\A0086955.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087067.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087067.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087068.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087068.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0089093.dll
Infected with: Trojan.Vundo.DZB
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0089093.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0091175.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0091175.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0092175.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0092175.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093196.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093196.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093197.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093197.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094244.dll
Infected with: Trojan.Vundo.DZA
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094244.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094250.dll
Infected with: Trojan.Vundo.DZI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094250.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094254.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094254.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094254.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094256.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094256.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094256.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094259.dll
Infected with: Trojan.Vundo.DZI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094259.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094261.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094261.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094261.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094262.dll
Infected with: Trojan.Vundo.DZI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094262.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094263.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094263.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094263.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094264.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094264.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094264.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094267.dll
Infected with: Trojan.Vundo.DZI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094267.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094272.dll
Infected with: Trojan.Vundo.DZI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094272.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094283.dll
Infected with: Trojan.Vundo.DZI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094283.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094285.dll
Infected with: Trojan.Vundo.DZA
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094285.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094293.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094293.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094294.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094294.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094295.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094295.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094296.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094296.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094297.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094297.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094298.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094298.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094299.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094299.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094300.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094300.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094301.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094301.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094302.dll
Infected with: Trojan.Vundo.DZC
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094302.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094303.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094303.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094304.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094304.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094305.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094305.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094312.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094312.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094312.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094337.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094337.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094338.dll
Infected with: Trojan.Vundo.DZV
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094338.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094414.exe
Infected with: Trojan.Agent.AHBI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094414.exe
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094414.exe
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP561\A0095393.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP561\A0095393.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP572\A0099193.dll
Infected with: Trojan.Vundo.EBG
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP572\A0099193.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0101227.dll
Infected with: Trojan.Vundo.EBI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0101227.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104226.dll
Infected with: Trojan.Vundo.EBG
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104226.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104228.dll
Infected with: Trojan.Vundo.EBG
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104228.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104229.dll
Infected with: Trojan.Vundo.EAI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104229.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104230.dll
Infected with: Trojan.Vundo.EAI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104230.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104325.dll
Infected with: Trojan.Vundo.EAH
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104325.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104338.dll
Infected with: Trojan.Vundo.EBG
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104338.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0105338.dll
Infected with: Trojan.Vundo.EBH
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0105338.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112464.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112464.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112465.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112465.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112466.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112466.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112467.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112467.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112468.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112468.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112469.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112469.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112470.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112470.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112471.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112471.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112472.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112472.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112474.dll
Infected with: Trojan.Vundo.EBH
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112474.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0121964.ini
Infected with: Trojan.Vundo.DVS
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0121964.ini
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0121964.ini
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0122964.ini
Infected with: Trojan.Vundo.DVS
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0122964.ini
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0122964.ini
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123017.dll
Infected with: Trojan.Vundo.ECN
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123017.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123018.dll
Infected with: Trojan.Vundo.ECJ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123018.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123019.dll
Infected with: Trojan.Vundo.ECR
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123019.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123090.dll
Infected with: Trojan.Vundo.ECN
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123090.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123092.dll
Infected with: Trojan.Vundo.ECJ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123092.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136083.dll
Infected with: Trojan.Vundo.ECL
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136083.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136084.dll
Infected with: Trojan.Vundo.ECM
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136084.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136086.dll
Infected with: Trojan.Vundo.ECO
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136086.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139730.dll
Infected with: Trojan.Vundo.ECM
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139730.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139774.dll
Infected with: Trojan.Vundo.ECM
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139774.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP594\A0140774.dll
Infected with: Trojan.Vundo.ECM
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP594\A0140774.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141808.dll
Infected with: Trojan.Vundo.ECZ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141808.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141824.dll
Infected with: Trojan.Vundo.ECZ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141824.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141825.dll
Infected with: Trojan.Vundo.ECQ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141825.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141852.exe
Infected with: Trojan.Peed.JAS
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141852.exe
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141852.exe
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141854.dll
Infected with: Trojan.Vundo.ECM
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141854.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141886.dll
Infected with: Trojan.Vundo.ECL
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141886.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141887.dll
Infected with: Trojan.Vundo.ECL
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141887.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141888.dll
Infected with: Trojan.Vundo.ECL
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141888.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141889.dll
Infected with: Trojan.Vundo.ECL
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141889.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013
Infected with: Trojan.Downloader.Small.BTF
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE
Update failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0142155.exe
Infected with: Trojan.Generic.89688
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0142155.exe
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP596\A0143386.dll
Infected with: Trojan.Vundo.ECS
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP596\A0143386.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143456.dll
Infected with: Trojan.Vundo.ECN
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143456.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143458.dll
Infected with: Trojan.Vundo.ECN
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143458.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143463.dll
Infected with: Trojan.Vundo.EDF
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143463.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143467.dll
Infected with: Trojan.Vundo.ECO
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143467.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143683.dll
Infected with: Trojan.Vundo.ECQ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143683.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143685.dll
Infected with: Trojan.Vundo.ECZ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143685.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143690.dll
Infected with: Trojan.Vundo.EDO
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143690.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143691.dll
Infected with: Trojan.Vundo.ECX
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143691.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143692.dll
Infected with: Trojan.Vundo.EDE
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143692.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143693.dll
Infected with: Trojan.Vundo.ECX
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143693.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP600\A0143866.dll
Infected with: Trojan.Vundo.ECZ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP600\A0143866.dll
Deleted
C:\WINDOWS\system32\exjcshyn.dll
Infected with: Trojan.Vundo.ECQ
C:\WINDOWS\system32\exjcshyn.dll
Deleted
C:\WINDOWS\system32\kohlivox.dll
Infected with: Trojan.Vundo.ECO
C:\WINDOWS\system32\kohlivox.dll
Deleted
C:\WINDOWS\system32\lknnhqlc.dll
Infected with: Trojan.Vundo.ECO
C:\WINDOWS\system32\lknnhqlc.dll
Deleted
C:\WINDOWS\system32\skewdjdc.dll
Infected with: Trojan.Vundo.ECO
C:\WINDOWS\system32\skewdjdc.dll
Deleted
C:\WINDOWS\system32\vkxvwyud.dll
Infected with: Trojan.Vundo.ECO
C:\WINDOWS\system32\vkxvwyud.dll
Deleted
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe
Detected with: Application.Aseye.PH
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe
Disinfection failed
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe
Deleted
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar
Update failed
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe
Detected with: Application.Aseye.BDE
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe
Disinfection failed
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe
Deleted
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar
Update failed
D:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055429.exe
Infected with: Trojan.Hacktool.Patch.A
D:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055429.exe
Deleted
Scan report generated at: Tue, Mar 18, 2008 - 19:32:43
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
Statistics
Time
01:45:37
Files
383801
Folders
10971
Boot Sectors
4
Archives
11598
Packed Files
17007
Results
Identified Viruses
37
Infected Files
130
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
130
Engines Info
Virus Definitions
1019476
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\QooBox\Quarantine\C\VundoFix Backups\3htxv.exe.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\QooBox\Quarantine\C\VundoFix Backups\3htxv.exe.bad.vir
Disinfection failed
C:\QooBox\Quarantine\C\VundoFix Backups\3htxv.exe.bad.vir
Deleted
C:\QooBox\Quarantine\C\VundoFix Backups\54hwr.exe.bad.vir
Infected with: Trojan.Vundo.DZI
C:\QooBox\Quarantine\C\VundoFix Backups\54hwr.exe.bad.vir
Deleted
C:\QooBox\Quarantine\C\VundoFix Backups\55dg.exe.bad.vir
Infected with: Trojan.Vundo.DZA
C:\QooBox\Quarantine\C\VundoFix Backups\55dg.exe.bad.vir
Deleted
C:\QooBox\Quarantine\C\VundoFix Backups\awvvs.dll.bad.vir
Infected with: Trojan.Vundo.DZK
C:\QooBox\Quarantine\C\VundoFix Backups\awvvs.dll.bad.vir
Deleted
C:\QooBox\Quarantine\C\VundoFix Backups\sffajprm.dll.bad.vir
Infected with: Trojan.Vundo.DZV
C:\QooBox\Quarantine\C\VundoFix Backups\sffajprm.dll.bad.vir
Deleted
C:\QooBox\Quarantine\C\VundoFix Backups\vlsvqfyf.dll.bad.vir
Infected with: Trojan.Vundo.DZK
C:\QooBox\Quarantine\C\VundoFix Backups\vlsvqfyf.dll.bad.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005
Detected with: Adware.Navipromo.BYN
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005
Deleted
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
Update failed
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009
Detected with: Adware.SpywareSecure.D
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009
Deleted
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
Update failed
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002
Detected with: Adware.Navipromo.BYN
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002
Deleted
C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)
Update failed
C:\QooBox\Quarantine\C\WINDOWS\system32\ddayx.dll.vir
Infected with: Trojan.Vundo.EDO
C:\QooBox\Quarantine\C\WINDOWS\system32\ddayx.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\jjycyxha.dll.vir
Infected with: Trojan.Vundo.ECX
C:\QooBox\Quarantine\C\WINDOWS\system32\jjycyxha.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\khffcya.dll.vir
Infected with: Trojan.Vundo.ECN
C:\QooBox\Quarantine\C\WINDOWS\system32\khffcya.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnolkh.dll.vir
Infected with: Trojan.Vundo.ECN
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnolkh.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\qefcrrbx.dll.vir
Infected with: Trojan.Vundo.EDE
C:\QooBox\Quarantine\C\WINDOWS\system32\qefcrrbx.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\rltbrixk.dll.vir
Infected with: Trojan.Vundo.EDF
C:\QooBox\Quarantine\C\WINDOWS\system32\rltbrixk.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\vetutsmf.dll.vir
Infected with: Trojan.Vundo.ECQ
C:\QooBox\Quarantine\C\WINDOWS\system32\vetutsmf.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\vrketcqm.dll.vir
Infected with: Trojan.Vundo.ECX
C:\QooBox\Quarantine\C\WINDOWS\system32\vrketcqm.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuuvwv.dll.vir.vir
Infected with: Trojan.Vundo.ECN
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuuvwv.dll.vir.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\vyrpsoqd.dll.vir
Infected with: Trojan.Vundo.ECZ
C:\QooBox\Quarantine\C\WINDOWS\system32\vyrpsoqd.dll.vir
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\xbuvevot.dll.vir
Infected with: Trojan.Vundo.ECO
C:\QooBox\Quarantine\C\WINDOWS\system32\xbuvevot.dll.vir
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055428.exe
Infected with: Trojan.Hacktool.Patch.A
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055428.exe
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP546\A0081256.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP546\A0081256.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP546\A0081256.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083682.ini
Infected with: Trojan.Vundo.DVS
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083682.ini
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083682.ini
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083696.exe
Infected with: Trojan.Delf.Inject.F
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083696.exe
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP547\A0083696.exe
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0084708.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0084708.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0084708.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0086700.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0086700.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP548\A0086700.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086824.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086824.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086859.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086859.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP549\A0086859.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP552\A0086955.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP552\A0086955.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087067.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087067.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087068.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0087068.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0089093.dll
Infected with: Trojan.Vundo.DZB
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP554\A0089093.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0091175.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0091175.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0092175.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0092175.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093196.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093196.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093197.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP558\A0093197.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094244.dll
Infected with: Trojan.Vundo.DZA
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094244.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094250.dll
Infected with: Trojan.Vundo.DZI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094250.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094254.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094254.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094254.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094256.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094256.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094256.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094259.dll
Infected with: Trojan.Vundo.DZI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094259.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094261.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094261.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094261.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094262.dll
Infected with: Trojan.Vundo.DZI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094262.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094263.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094263.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094263.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094264.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094264.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094264.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094267.dll
Infected with: Trojan.Vundo.DZI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094267.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094272.dll
Infected with: Trojan.Vundo.DZI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094272.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094283.dll
Infected with: Trojan.Vundo.DZI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094283.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094285.dll
Infected with: Trojan.Vundo.DZA
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094285.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094293.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094293.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094294.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094294.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094295.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094295.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094296.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094296.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094297.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094297.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094298.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094298.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094299.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094299.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094300.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094300.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094301.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094301.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094302.dll
Infected with: Trojan.Vundo.DZC
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094302.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094303.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094303.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094304.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094304.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094305.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094305.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094312.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094312.dll
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094312.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094337.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094337.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094338.dll
Infected with: Trojan.Vundo.DZV
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094338.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094414.exe
Infected with: Trojan.Agent.AHBI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094414.exe
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP559\A0094414.exe
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP561\A0095393.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP561\A0095393.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP572\A0099193.dll
Infected with: Trojan.Vundo.EBG
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP572\A0099193.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0101227.dll
Infected with: Trojan.Vundo.EBI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0101227.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104226.dll
Infected with: Trojan.Vundo.EBG
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104226.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104228.dll
Infected with: Trojan.Vundo.EBG
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104228.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104229.dll
Infected with: Trojan.Vundo.EAI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104229.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104230.dll
Infected with: Trojan.Vundo.EAI
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP573\A0104230.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104325.dll
Infected with: Trojan.Vundo.EAH
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104325.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104338.dll
Infected with: Trojan.Vundo.EBG
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0104338.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0105338.dll
Infected with: Trojan.Vundo.EBH
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP574\A0105338.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112464.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112464.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112465.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112465.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112466.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112466.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112467.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112467.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112468.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112468.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112469.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112469.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112470.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112470.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112471.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112471.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112472.dll
Infected with: Trojan.Vundo.DZK
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112472.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112474.dll
Infected with: Trojan.Vundo.EBH
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP576\A0112474.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0121964.ini
Infected with: Trojan.Vundo.DVS
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0121964.ini
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0121964.ini
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0122964.ini
Infected with: Trojan.Vundo.DVS
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0122964.ini
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0122964.ini
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123017.dll
Infected with: Trojan.Vundo.ECN
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123017.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123018.dll
Infected with: Trojan.Vundo.ECJ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123018.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123019.dll
Infected with: Trojan.Vundo.ECR
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP585\A0123019.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123090.dll
Infected with: Trojan.Vundo.ECN
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123090.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123092.dll
Infected with: Trojan.Vundo.ECJ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP586\A0123092.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136083.dll
Infected with: Trojan.Vundo.ECL
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136083.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136084.dll
Infected with: Trojan.Vundo.ECM
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136084.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136086.dll
Infected with: Trojan.Vundo.ECO
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP589\A0136086.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139730.dll
Infected with: Trojan.Vundo.ECM
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139730.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139774.dll
Infected with: Trojan.Vundo.ECM
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP591\A0139774.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP594\A0140774.dll
Infected with: Trojan.Vundo.ECM
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP594\A0140774.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141808.dll
Infected with: Trojan.Vundo.ECZ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141808.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141824.dll
Infected with: Trojan.Vundo.ECZ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141824.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141825.dll
Infected with: Trojan.Vundo.ECQ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141825.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141852.exe
Infected with: Trojan.Peed.JAS
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141852.exe
Disinfection failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141852.exe
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141854.dll
Infected with: Trojan.Vundo.ECM
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141854.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141886.dll
Infected with: Trojan.Vundo.ECL
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141886.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141887.dll
Infected with: Trojan.Vundo.ECL
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141887.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141888.dll
Infected with: Trojan.Vundo.ECL
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141888.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141889.dll
Infected with: Trojan.Vundo.ECL
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141889.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013
Infected with: Trojan.Downloader.Small.BTF
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE
Update failed
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0142155.exe
Infected with: Trojan.Generic.89688
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0142155.exe
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP596\A0143386.dll
Infected with: Trojan.Vundo.ECS
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP596\A0143386.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143456.dll
Infected with: Trojan.Vundo.ECN
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143456.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143458.dll
Infected with: Trojan.Vundo.ECN
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143458.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143463.dll
Infected with: Trojan.Vundo.EDF
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143463.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143467.dll
Infected with: Trojan.Vundo.ECO
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP597\A0143467.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143683.dll
Infected with: Trojan.Vundo.ECQ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143683.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143685.dll
Infected with: Trojan.Vundo.ECZ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143685.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143690.dll
Infected with: Trojan.Vundo.EDO
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143690.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143691.dll
Infected with: Trojan.Vundo.ECX
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143691.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143692.dll
Infected with: Trojan.Vundo.EDE
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143692.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143693.dll
Infected with: Trojan.Vundo.ECX
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP599\A0143693.dll
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP600\A0143866.dll
Infected with: Trojan.Vundo.ECZ
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP600\A0143866.dll
Deleted
C:\WINDOWS\system32\exjcshyn.dll
Infected with: Trojan.Vundo.ECQ
C:\WINDOWS\system32\exjcshyn.dll
Deleted
C:\WINDOWS\system32\kohlivox.dll
Infected with: Trojan.Vundo.ECO
C:\WINDOWS\system32\kohlivox.dll
Deleted
C:\WINDOWS\system32\lknnhqlc.dll
Infected with: Trojan.Vundo.ECO
C:\WINDOWS\system32\lknnhqlc.dll
Deleted
C:\WINDOWS\system32\skewdjdc.dll
Infected with: Trojan.Vundo.ECO
C:\WINDOWS\system32\skewdjdc.dll
Deleted
C:\WINDOWS\system32\vkxvwyud.dll
Infected with: Trojan.Vundo.ECO
C:\WINDOWS\system32\vkxvwyud.dll
Deleted
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe
Detected with: Application.Aseye.PH
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe
Disinfection failed
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe
Deleted
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar
Update failed
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe
Detected with: Application.Aseye.BDE
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe
Disinfection failed
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe
Deleted
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar
Update failed
D:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055429.exe
Infected with: Trojan.Hacktool.Patch.A
D:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP466\A0055429.exe
Deleted
^^Marie^^
Messages postés
113926
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 276
21 mars 2008 à 11:36
21 mars 2008 à 11:36
Coucou
Je prend la relève -- Girly a un soucis matériel
Fais ce qui suit
stp
· Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.(sur un des 2 liens)
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
· Clique sur Recherche et laisse le scan se terminer.
· Clique, sur Suppression pour finaliser.
· Tu peux, si tu le souhaites, te servir des Options facultatives.
· Clique sur Quitter, pour que le rapport puisse se créer.
· Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
et tu relances Bitdefender
A++
Je prend la relève -- Girly a un soucis matériel
Fais ce qui suit
stp
· Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.(sur un des 2 liens)
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
· Clique sur Recherche et laisse le scan se terminer.
· Clique, sur Suppression pour finaliser.
· Tu peux, si tu le souhaites, te servir des Options facultatives.
· Clique sur Quitter, pour que le rapport puisse se créer.
· Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
et tu relances Bitdefender
A++
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
21 mars 2008 à 11:39
21 mars 2008 à 11:39
MERCI MARIE♥
pato83
Messages postés
23
Date d'inscription
lundi 10 mars 2008
Statut
Membre
Dernière intervention
12 novembre 2009
21 mars 2008 à 13:33
21 mars 2008 à 13:33
bonjour marie je te remercie de m'aider
voilà le resultat du test :
-->- Recherche:
C:\SDFIX: trouvé !
C:\Combofix: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\peter\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\peter\Bureau\LOGICIEL 2008\HJTInstall.exe: trouvé !
C:\Documents and Settings\peter\Recent\HijackThis.lnk: trouvé !
C:\Downloads\vundoFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
C:\QooBox\Quarantine\C\Vundofix backups: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\peter\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\peter\Bureau\LOGICIEL 2008\HJTInstall.exe: supprimé !
C:\Documents and Settings\peter\Recent\HijackThis.lnk: supprimé !
C:\Downloads\vundoFix.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\SDFIX: supprimé !
C:\Combofix: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
voilà le resultat du test :
-->- Recherche:
C:\SDFIX: trouvé !
C:\Combofix: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\peter\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\peter\Bureau\LOGICIEL 2008\HJTInstall.exe: trouvé !
C:\Documents and Settings\peter\Recent\HijackThis.lnk: trouvé !
C:\Downloads\vundoFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
C:\QooBox\Quarantine\C\Vundofix backups: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\peter\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\peter\Bureau\LOGICIEL 2008\HJTInstall.exe: supprimé !
C:\Documents and Settings\peter\Recent\HijackThis.lnk: supprimé !
C:\Downloads\vundoFix.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\SDFIX: supprimé !
C:\Combofix: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
^^Marie^^
Messages postés
113926
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 276
21 mars 2008 à 13:52
21 mars 2008 à 13:52
OK
relances Bitdefender
relances Bitdefender
pato83
Messages postés
23
Date d'inscription
lundi 10 mars 2008
Statut
Membre
Dernière intervention
12 novembre 2009
22 mars 2008 à 15:11
22 mars 2008 à 15:11
voila le resultat de bitdefender:
BitDefender Online Scanner
Scan report generated at: Wed, Mar 19, 2008 - 18:33:20
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
Statistics
Time
01:47:33
Files
387998
Folders
10942
Boot Sectors
4
Archives
11600
Packed Files
17563
Results
Identified Viruses
3
Infected Files
3
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
3
Engines Info
Virus Definitions
1021171
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013
Infected with: Trojan.Downloader.Small.BTF
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE
Update failed
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe
Detected with: Application.Aseye.PH
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe
Disinfection failed
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe
Deleted
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar
Update failed
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe
Detected with: Application.Aseye.BDE
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe
Disinfection failed
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe
Deleted
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar
Update failed
BitDefender Online Scanner
Scan report generated at: Wed, Mar 19, 2008 - 18:33:20
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
Statistics
Time
01:47:33
Files
387998
Folders
10942
Boot Sectors
4
Archives
11600
Packed Files
17563
Results
Identified Viruses
3
Infected Files
3
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
3
Engines Info
Virus Definitions
1021171
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013
Infected with: Trojan.Downloader.Small.BTF
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE=>wise0013
Deleted
C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP595\A0141982.EXE
Update failed
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe
Detected with: Application.Aseye.PH
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe
Disinfection failed
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7p.exe
Deleted
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar
Update failed
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe
Detected with: Application.Aseye.BDE
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe
Disinfection failed
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar=>AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original\Crack Cinema Craft Encoder (CCE)\ccfcce7s.exe
Deleted
D:\disk dur\AVIXDVD.0.1.4.Inc.CCE.Cracked.by.Magic-Hacker.Original.rar
Update failed
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
23 mars 2008 à 16:00
23 mars 2008 à 16:00
Merci ;-)
^^Marie^^
Messages postés
113926
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 276
23 mars 2008 à 16:01
23 mars 2008 à 16:01
COucou
de rien
Pas mal de ""krak"" kan mm ;;;))
de rien
Pas mal de ""krak"" kan mm ;;;))
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
23 mars 2008 à 16:04
23 mars 2008 à 16:04
Oui ce pato83,
A fait le plein de crack, j´explique pas la redescente LOL
A fait le plein de crack, j´explique pas la redescente LOL