Sujet Précédent Sujet Suivant

Application Win 32 non valide

Résolu/Fermé
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008 - 23 mars 2008 à 19:20
 thierry.sache - 2 sept. 2008 à 10:40
Bonjour,

Je pense être infecté par un virus ou ver, je n'arrive pas à m'en sortir.
Les symptomes :
- Le premier symptôme a été la désactivation de ma carte wifi. En trouvant sur le forum que cela provenait certainement de Beagle, j'ai essayé de télécharger un fix, mais pas reussi à l'executer (application win32 non valide). Actuellement je joue avec la base de registre pour la réactiver avec HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio\start=3

- quand j'essaye de lancer certaines applications (avast compris) une erreur apparait : application win32 non valide.
Pensant être infecté par un (ou plusieurs) Virus/Ver, j'ai beau essayé de télécharger plusieurs Fix(combofix, f-bagle, Fxbeagle, antiBagle), je ne peux malheureusement les executer : application win32 non valide voire un pop up m'indiquant fermeture programme suite problème.

- IE fait des siennes aussi : je le lance, et il bloque tout simplement. Ai tenté une réinstal sans succès.

- Je tourne d'habitude avec Firefox, qui devient également capricieux (il bloque aussi) dès que je veux télécharger un fichier (genre un Fix ... ca aide pas !!)

- Explorer : dans certaines fenetres, par exemple sous mes documents, les icones de mes dossiers et fichiers n'apparraissent plus !

- J'ai voulu effectuer des scan en ligne, mais malheureusement comme la plupart s'effectuent avec IE (qui bloque), cela ne marche pas.

Voilà pour le petit résumé sommaire...
Si quelqu'un a des idées, je suis preneur !!
Merci
A voir également:

35 réponses

  • 1
  • 2
Réponse 1 / 35
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
24 mars 2008 à 11:48
salut
notre ami greenday a fait un exelent tuto contre se vers
http://www.commentcamarche.net/faq/sujet 9889 comment supprimer le virus beagle bagle

essai cette partie
* Voici en avant-première une astuce capable de rendre Elibagla plus efficace face aux variantes Bagle !
* Il suffit de le renommer en utilisant le même nom qu'un des fichiers faisant partie de l'infection: ici mdelk.exe et le rootkit sera incapable de faire la différence avec le fichier de l'infection qui porte le même nom et qui lui autorise donc un champ d'action beaucoup plus important.
* Elibagla ainsi renommé sera capable en un seul passage de neutraliser totalement l'infection. Il suffit ensuite d'un redémarrage du PC et d'un second scan pour supprimer les restes de l'infection.
* A noter que cette astuce marche uniquement si l'exe d'Elibagla est correctement renommé en mdelk.exe !

a++
2
Réponse 2 / 35
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
26 mars 2008 à 22:54
re
pour elibagla il faut le renommer avec un nom d un des fichiers d infection sur se cas il faut le renommer WINTEMS.EXE

il faut bien lire les tutos lol
a++
2
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
26 mars 2008 à 23:08
Oups ! :o ... Autant pour moi ... J'étais resté sur ce que tu avais indiqué au post 16 ...

Désolé ...( je modifie le post 43 pour rectifier le tire)
0
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008 > sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012
27 mars 2008 à 14:11
Point de situation.

J'ai lancé Elibagla (mode sans echec et renomage avec wintemp.exe), et de nouveau pareil ...
Quant à SDfix ...cela ne marche pas en Mode Normal (ni en Mode sans echec).
Si je lance avec la ligne de commande : une fenetre Dos s'affiche proposant différents items pour télécharger et lancer divers logiciels).
En mode sans echec : idem
Mon Pc est actuellement sans connection internet. Je fait donc tout hors ligne.
J'ai toujours mes punaises d'erreur application win 32 non valide.

J'ai repassé un scan Anti vir : RAS.

Petite remarque pour Elibagla : lors du scan il arrive parfois qu'il me mette en popup une fenetre comme quoi un accès à un fichier lui a été refusé. Je n'ai pas fait attention si cela correspondait aux 3 fameux fichiers restant, mais de tête il y a eu au moins une bonne dizaine de popup concernant un accès refusé à un fichier.
0
Réponse 3 / 35
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
24 mars 2008 à 19:25
re

reussi tu as passer en mode sans echec si oui passe Elibagla en sans echec

a++
1
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
24 mars 2008 à 19:29
Faut-il absolument arriver à faire un scan avec Elibagla pour piéger le bagle , ou y a-t-il une autre solution ?
0
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008 > sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012
24 mars 2008 à 19:47
De toute manière même en passant en mode sans echec avec retéléchargement et renomage ... Elibagla plante au bout de quelques secondes ...
0
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008 > sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012
24 mars 2008 à 21:54
Le scan Antivir est en cours en mode sans echec ... je pense que c'est parti pour la nuit.
Je suis prévu de me lever demain matin à 3H30 pour partir en déplacement.
J'enverrai le rapport de scan demain matin. Je serai ensuite la semaine sans connection internet continue....
Je serai donc moins réactif, mais je regarderai avec avidité !!!
0
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008 > sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012
25 mars 2008 à 03:58
Voilà au bout de quelques 7h37 de scan et quelques 5 millions de fichiers scannés j'ai stoppé mon scan qui était resté bloqué à 99,8% . Il doit vraimment tourner aussi en rond.

Voici le rapport :



AntiVir PersonalEdition Classic
Report file date: 2008-03-24 20:18

Scanning for 1163542 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: thierry
Computer name: PC

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 16:30:48
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 16:30:48
ANTIVIR3.VDF : 7.0.3.65 36864 Bytes 2008-03-23 16:30:48
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 2008-03-24 16:30:48
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-24 16:30:48
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-03-24 20:18

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
20 processes with 20 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '14' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: 2008-03-25 03:55
Used time: 7:37:06 min

The scan has been canceled!

137656 Scanning directories
5309984 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
5309984 Files not concerned
52997 Archives were scanned
339 Warnings
104 Notes
0
Réponse 4 / 35
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
23 mars 2008 à 19:28
salut,

Commence par supprimer tous les cracks de ton PC car ils vont relancer l'infection au fur et à mesure .
je rappelle que bagle est amené par un crack et qu'il se relance dès que tu te sers de celui ci; même si tu ne sers pas, il peut se relancer de lui même au démarrage de ton PC . En claire :
Essaye surtout de te rappeler si réçament tu n' as pas clicker sur un "patch" ou un "keygen"pour instaler un logiciel, un jeu cracké ou avoir une version complète d'un soft , et qu'il ne se soit rien passé de particulier ... C'est la que les beagles s'infiltrent ! Si tu retrouves ce crack en particulier ,scratch tout ( le crack, le soft ou encore les zip consernés). Si tu ne te rappelles plus trop , je te conseille fortement de supprimer tous les patchs qui sont sur ton PC ... ;)

ensuite :
tu vas faire ceci dans l'ordre indiqué et en respectant les consignes
Rends toi sur ce site :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
tout en bas de cette page tu trouveras un outil à télécharger,
clique sur "escargar Elibagla" (le numéro de version change au fur et à mesure des mises à jour)
installe ce fichier sur le bureau.
ensuite double-clic sur Elibagla.exe
>laisse la case "eliminar ficheros automaticamente" coché
>clique sur"explorar"
>laisse-le travailler
>poste le rapport final qui sera dans c:\infosat.txt

Si, dans le rapport, tu vois un texte semblable à celui-ci

Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;

envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).

L'outil a rencontré un fichier qu'il reconnait mais ne sait pas encore éradiquer
0
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008
23 mars 2008 à 20:00
Ok, j'ai supprimé tout ce que je trouvais comme patch ou crack de mon pc en vidant la corbeille,
J'avais bien tenté de télécharger et lancer Elibagla, mais sans succès.
Je viens de retenter Elibagla: téléchargement ok, mais le scan stoppe au bout de 30 secondes, car l'application plante tout simplement (pop up de vista : probleme survenu , le programme va etre arreté ...)
J'ai tenté avec plusieurs sources différentes ... idem ...
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463 > thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008
23 mars 2008 à 20:55
fait ce-ci
supprime Elibagla et retélécharge le sur ton bureau en clickant droit sur le raccourcit du site elibagla --->"enregistrer la cible sous" --->renommé en "fixeli.exe" par exemple et valider .

ensuite redémarre ton pc en mode sans échec .
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur .

puis reprend la manipe comme indiquer précédament et poste le rapport généré ...
0
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008 > sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012
23 mars 2008 à 23:03
J'ai reussi à lancer un soft (protector Plus) de chez http://www.protectorplus.com/ qui permet de scanner pour W32/bagle worm. Resultat : aucun fichier infecté ...

Entre temps, j'ai retester mon IE et le téléchargement via firefox : ca marche !
Mais Spybot, Avast ou HiKackFree me font toujours une erreur : application Win32 non valide ...

En maintenant lancant Elibagle, le scan fini toujours par bloquer à un moment donné sur un fichier.
Malheureusement lorsque le pop up de vista apparait "probleme programme, fermer", je ne vois pas le chemin en entier sous Elibagle.
En faisant une recherche du fichier bloquant (QSwitch.txt) apparaissant dans la fenetre de Elibagle, j'ai reussi à le retrouver quelque part sous c:/document & settings/moi/appData/local/applicationdata.
En le supprimant (en me disant qu'un fichier txt n'avait guère d'importance), et en relancant Elibagle il bloque cette fois ci sur un autre fichier ... provoquant toujours la meme erreur Vista
En répétant, plusieurs fois la manip, le scan (recommencé au relancement de Elibagle suite plantage) progresse jusqu'a tombé sur un fichier que je n'arrive pas à retrouver ... Bref c''est pas encore gagné de ce coté là ...

Un scan via un FIxTool de Symantec (qui reussi à tourner pour l'instant .. contrairement à avant) pour W32.beagle@mm est en cours ... en esperant qu'il me trouve quelque chose de précis.
Je tiens au courant si résultat de ce coté ci.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 35
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008
23 mars 2008 à 21:30
Test lancement Elibagla suite renomage sous le bureau : idem .... probleme programme --> fermer
Test mode sans echec : je relance Eibagla ---> plantage : probleme programme --> fermer

En faisant une analyse de D:/ avec Elibagla : il le fait sans problème.
On dirait que c'est suite à l'analyse d'un fichier sous C:/ (en début de sequence qu'il plante)

Pour info : en faisant une recherche sur mon disque dur j'ai trouvé le fichier mdelk.exe sous c:/windows/system32

Autre procédure à proposer ? lol
Merci
0
Réponse 6 / 35
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
23 mars 2008 à 23:03
Excuse moi pour l'attante ...
On va essayé autre chose :

Télécharge MalewareBit : ftp://ftp.commentcamarche.com/download/mbam-setup.exe
un tuto sympa : https://forum.pcastuces.com/sujet.asp?f=31&s=3

instales et mets le à jour .

Puis redémarre en mode sans échec et lance un scan complet . Sauvegarde le rapport sur ton bureau puis poste le dans ta prochaine réponse ... J'espére que cette fois ça va passer :o
0
Réponse 7 / 35
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008
23 mars 2008 à 23:22
Pas de soucis pour l'attente, c'est bien gentil de s'occuper de moi ainsi !!
Mon scan de Symantec est toujours en cours... d'ailleurs ca commence à faire un peu trop long à mon gout... j'ai comme l'impression qui tourne en rond ????
Pourrait il se perdre par bouclage de raccourcis ??

J'ai téléchargé MalewareBit, lors de l'instal et surtout lors de la mise à jour cela a buggué (Vista fermer programme)
Ai relancé est n'est pas vu vette fois la mise à jour s'effectuer mais le programme s'est lancé sans erreur Win32 non valide !! youpiiiii... La date de derniere mise à jour de la bdd virale de MalewareBit est du 9 mars 08 ...

Bref, étant donné que le scan symantec est toujours en cours, je n'ai pas fait de reboot en sans echec et ai lancé en parallère un scan avec MalewareBit.
... c'est en cours ...
Je poste ASAP le rapport si cela fonctionne ...
0
Réponse 8 / 35
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008
24 mars 2008 à 00:11
Voilà, voilà
Après 45 minutes environ de scan voici le resultat du rapport :

================debut du rapport==================
Malwarebytes' Anti-Malware 1.08
Version de la base de données: 471

Type de recherche: Examen complet (C:\|)
Eléments examinés: 225748
Temps écoulé: 51 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 384

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Windows\System32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\thierry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0CE83CQF\b64_31[1].jpg (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14817832.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\100917.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\101244.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\101338.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\102445.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\103023.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\103350.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\105737.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\108217.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\109606.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\109621.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\110979.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\112788.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\112960.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\113022.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\113490.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\113724.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\114286.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\116298.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\117125.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\117156.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\117749.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\120541.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\120604.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\120713.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\123412.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\124301.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\125019.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\127515.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\132335.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\133724.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\136188.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\138154.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\140619.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\142725.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\143708.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\145439.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\145782.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\146188.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14621661.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14622020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14623596.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14624812.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14626762.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14626918.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14630319.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14639617.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14639960.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14653267.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14653392.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14653673.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14657557.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14659616.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14659819.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14664015.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\146656.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14678508.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14680364.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14681378.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14682439.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14684873.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14684951.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14685403.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14686885.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14689163.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14690941.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14691518.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14692080.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14694560.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14695621.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14695933.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14698024.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14698757.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14702657.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14703375.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14704420.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14706354.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14731080.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14735760.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14739083.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14743716.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14745542.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14745978.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14748116.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14749504.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14751516.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14754761.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14774464.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14778208.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14780377.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14782701.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14785228.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14785759.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14791156.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14795103.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14796164.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14796772.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14799128.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14813090.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14813652.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14817676.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14821483.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14826849.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14832559.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14837426.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14844961.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14849079.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14851295.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14853931.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14856365.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14886925.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14888205.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14888532.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14890919.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14924537.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\14928578.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\149776.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\151882.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\153052.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\153910.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\155423.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\155486.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\155985.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\157935.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\157997.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\159261.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\161211.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\161960.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\162131.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\163489.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\163676.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\164237.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\166141.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\166718.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\168325.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\168496.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\168949.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\169167.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\169697.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\169994.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\171429.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\172053.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\172287.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\172537.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\172615.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\172927.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\173020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\173098.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\174986.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\175267.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\177685.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\177731.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\178480.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\178511.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\179525.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\180149.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\180571.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\180945.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\183347.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\184049.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\184907.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\185625.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\186764.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\186982.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\188059.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\188605.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\189260.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\190914.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\191756.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\192676.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\192973.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\193612.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\194299.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\195672.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\195828.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\196218.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\198682.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\202536.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\202738.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\203206.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\203331.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\204174.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\204720.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\206779.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\206826.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\207200.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\209649.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\210726.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\210882.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\212208.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\213456.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\213502.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\214594.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\215140.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\219945.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\224407.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22593094.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22595746.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22598211.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\226123.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22624544.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22653154.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22658926.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22661625.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22664698.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22667974.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22703075.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22706756.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22707240.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22710563.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\227309.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22744602.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\22749173.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\229633.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\232129.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\232519.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\236341.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\236653.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\237043.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\239211.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\239321.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\242004.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\242831.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\244500.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\244765.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\246637.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\247542.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\248041.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\248883.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\248993.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\249492.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2533081.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2533783.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2540164.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2540897.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\254125.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\254468.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2545015.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2547059.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2547886.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2550787.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\255451.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\256559.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2571161.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2576481.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2578649.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2584406.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2587323.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2589257.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\259398.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\260506.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\262066.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2621596.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\262190.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2625699.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2630582.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\264468.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\265934.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\268196.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2687990.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\268883.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\2693326.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\272596.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\274873.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\278882.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\279772.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\286932.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\290629.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\290879.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\291441.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29146384.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29146992.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29157288.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29158583.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29160408.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29160580.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29166087.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29185244.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29189050.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29191000.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29193028.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29195524.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29196133.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29202139.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29206335.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29206975.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29210282.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29212404.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29244805.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29248487.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29249001.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29249345.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29250249.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29250468.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29252527.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29254149.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29254290.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29257488.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29278189.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29281980.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29284414.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29286582.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29289078.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29289577.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29295365.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29315661.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29316846.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29317221.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29319202.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29352508.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\29357094.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\294061.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\294873.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\297696.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\298773.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\301113.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\301908.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\303967.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\304623.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\306495.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\310207.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\311315.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\331096.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\332110.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\336322.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\339270.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\341532.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\344216.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\347180.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\354855.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\358287.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\361001.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\361594.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\364075.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\398130.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\402778.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\40990307.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\40996111.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43765643.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43767593.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43768482.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43770869.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43773131.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43776782.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43794457.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43800650.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43803021.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43805252.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43829011.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43830025.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43836078.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43841584.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43843144.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43843737.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43846280.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43884079.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\43889180.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55023440.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55024267.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55032722.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55080021.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55086527.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55127461.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55137071.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55141064.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55156774.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55160861.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55194448.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55202435.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55203465.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55207053.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55213683.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55252012.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\55257238.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\95472.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\95691.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\96003.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\96954.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\97110.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\97734.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\98561.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\down\99544.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\mdelk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
================Fin du rapport==================

il s'agit bien du rapport suite à la "désinfection". Il y avait semble t il bcp de monde ... dont le mdelk.exe.
Je fais un reboot, je teste mes appli win 32, voire une mise à jour de ce magnifique nouvel outil et un rescan...
0
Réponse 9 / 35
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
24 mars 2008 à 00:15
Avant toute chose refait un scan Elibagla dans un premier temps !
Poste le rapport et attend la suite des opérations ...
0
Réponse 10 / 35
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008
24 mars 2008 à 00:43
Je vien de refaire un reboot à l'issue en passant en mode sans echec.
Le lancement de ELIbagla plante de la meme manière qu'avant.
Les appli non valide Win32 : idem
Je relance un scan en mode sans echec avec Malwarebytes ... c'es reparti pour 45 minutes environ ...
0
Réponse 11 / 35
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
24 mars 2008 à 00:54
stop tout et fait ce-ci :

télécharge Combofix et renomme le avant de l'enregistrer sur ton bureau
fais exactement comme décrit ici
https://forum.pcastuces.com/sujet.asp?f=25&s=37315
Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Ensuite tu retournes en mode sans échec et tu relances un scan Malwarebytes

Une foi le scan terminer tu fait ce-ci ,toujours en mode sans échec et SANS REBOOTER :
(désactive ton antivirus, antispyware, durant l'utilisation de ComboFix . Merci. Tu réactives ensuite.)
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

sur ce je te dis bonne nuitée et à demain ...
0
Réponse 12 / 35
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008
24 mars 2008 à 02:23
Suite téléchargemenr de Combo--fix.exe
relance mode sans echec et scan de Malwarebytes
Voici le rapport :
----------------------
Malwarebytes' Anti-Malware 1.08
Version de la base de données: 471

Type de recherche: Examen rapide
Eléments examinés: 1782
Temps écoulé: 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
----------------------------------------------

Puis toujours en mode sans echec avec Combo-fix
Voici le rapport :
----------------------
ComboFix 08-03-23.2 - SYSTEM 2008-03-24 1:48:19.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1707 [GMT 1:00]
Endroit: C:\Windows\system32\config\systemprofile\Desktop\Combo__Fix.exe
.
TimedOut: Windir.dat
-- Other TimeOuts --
VFind -td "C:\Windows\system32\baiso*"
CF29066.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\*
CF29066.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
C:\Program Files\DAP\DAP.EXE /HIDE /ID=DAPIE
CF29066.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d10000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
Explorer.exe
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF29066.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\*
CF29066.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
C:\Program Files\DAP\DAP.EXE /HIDE /ID=DAPIE
CF29066.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d30000 * -t -l

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\System32\1.exe
D:\Autorun.inf
D:\MS32DLL.dll.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 00:56 --------- d---a-w C:\PROGRA~2\TEMP
2008-03-24 00:40 --------- d-----w C:\Users\thierry\AppData\Roaming\OpenOffice.org2
2008-03-24 00:35 --------- d-----w C:\PROGRA~2\VMware
2008-03-23 23:27 --------- d-----w C:\PROGRA~2\Google Updater
2008-03-23 23:15 --------- d-----w C:\Program Files\LogMeIn
2008-03-23 22:12 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-03-23 22:09 --------- d-----w C:\Users\thierry\AppData\Roaming\Malwarebytes
2008-03-23 22:09 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-03-23 20:18 --------- d-----w C:\Program Files\ObjMon
2008-03-23 20:18 --------- d-----w C:\Program Files\AntiFreeze
2008-03-23 20:16 262,144 ----a-w C:\ntuser.dat
2008-03-23 18:34 --------- d-----w C:\Users\thierry\AppData\Roaming\FileZilla
2008-03-23 12:53 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-03-23 10:52 --------- d-----w C:\Program Files\Sophos
2008-03-22 12:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-22 12:30 --------- d-----w C:\Program Files\Alwil Software
2008-03-22 12:27 --------- d-----w C:\Program Files\Rainlendar2
2008-03-21 18:25 --------- d-----w C:\Users\thierry\AppData\Roaming\VMware
2008-03-21 18:25 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-21 18:25 --------- d-----w C:\Program Files\File Scavenger 3.2
2008-03-21 18:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-21 10:44 --------- d-----w C:\Users\thierry\AppData\Roaming\PeerNetworking
2008-03-12 10:02 --------- d-----w C:\Program Files\Micro Application
2008-03-11 18:58 --------- d-----w C:\PROGRA~2\Symantec
2008-03-11 08:54 --------- d-----w C:\Program Files\Macromedia
2008-03-11 08:07 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-10 14:08 --------- d-----w C:\Program Files\WG Screensaver Creator 1.0
2008-03-10 09:46 --------- d-----w C:\Program Files\Restoration
2008-03-10 09:42 --------- d-----w C:\Program Files\Smart Data Recovery
2008-03-10 07:41 --------- d-----w C:\Program Files\VMware
2008-03-10 07:41 --------- d-----w C:\Program Files\Common Files\VMware
2008-03-09 11:59 --------- d-----w C:\Program Files\ScreensaverMaker 2.0 TE
2008-03-09 11:45 --------- d-----w C:\Program Files\DAP
2008-03-07 14:52 --------- d-----w C:\Users\thierry\AppData\Roaming\Thunderbird
2008-03-07 14:50 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-03 13:33 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-01 23:04 --------- d-----w C:\Users\thierry\AppData\Roaming\gtk-2.0
2008-03-01 15:24 --------- d-----w C:\Program Files\Windows Live
2008-02-28 14:33 --------- d-----w C:\Program Files\Java
2008-02-27 05:52 27,525 ----a-w C:\Users\thierry\AppData\Roaming\nvModes.dat
2008-02-23 13:14 --------- d-----w C:\Program Files\CubeDesktop
2008-02-22 17:04 --------- d-----w C:\Program Files\Real Desktop
2008-02-20 22:57 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-02-20 22:43 --------- d-----w C:\Program Files\Microsoft Works
2008-02-20 22:13 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-02-20 18:50 --------- d-----w C:\PROGRA~2\Messenger Plus!
2008-02-20 10:05 --------- d-----w C:\Program Files\IncrediMail
2008-02-20 08:02 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-20 07:48 --------- d-----w C:\Users\thierry\AppData\Roaming\Consultia
2008-02-19 22:24 --------- d-----w C:\Program Files\RADIO_USA
2008-02-19 20:57 --------- d-----w C:\Program Files\SphereXP
2008-02-19 17:28 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-18 19:09 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-18 12:17 --------- d-----w C:\Users\thierry\AppData\Roaming\CyberLink
2008-02-17 22:03 --------- d-----w C:\Program Files\adslTV
2008-02-17 21:15 --------- d-----w C:\Users\thierry\AppData\Roaming\vlc
2008-02-17 20:38 --------- d-----w C:\Program Files\Vista PDF Creator
2008-02-17 09:30 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-17 09:25 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-17 09:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-17 09:15 --------- d-----w C:\PROGRA~2\WLInstaller
2008-02-16 23:43 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-16 03:13 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-16 03:13 --------- d-----w C:\Program Files\Windows Mail
2008-02-16 00:52 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-16 00:50 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-16 00:50 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-16 00:50 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-16 00:50 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-16 00:50 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-16 00:50 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-16 00:50 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-16 00:50 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-16 00:46 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-02-16 00:46 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-02-16 00:46 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-02-16 00:44 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-16 00:44 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-16 00:41 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-16 00:41 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-16 00:41 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-16 00:41 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-16 00:40 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2008-02-16 00:40 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-16 00:37 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 20:47 --------- d-----w C:\Program Files\Google
2008-02-15 20:45 --------- d-----w C:\Users\thierry\AppData\Roaming\HP
2008-02-15 20:45 --------- d-----w C:\PROGRA~2\HP
2008-02-15 18:44 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-02-15 18:31 --------- d-----w C:\Program Files\speed-bit
2008-02-14 10:39 --------- d-----w C:\Users\thierry\AppData\Roaming\Talkback
2008-02-14 10:25 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-02-13 14:14 --------- d-----w C:\Program Files\VideoLAN
2008-02-12 14:25 --------- d-----w C:\Program Files\EasyPHP 2.0b1
2008-02-12 13:23 --------- d-----w C:\PROGRA~2\Adobe Systems
2008-02-12 11:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-12 11:10 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-02-12 11:00 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-02-12 10:55 --------- d-----w C:\Program Files\IZArc
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2007-07-31 16:33 1391640 --a------ C:\Program Files\speed-bit\tbspee.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{870e3b1b-d1c6-4b91-864c-90043cf02e56}]
2007-12-04 13:53 1502232 --a------ C:\Program Files\RADIO_USA\tbRADI.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Program Files\speed-bit\tbspee.dll" [2007-07-31 16:33 1391640]
"{870E3B1B-D1C6-4B91-864C-90043CF02E56}"= "C:\Program Files\RADIO_USA\tbRADI.dll" [2007-12-04 13:53 1502232]

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_CLASSES_ROOT\clsid\{870e3b1b-d1c6-4b91-864c-90043cf02e56}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiFreeze"="C:\Program Files\AntiFreeze\AntiFreeze.exe" [2007-12-16 16:57 139776]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-02-18 16:03 214456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 21:43 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 04:36 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 18:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 17:11 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54 50696]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 11:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 11:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 11:27 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-10 16:09 1836544]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-10 16:12 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-02-15 19:21 3364616]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-03-23 19:17 1816208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
"GrpConv"="grpconv -o" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AntiFreeze"="C:\Program Files\AntiFreeze\AntiFreeze.exe" [2007-12-16 16:57 139776]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-02-18 16:03 214456]

C:\Users\thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-03-23 19:19 115816 c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-03-01 12:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
--a------ 2007-01-13 01:28 431752 c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDico]
--a------ 2002-12-24 15:31 253952 C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-02-13 10:38 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2004-10-03 07:07 692224 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2007-05-01 22:52 56112 C:\Program Files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 2007-05-01 22:52 68400 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-10 15:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-02 13:34 1004136 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-910835649-780890685-1524608325-1000]
"EnableNotificationsRef"=dword:0000000e

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0B467C74-96CA-47CA-BD31-D644154EE19A}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{19E766DC-93D2-4FB6-BDDC-64EDE3600842}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{9D6DCDAB-B712-454E-8CCA-85A3BE9A06BA}C:\\program files\\dap\\dap.exe"= UDP:C:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
"UDP Query User{4D0F75BC-E1DF-4C31-8D5A-D7DA7570DA9D}C:\\program files\\dap\\dap.exe"= TCP:C:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
"{8F118425-F8E6-485A-960A-8940E26BAB16}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3D6EB109-CAAB-4742-ABD3-B6938EF653F4}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{5338FB7D-8177-43F7-9C57-4439AABDEEE8}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"{5366B866-6A0C-45A3-8660-D094F37EC781}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{4DBD3975-D9CE-4BCB-8002-7E0519744E00}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{FBE9749C-A132-4D64-B060-9BA4EE0B71A2}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{40653865-07AD-447F-AA72-F6B0CCCF7E59}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{5497B34C-F0BB-4381-93C5-0874F2080E68}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{BD825070-1EE7-45D1-8B81-CAA9080B6BB9}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 BEDPLYDY;BEDPLYDY;C:\Users\thierry\AppData\Local\Temp\BEDPLYDY.exe []
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 05:48]

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 01:56:43
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-24 2:05:03 - machine was rebooted [SYSTEM]
ComboFix-quarantined-files.txt 2008-03-24 01:04:59
.
2008-03-01 15:25:13 --- E O F ---
------------------------------------------------------------

Oupela il faut que j'aille me coucher .....
A demain ... et merci
0
Réponse 13 / 35
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
24 mars 2008 à 09:49
Bonjour,
il faut que tu télécharges ce qui suit ( en mode normal ):
Blacklight
ftp://ftp.f-secure.com/f-prot/tools/fsbl.exe


Enregistres le sur ton Bureau.
Double-clique fsbl.exe
Clique sur "I ACCEPT" .
clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

postes ce rapport dans ta prochaine réponse.
NE PAS choisir l'option "Rename" de suite car des fichiers légitimes peuvent être présents, tel wbemtest.exe

Puis,
télécharges (en le renomment comme expliqué précédament )et installe le logiciel HijackThis (on s'en servira plus tard)
https://www.pcastuces.com/logitheque/hijackthis.htm
tuto pour l’utiliser
regarde ici c'est parfaitement expliqué en images
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

essaie ceci
télécharge antivir (en anglais)
https://www.pcastuces.com/logitheque/antivir.htm

désactiveton antiVirus, tu le réactiveras ensuite, si tu le désires
installe antivir mets le à jour et scanne le PC en mode sans échec
( met tout ce qui trouve en quarantaine )
aide pour Antivir ici : http://www.libellules.ch/tuto_antivir.php#Mise_a_jour

J'attent tout ces résulutats avec impatience ;)
Donnes moi aussi un poit de vue de l'état de santé de ton PC entre chaques étapes ...
0
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008
24 mars 2008 à 11:38
Le scan d'avira étant en cours et relativement lourd, je te poste en attendant les autres résultats :

J'ai téléchargé fsbl et lancé le scan, dont voici le rapport :

03/24/08 10:02:59 [Info]: BlackLight Engine 1.0.67 initialized
03/24/08 10:02:59 [Info]: OS: 6.0 build 6000 ()
03/24/08 10:02:59 [Note]: 7019 4
03/24/08 10:02:59 [Note]: 7005 0
03/24/08 10:03:07 [Note]: 7006 0
03/24/08 10:03:07 [Note]: 7027 0
03/24/08 10:03:07 [Note]: 7026 0
03/24/08 10:03:07 [Note]: 7026 0
03/24/08 10:03:11 [Note]: FSRAW library version 1.7.1024
03/24/08 10:09:24 [Note]: 2000 1012
03/24/08 10:11:11 [Note]: 7007 0

j'ai également téléchargé HijackThis (en le renomant) et effectué quand meme un scan toujours en mode sans echec dont voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16, on 2008-03-24
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: RADIO_USA Toolbar - {870e3b1b-d1c6-4b91-864c-90043cf02e56} - C:\Program Files\RADIO_USA\tbRADI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: RADIO_USA Toolbar - {870e3b1b-d1c6-4b91-864c-90043cf02e56} - C:\Program Files\RADIO_USA\tbRADI.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [AntiFreeze] C:\Program Files\AntiFreeze\AntiFreeze.exe /splash
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AntiFreeze] C:\Program Files\AntiFreeze\AntiFreeze.exe /splash (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AntiFreeze] C:\Program Files\AntiFreeze\AntiFreeze.exe /splash (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A88074BD-7665-4560-ADE6-00957075D619}: NameServer = 212.27.54.252,212.27.32.177
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BEDPLYDY - Unknown owner - C:\Users\thierry\AppData\Local\Temp\BEDPLYDY.exe (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463 > thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008
24 mars 2008 à 11:44
Ok ... On verra quoi faire au final ... post moi bien le rapport antivir une fois le scan finit .
0
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008 > sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012
24 mars 2008 à 17:11
Un point de situation !

Le scan d'antivir est toujours en cours !!! cela fait plus de 6H30, et ca fait environ 3H30 qu'il est à 99,8% en analysant dans c:\documents & setting\thierry\appData ... je me demande si il ne tourne pas en rond comme précédement avec le scan réalisé avec Symantec.
Antivir aura fini par scanné plus de 4 millions de fichiers (je ne savais pas que j'en avait autant ... lol contre 225748 avec MalwareBytes) -> Cela a l'air de confirmer qu'il tournait en rond !

Bref je viens de le stopper , voici le rapport :
===========================


AntiVir PersonalEdition Classic
Report file date: 2008-03-24 10:28

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: thierry
Computer name: PC

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 2007-09-13 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 2007-09-13 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 2007-09-13 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 2007-09-17 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-03-24 10:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
21 processes with 21 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '15' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: 2008-03-24 17:04
Used time: 6:36:39 min

The scan has been canceled!

109380 Scanning directories
4138023 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
4138023 Files not concerned
41095 Archives were scanned
274 Warnings
84 Notes

==================================


Pour info, je n'avais pas réussi à effectuer la mise à jour d'antivir :
- procédure automatique par update : scheduler Not loaded
- procédure par téléchargement du fichier ivdf_fusebundle_nt_en.zip : Update of VDF kit update Failed !
Le scan qui a été effectué du rapport ci dessus est avec une "virus definition file" du 13 mars 08" et search engine du 17 mars ...

Suis toujours en mode sans echec .
J'ai quand meme entre temps effectué la procédure du tuto indiqué par Balltrap :
- Elibagla (meme en renomant mkeld.exe) fini par s'arreter de lui meme au bout de quelques secondes ...
- Combo Fix (déjà effectué ... cf rapport dans un post précédent)
- Je viens de lancer un scan via Gmer ... je poste le rapport ASAP si il ne fini pas par tourner en rond...

C'est moi qui commence à perdre la boule avec toutes ces affaires...
Un idée ???
En tout cas merci pour ce suivi !!!
0
Réponse 14 / 35
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
24 mars 2008 à 11:53
Thierry.sache , fait ce balltrap34 conseil ( Merci à toi pour le tuyau ) un foi le scan antivir terminé
0
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008
24 mars 2008 à 17:23
J'ai répondu un post plus haut concernant le compte rendu avec Antivir.
Suite scan Gmer , voici le rapport concernant l'onglet Rootkit/malware :

=============
GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-03-24 17:19:13
Windows 6.0.6000


---- User code sections - GMER 1.0.14 ----

.text C:\Users\thierry\Desktop\gmer.exe[680] kernel32.dll!CreateProcessA 76921D5C 1 Byte [ E9 ]
.text C:\Users\thierry\Desktop\gmer.exe[680] kernel32.dll!CreateProcessA + 2 76921D5E 3 Bytes [ 50, 72, FB ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1580] USER32.dll!DialogBoxIndirectParamW 76B314EA 5 Bytes JMP 72F017EF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1580] USER32.dll!MessageBoxExA 76B4570D 5 Bytes JMP 72F01736 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1580] USER32.dll!DialogBoxParamA 76B465BF 5 Bytes JMP 72F017B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1580] USER32.dll!MessageBoxIndirectW 76B4F1B3 5 Bytes JMP 72D916B6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1580] USER32.dll!DialogBoxIndirectParamA 76B729C9 5 Bytes JMP 72F0182A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1580] USER32.dll!MessageBoxIndirectA 76B7FACF 5 Bytes JMP 72F01770 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1580] USER32.dll!MessageBoxExW 76B7FBC9 5 Bytes JMP 72F016FC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dynamique/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Behaviors\Events\4.0 et ultÃ\x2026Â\xbdrieurs.htm 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@IconServiceLib IconCodecService.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DdeSendTimeout 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ShutdownWarningDialogTimeout -1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERPostMessageLimit 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ mnmsrvc
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

---- EOF - GMER 1.0.14 ----
=============================
0
Réponse 15 / 35
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
24 mars 2008 à 17:22
le scan antivir anonce plutôt de bonne chose ...
Parcontre pour ce qui est de Elibagla ...je t'avourai que je sèche un peut ...:(

quoi qu'il en soit si tu pouvais à la fin du scan poster un nouveau rapport hijack. (en mode normale si possible )

puis faire ce-ci :
télécharge GenProc de Lazzzy et Narco4 sur ton bureau
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
0
Réponse 16 / 35
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008
24 mars 2008 à 17:53
Me revoilà en mode normal,

Le temps de relancer en mode normal , antivir a reussi à me mettre à jour sa bdd de virus à aujourd'hui, et m'a alerté dans la foulé qu'il avait trouvé ceci :
* Virus or unwanted program 'TR/Agent.692224.3 [TR/Agent.692224.3]'
detected in file 'C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.
Action performed: Move file to quarantine
* Virus or unwanted program 'TR/Agent.692224.3 [TR/Agent.692224.3]'
detected in file 'C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.
Action performed: Deny access


Après un scan par Hijack voici le dernier rapport :
---------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36, on 2008-03-24
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAP\DAP.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll
R3 - URLSearchHook: RADIO_USA Toolbar - {870e3b1b-d1c6-4b91-864c-90043cf02e56} - C:\Program Files\RADIO_USA\tbRADI.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: RADIO_USA Toolbar - {870e3b1b-d1c6-4b91-864c-90043cf02e56} - C:\Program Files\RADIO_USA\tbRADI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: RADIO_USA Toolbar - {870e3b1b-d1c6-4b91-864c-90043cf02e56} - C:\Program Files\RADIO_USA\tbRADI.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CubeDesktop] C:\Program Files\CubeDesktop\_CubeDesktop.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AntiFreeze] C:\Program Files\AntiFreeze\AntiFreeze.exe /splash
O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AntiFreeze] C:\Program Files\AntiFreeze\AntiFreeze.exe /splash (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AntiFreeze] C:\Program Files\AntiFreeze\AntiFreeze.exe /splash (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitdefender.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A88074BD-7665-4560-ADE6-00957075D619}: NameServer = 212.27.54.252,212.27.32.177
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BEDPLYDY - Unknown owner - C:\Users\thierry\AppData\Local\Temp\BEDPLYDY.exe (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
0
Réponse 17 / 35
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
24 mars 2008 à 18:13
Je vois des traces de Norton , on va dans un 1er temp nettoyer cela ...
( peut-être des conflits à ce niveau là )

tu télécharges Norton removal tool sur ton bureau :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

Tu doubles click dessus et te laisses guider : il faut bien le désinstaler ( fait la manipe 2 fois si possible ).

puis maintenant que AntiVir a réussit a se mettre à jour correctement et qu'il t'as nett. quelques saltés ,
je tanterais bien a nouveau Elibagla avec la methode de Balltrap34 ( supprime celui que tu a actuellement et refait la
manipe ... on va bien finir par y arriver !!! )
0
Réponse 18 / 35
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008
24 mars 2008 à 18:39
Je viens de desinstaller Norton deux fois de suite.
En ai profiter suite redémarrage pour supprimer les dossiers/fichiers Genproc.
Suite redemarrage, antivir a encore réagi :
//===========================================
Virus or unwanted program 'TRAgent.692224.3 [TRAgent.692224.3]'
detected in file 'CProgram FilesRainlendar2Rainlendar2.exe.
Action performed Move file to quarantine
//===========================================

Effacement de Elibagla, vidage corbeille
Retéléchargement, avec renomage mdelk.exe
Scan ... plantage idem ...
0
Réponse 19 / 35
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
24 mars 2008 à 19:14
petite question : est-ce que tu executes Elibagla entant qu'administrateur ? Sinon essayes (click droit sur le prg et "exécuter entant qu'administrateur ) ... c'est juste pour voire ...
0
Réponse 20 / 35
thierry.sache Messages postés 28 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 29 avril 2008
24 mars 2008 à 19:20
Oui je te confirme, j'execute bien Elibagla avec click droit "en tant qu'administrateur".
0

Discussions similaires

"Aucune application permettant d'ouvrir cette URL"
sidojaice -
JIP -

24 réponses
Problème de connexion ou code ihm non valide
Marcus567 -
Hassen -

14 réponses
Problème de connexion ou code IHM non valide
Bomane -
Bylkuss -

6 réponses
Pourquoi est-ce que mon adresse email est invalide ?
nanou1967 -
Driss -

5 réponses